How to change the account name used to connect to the database in a Virtual Appliance using JBoss-CLI
search cancel

How to change the account name used to connect to the database in a Virtual Appliance using JBoss-CLI

book

Article ID: 235313

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Suite

Issue/Introduction

You can change the Account name used to connect to the database from the Virtual Appliance dashboard, menu Setup, but sometimes, it's not possible to change it from there, usually when the jdbc url was already changed by JBoss-CLI.

In this case you need to use the JBoss-CLI to change it too.

Environment

Virtual Appliance 14.3 and 14.4

For Virtual Appliance 14.5, see the note at the resolution's end.

Resolution

For Virtual Appliance 14.5

You can change the Username and password directly in the Virtual Appliance dashboard.

From Setup > Click Edit option from External Database and set the credentials for each database/schema.

 

 

For Virtual Appliance 14.3 and 14.4:

Below are the steps to change the account name to a specific data source:

If you do not have the user configured to connect to JBoss-CLI, please see the steps in the "How to add a user to JBoss-CLI" section, if you already have the user, proceed with the steps below:

 

- From vApp, go to the "/opt/CA/wildfly-idm/bin" folder and run the "./jboss-cli.sh" command to open JBoss CLI
- Type connect and enter the user and password

This is the command you need to run to change the userName and/or password:
/subsystem=security/security-domain=<SECURITY-DOMAIN>/authentication=classic/:write-attribute(name=login-modules,value=<NEW-VALUE>)

 
Below how to get the <NEW-VALUE>

cd /subsystem=security/security-domain=iam_im-imobjectstoredb/authentication=classic/
ls

The output will be something like that

login-modules=[{"code" => "com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin","flag" => "required","module" => "com.ca.iam.idmutils","module-options" => {"userName" => "IDM","password" => "{PBES}:<encryptedstring>","managedConnectionFactoryName" => "jboss.jca:name=iam/im/jdbc/auditDbDataSource,service=LocalTxCM"}}]


Copy the value after "=" signal:
[{"code" => "com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin","flag" => "required","module" => "com.ca.iam.idmutils","module-options" => {"userName" => "IDM","password" => "{PBES}:<encryptedstring>","managedConnectionFactoryName" => "jboss.jca:name=iam/im/jdbc/auditDbDataSource,service=LocalTxCM"}}]

 

Edit the value above in your editor, after changing the value(s) above, the userName and/or password, replace the string <NEW-VALUE> in the command with the new value you edit in your editor.

Also, you need to replace the string <SECURITY-DOMAIN> from the command with the following possible values:
iam_im-imobjectstoredb
iam_im-imtaskpersistencedb
iam_im-imarchivedb
iam_im-imauditdb
iam_im-imreportsnapshotdb
iam_im-imworkflowdb

 
So, your command will see like below in case you want to change the Security-Domain=iam_im-imobjectstoredb
 

/subsystem=security/security-domain=iam_im-imobjectstoredb/authentication=classic/:write-attribute(name=login-modules,value=[{"code" => "com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin","flag" => "required","module" => "com.ca.iam.idmutils","module-options" => {"userName" => "IDM14","password" => "{PBES}:<encryptedstring>","managedConnectionFactoryName" => "jboss.jca:name=iam/im/jdbc/auditDbDataSource,service=LocalTxCM"}}])

 

In the sample above, it was changed the "userName" from "IDM" to "IDM14"
After running the command above, run the "reload" command to force reload the configuration.

Note: You need to run one command at a time for each SECURITY-DOMAIN

 

How to add a user to JBoss-CLI

Note: the user "imuser" below is just an example, you can use any name for the user

config@imuser-vapp-143 VAPP-14.3.0 (10.10.10.1):/opt/CA/wildfly-idm/bin > sudo /opt/CA/wildfly-idm/bin/add-user.sh

What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): a

Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username: imuser
Password recommendations are listed below. To modify these restrictions edit the add-user.properties configuration file.
 - The password should not be one of the following restricted values {root, admin, administrator}
 - The password should contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
 - The password should be different from the username
Password :
JBAS015266: Password must have at least 1 digit.
Are you sure you want to use the password entered yes/no? yes
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma-separated list, or leave blank for none)[  ]:
About to add user 'imuser' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'imuser' to file '/opt/CA/wildfly-idm/standalone/configuration/mgmt-users.properties'
Added user 'imuser' to file '/opt/CA/wildfly-idm/domain/configuration/mgmt-users.properties'
Added user 'imuser' with groups  to file '/opt/CA/wildfly-idm/standalone/configuration/mgmt-groups.properties'
Added user 'imuser' with groups  to file '/opt/CA/wildfly-idm/domain/configuration/mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? no

Now you have the user associated with the Management Realm.

Additional Information

How to change the string connection for Identity Manager to the Database for Recovery Plan Test?

https://knowledge.broadcom.com/external/article?articleId=227015