Unable to Protect Management Console for Virtual Appliance

book

Article ID: 144499

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

Initially with the deployment of the virtual appliance, we were prompted to login to the management console for IM.  We used the admin credential with the password setup on the command line.  Now we don't get prompted and when we go to the management console.  It login to IDM directly. 

Cause

This is due to customer disable the authentication of IDM management console 

Environment

Release : 14.3

Component : IdentityMinder(Identity Manager)

Resolution

DROP TABLE IM_AUTH_USER CASCADE CONSTRAINTS;

Used this to create the IM user table:
CREATE TABLE IM_AUTH_USER (
    USER_NAME VARCHAR2(32) NOT NULL, 
    PASSWORD VARCHAR2(32) NOT NULL,
    DISABLED VARCHAR2(32),
    ID INTEGER
    );

Used this to populate the table:

INSERT INTO IM_AUTH_USER (USER_NAME, PASSWORD, DISABLED, ID)
VALUES ('Admin', 'password value', 0, 0);

The password value is obtained by following below:

Found this link on changing the passwords and see that there is a difference when using fips
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-3/virtual-appliance/Change-the-Password-of-Identity-Suite-Components.html#concept.dita_6599601b-9f72-4020-924e-461f4ce8109c_IMAdminCredentials

The password needs to lead with AES so IM knows how to decrypt it.

Ran DisableIdmMgmtConsoleSecurity

Ran restart_im

Copied the password from the exported user directory and updated the database with the AES encrypted password 

EnableIdmMgmtConsoleSecurity

restart_im

The customer is now able to protect management console