Error: Password Policies are not supported
Article ID: 113226
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
Issue/Introduction
After enabling Siteminder/SSO integration, Identity Manager is restarted and the system log shows this error:
ERROR [ims.default] (default task-42) Password Policies are not supported. No %PASSWORD_DATA% attribute has been configured.
This is also reflected in the Password Policy Management UI but with additional instruction, stating a need for configuration in the “SiteMinder user directory”
Error: Password Policies are not supported. A Password Data attribute must be configured on the SiteMinder user directory to support password policies.
ERROR [ims.default] (default task-42) Password Policies are not supported. No %PASSWORD_DATA% attribute has been configured.
This is also reflected in the Password Policy Management UI but with additional instruction, stating a need for configuration in the “SiteMinder user directory”
Error: Password Policies are not supported. A Password Data attribute must be configured on the SiteMinder user directory to support password policies.
Environment
Release:
Component: IDSVA
Component: IDSVA
Cause
Identity Manager and Siteminder objects are not synchronized.
The problem exists at the XPS data layer in SiteMinder (SSO).
This usually occurs when the directory.xml is imported before the SSO-IM integration is completed.
The problem exists at the XPS data layer in SiteMinder (SSO).
This usually occurs when the directory.xml is imported before the SSO-IM integration is completed.
Resolution
Synchronize the user directory objects between Identity Manager and SSO\SiteMinder by clearing out the Identity Manager Environment (IME) and directory, and then recreate them:
>Make sure you have a backup of the user directory.xml and Environment.zip with its xml files.
>Delete the directory and environment via the IM management console.
>In the SM WAMUI verify all IM environment and directory objects are deleted. Delete any IME or directory objects that still exist. You can delete those that are marked "Created by IDM---Do not delete."
>Use XPSXplorer to remove any remaining XPS objects related to the target environment and directory.
>Make sure all SM-IM integration steps have been completed.
>In IDM management console, Create the directory using the desired directory.xml.
>In IDM management console create the environment using the environment.zip.
>Make sure you have a backup of the user directory.xml and Environment.zip with its xml files.
>Delete the directory and environment via the IM management console.
>In the SM WAMUI verify all IM environment and directory objects are deleted. Delete any IME or directory objects that still exist. You can delete those that are marked "Created by IDM---Do not delete."
>Use XPSXplorer to remove any remaining XPS objects related to the target environment and directory.
>Make sure all SM-IM integration steps have been completed.
>In IDM management console, Create the directory using the desired directory.xml.
>In IDM management console create the environment using the environment.zip.
Feedback
Yes
No
Powered by
