Reset the CA Siteminder r12.51 Admin UI Manually

Document ID : KB000032479
Last Modified Date : 14/02/2018
Show Technical Document Details

Summary

On occasion it may be necessary to manually ‘Reset’ or reconfigure the CA Siteminder Admin UI.  This can be the case when you’ve overwritten an existing Policy Store to which the Policy Server which the WAMUI is configured to connect to has been overwritten by the import of a policy store from another environment.   This may also be necessary when pointing an existing WAMUI at a new environment.  This can frequently be presented as a problem connecting to the Policy Server with the WAMUI where previously it had worked without any problems.

Frequently previous attempts to re-run XPSRegClient and even smreg –su to reset the Siteminder password have not resolved connection issues with the WAMUI.

This document goes through the detailed steps on how to rest an existing WAMUI. However it primarily focuses on the steps when the WAMUI is implemented on the default embedded JBoss application server.

 

Solution

I.      Stop the Application Server Hosting the WAMUI

You will need to stop the application server which is hosting the WAMUI.  The default application server embedded with the CA Siteminder WAMUI is JBoss, however the r12.51 WAMUI is also supported on IBM WebSphere, Oracle WebLogic, and Red Hat JBoss.

ØStop the embedded Jboss Application Server

o   MS Windows:

1.       Open the Services Manager

a.        Start -> Run -> Services.msc

OR

b.       Launch Server Manager and browse to Configuration -> Services.

OR

c.        Start –Control Panel -> Administrative Tools -> Services

2.       Stop the “SiteMinder Administrative UI” service

NOTE: Alternative you could simply run one of the following commands from a command prompt:

sc stop SMADMINUI

net stop SMADMINUI

o   UNIX:

1.       Logon to the host running the WAMUI

2.       Navigate to:

<WAMUI Home>/CA/siteminder/adminui/bin/administrative_ui_install

3.       Run the following command:

shutdown.sh

ØStop 3rd Party Application Servers

o   IBM WebSphere: See OEM documentation

o   Oracle WebLogic: See OEM documentation

o   Red Hat JBoss: See OEM documentation

 

II.   Delete the WAMUI Configuration from the Embedded JBoss Application Server

1.       Logon to the WAMUI host

2.       Navigate the file system to the following directory:

<WAMUI Home>\CA\SiteMinder\adminui\server\default

3.       Delete the entire  data” directory

 

III.Delete the WAMUI objects from the Policy Store

Delete the SMWAMUI Administrator Account

1.       Open the command prompt / shell on the Policy Server

2.       Navigate the file system  to the <PS Install Dir>/bin

3.       Launch "XPSExplorer"

Run: xpsexplorer

4.       Type ‘77’ for Administrators, then hit ENTER

Example:  77–     Admin*”

5.        Type  'S' for Search Objects, then hit ENTER

Example:  S – Search Objects

6.       Locate the Admin object with the name "SMWAMUI:<WAMUI FQDN>".  It will look something like this:

2-CA.SM::Admin@12-6d192e45-57e4-4870-be9d-c5f8d31d596a

(I)                 Name  :"SMWAMUI:lavst01-vm81425.smadfaa.com__0"

7.       Confirm the Object ID for the Admin Object with the name "SMWAMUI:siteminder".

NOTE: (The object id prefaces “CA.SM::Admin@”.  In the example above, the object id is “2”)

8.       Type the object id number which corresponds to the name  "SMWAMUI:siteminder", (“2”), and  then hit ENTER

9.       Type ‘D’ to delete the selected object id, and then hit ENTER.

10.   Type 'Q' to go back,  and then 'Q' again,  and then 'Q' again (until you get the big list where it says 'MAIN MENU').

Delete the WAMUI Trusted Host Object

1.       Type  134’ for  Trusted Hosts, and then hit ENTER

Example: “134 – TrustedHost*”

2.       Type  'S' for Search Objects, then hit ENTER

3.       Locate the Trusted Host Object with the Desc:  "Generated by the XPSRegClient"

Example:    

1-CA.SM::TrustedHost@24-xpsagent-fwrk-4c6b-8b93-54eX51A950BE

 (I) Name  :"lavst01-vm81425.smadfaa.com__0"

(C) Desc  :"Generated by XPSRegClient"

