search cancel

MY VIP (new SSP IDP Portal) cannot be enabled. Error "There is no change to update"

book

Article ID: 174832

calendar_today

Updated On:

Products

VIP Enterprise Gateway

Issue/Introduction

If the VIP Enterprise Gateway on RHEL is upgraded to 9.8.4 from a previous version prior to configuring the SSP IDP settings, the Enterprise Gateway console may now allow enabling the MY VIP option (Enterprise Gateway > EG > Console > Identity Providers > SSP Idp > Enable SSP > Enable My VIP). Saving changes results with the message There is no change to update.

Cause

Enabling the My VIP IDP portal requires the following attributes to be written to VIP Self-Service Portal configuration file:

samlidp.enhancedSSP.enabled = Yes
samlidp.myvip.post.url = https://login.vip.symantec.com/viplogin/saml2/post/idp2fa

samlidp.myvip.relay.url = https://my.vip.symantec.com/api/authenticate-saml
samlidp.myvip.loa.url = https://login.vip.symantec.com

This condition occurs when the pointer to the configuration files aren't updated properly, and these new attributes cannot be written, and MY VIP cannot be enabled. 

Environment

RHEL, all versions.

VIP Enterprise Gateway 9.8.4

Resolution

  • Stop the Self Service Portal: EG Console > Identity Providers > Self Service Portal IdP
  • Edit the SSP configuration file located at: EG_Install/IDP/services/SSP/conf/ssp.conf 
  • Add the following entries immediately before the last line  # End VIPEGSSP section

    samlidp.enhancedSSP.enabled = Yes
    samlidp.myvip.post.url = https://login.vip.symantec.com/viplogin/saml2/post/idp2fa
    samlidp.myvip.relay.url = https://my.vip.symantec.com/api/authenticate-saml
    samlidp.myvip.loa.url = https://login.vip.symantec.com

     
  • Save the changes.
  • Enable My VIP: EG Console > Identity Providers > Self Service Portal IdP > Edit > Enable My VIP 
  • Start Self Service Portal: EG Console > Identity Providers > Self Service Portal IdP