Identity Manager doesn't start with "Cannot connect to policy server: Invalid credentials" error

Document ID : KB000026610
Last Modified Date : 14/02/2018
Show Technical Document Details


We can no longer start up Identity Manager. We see the following error in the server.log but no corresponding error in the smps.log.

WARN [ims.default] * Startup Step 4 : Attempting to start PolicyServerService
DEBUG [ims] Unable to connect to the policy server: Invalid credentials
WARN [org.jboss.resource.connectionmanager.JBossManagedConnectionPool] Throwable while attempting to get a new connection:
javax.resource.spi.EISSystemException: Cannot connect to policy server: Invalid credentials
at com.netegrity.ra.policyserver.impl.PSManagedConnectionFactory.createManagedConnection(
at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.createConnectionEventListener(
at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.getConnection(
at org.jboss.resource.connectionmanager.JBossManagedConnectionPool$BasePool.getConnection(


Identity Manager 12.5 SPx / 12.6 SPx integrated with SiteMinder


The determined cause for the "invalid credentials error" is a password mismatch.
The Siteminder administrator's password was changed in Siteminder.
This implied that the existing password in the IM config file "ra.xml" no longer matched the newly set password for the siteminder administrator.


To address this please follow the steps below:

1. Reset the password for the Siteminder administrator to a known value by using "SiteMinder Administration console -> Administrators tab".

2. Use the IM password tool located "<Identity Manager Administrative Tools>/PasswordTool/pwdtools.bat" to create a new encrypted password to match the new Siteminder password.

3. Copy and paste the encrypted password into the file "&ltIdentityMinder.ear>\policyserver_rar\META-INF\ra.xml" For example:


4. Restart Identity Manager and Siteminder (Make sure Siteminder has fully started before starting Identity Manager)