4.       Confirm the Object ID for the Trusted Host Object with the name Desc that corresponds to the WAMUI host  (The object id prefaces “CA.SM::TrustedHost@24-xpsagent-fwrk~”.  In the example above, the object id is “1”)

5.       Type the object id number which corresponds to (“1” in the example above)

Name : = <FQDN of WAMUI host

Desc:    =  "Generated by XPSRegClient"

6.       Hit ENTER

7.       Type ‘D’ to delete the selected object id,  and then hit ENTER.

8.       Type 'Q' to go back,  and then 'Q' again,  and then 'Q' again (until you get the big list where it says 'MAIN MENU')

9.       Choose 'Q' again to exit XPSExplorer

Delete the 'SiteMinder Administrative UI Directory User’

1.       Open the command prompt / shell on the Policy Server

2.       Copy XPSSecurity from the CA Siteminder Policy Server installation binaries to the <Siteminder Install Dir>/bin directory.

NOTE: XPSSecurity is found in the installation binaries along with “smreg” and is not copied to the \bin directory during installation.

3.       Navigate the file system  to the <PS Install Dir>/bin

4.       Launch "XPSSecurity"

5.       Type “A” for ‘Administrators’

6.       Locate the Siteminder Administrative UI Directory User

Example:

3      - SiteMinder Administrative UI Directory User

SM-ADMIN-DIRECTORY

Used by the UI for authenticating administrators

7.       Locate the SMWAMUI

Example:

4 - SMWAMUI:sm1251-01__0 [Legacy]

SM://fd6b1b67-bc12-46ff-bb11-9b4a6adfc355/SMWAMUI:sm1251-01__0

8.       Confirm the object ID for the Siteminder Administrative UI Directory User

9.       Enter the object ID (“3” in the example above) and then hit ENTER.

10.   Type ‘D’ to delete the selected object id,  and then hit ENTER.

11.   Confirm the object ID for the SMWAMUI

12.   Enter the object ID (“4” in the example above) and then hit ENTER.

13.   Type ‘D’ to delete the selected object id,  and then hit ENTER

14.   Type “Q” and then ENTER until you are back at the XPSSecurity MAIN MENU.

15.   Type “P” and then enter to Synchronize with the Policy Server.

16.   Type “Q” and then enter until you have exited XPSSecurity.

 

IV.  Synchronize the data in the XPS Extensions with the Policy Store

Run XPSSweeper

1.       Open the command prompt / shell on the Policy Server

2.       Navigate the file system  to the <PS Install Dir>/bin

3.       Run:  xpsexplorer

 

V.   Rest the Siteminder password

1.       Open the command prompt / shell on the Policy Server

2.       Copy “smreg”  from the CA Siteminder Policy Server installation binaries to the <Siteminder Install Dir>/bin directory.

NOTE: smreg is found in the installation binaries along with “XPSSecurity” and is notcopied to the \bin directory during installation.

3.       Navigate the file system  to the <PS Install Dir>/bin

4.       Run the following command:

smreg –su <password>

NOTE: Use the same password that you have using for the Siteminder account in this environment

 

VI.Prepare the Policy Server for a WAMUI Registration

You run the Administrative UI registration tool to create a client name and passphrase. A client name and passphrase pairing are values that the Policy Server uses to identify the Administrative UI you are registering. You submit the client and passphrase values from the Administrative UI to complete the registration process.

Run XPSRegClient

1.       Open a command prompt from the Policy Server host system.

2.       Run the following command:

XPSRegClient client_name[:passphrase] -adminui -t timeout -r retries -c comment -cp -l log_path -e error_path -vT -vI -vW -vE –vF

Note: Inserting a space between client_name and [:passphrase] results in an error.

 

VII.                     Start the Application Server Hosting the WAMUI

ØStart the embedded Jboss Application Server

o   MS Windows:

1.       Open the Services Manager

a.       Start -> Run -> Services.msc

OR

b.      Launch Server Manager and browse to Configuration -> Services.

OR

c.       Start –Control Panel -> Administrative Tools -> Services

2.       Start the “SiteMinder Administrative UI” service

NOTE: Alternative you could simply run one of the following commands from a command prompt:

sc start SMADMINUI

net start SMADMINUI

o   UNIX:

1.       Logon to the host running the WAMUI

2.       Navigate to:

 <WAMUI Home>/CA/siteminder/adminui/bin/administrative_ui_install

3.       Run the following command:

startup.sh

Now try to Launch the WAMUI and Login again.