Unable to register AdminUI (WAMUI) with Policy Server
search cancel

Unable to register AdminUI (WAMUI) with Policy Server

book

Article ID: 205980

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 


Trying to register the AdminUI with the Policy Server and the AdminUI returns the following error in the browser:

  "An unknown error occurred during deployment"

 

Environment

 

  Policy Server 12.8SP3 on RedHat 7;
  AdminUI 12.8SP3 on RedHat 7;

 

Cause

 
Exporting the Policy Store data by running the XPSExport command as:
 
  XPSExport pstore.xml -xb -npass
 
In the pstore.xml the data related to permission to the SM-ADMIN-DIRECTORY administrator as follow:
 
The SM-ADMIN-DIRECTORY administrator has no right (Grant):
 
        <Administrator>
            <UserPath>SM-ADMIN-DIRECTORY</UserPath>
            <Name>SiteMinder Administrative UI Directory User</Name>
            <Description>Used by the UI for authenticating administrators</Description>
            <MethodsAllowed>4</MethodsAllowed>
            <Workspaces />
        </Administrator>
 
Usually, this administrator should have the following rights (Grant):
 
        <Administrator>
            <UserPath>SM-ADMIN-DIRECTORY</UserPath>
            <Name>SiteMinder Administrative UI Directory User</Name>
            <Description>Used by the UI for authenticating administrators</Description>
            <MethodsAllowed>4</MethodsAllowed>
            <Workspaces />
            <Grant>
                <SecurityCategory>!Admin Administration</SecurityCategory>
                <Rights>2097152</Rights>
            </Grant>
        </Administrator>
 

Resolution


- Stop the AdminUI;
- On the Policy Server, run the command XPSSecurity:
  
  A
  look for :

   3 - SiteMinder Administrative UI Directory User
   SM-ADMIN-DIRECTORY
   Used by the UI for authenticating administrators

  3
  R
  G

   look for :
   
     9-CA.XPS::SecurityCategory@!Admin Administration
              (I) Name  : "Admin Administration"
       (C) Description  : "Administration of administrators, both
                          regular and API"
  9 
  Q

  Grant succeeded.

  ADMINISTRATOR RIGHTS MENU*****************************************#904957310

   1 - MV    - Admin Administration

  Q
  U
  Q
  Q
  P
  Q
  
- Ensure you have run XPSRegClient command less than an hour ago;
- Start the AdminUI and you should be able to register the AdminUI;

 

Powered by Wolken Software