How to change the account name used to connect to the database in a Virtual Appliance using JBoss-CLI
search cancel

How to change the account name used to connect to the database in a Virtual Appliance using JBoss-CLI


Article ID: 235313


Updated On:


CA Identity Manager CA Identity Suite


You can change the Account name used to connect to the database from the Virtual Appliance dashboard, menu Setup, but sometimes, it's not possible to change it from there, usually when the jdbc url was already changed by JBoss-CLI.

In this case you need to use the JBoss-CLI to change it too.


Virtual Appliance 14.x


Below are the steps to change the account name to a specific datasource:

If you do not have the user configured to connect to JBoss-CLI, please see the steps in the "How to add a user to JBoss-CLI" section, if you already have the user, proceed with the steps below:


- From vApp, go to the "/opt/CA/wildfly-idm/bin" folder and run the "./" command to open JBoss CLI
- Type connect and enter the user and password

This is the command you need to run to change the userName and/or password:

Below how to get the <NEW-VALUE>

cd /subsystem=security/security-domain=iam_im-imobjectstoredb/authentication=classic/

The output will be something like that

login-modules=[{"code" => "com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin","flag" => "required","module" => "","module-options" => {"userName" => "IDM","password" => "{PBES}:<encryptedstring>","managedConnectionFactoryName" => "jboss.jca:name=iam/im/jdbc/auditDbDataSource,service=LocalTxCM"}}]

Copy the value after "=" signal:
[{"code" => "com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin","flag" => "required","module" => "","module-options" => {"userName" => "IDM","password" => "{PBES}:<encryptedstring>","managedConnectionFactoryName" => "jboss.jca:name=iam/im/jdbc/auditDbDataSource,service=LocalTxCM"}}]


Edit the value above in your editor, after changing the value(s) above, the userName and/or password, replace the string <NEW-VALUE> in the command with the new value you edit in your editor.

Also, you need to replace the string <SECURITY-DOMAIN> from the command with the following possible values:

So, your command will see like below in case you want to change the Security-Domain=iam_im-imobjectstoredb

/subsystem=security/security-domain=iam_im-imobjectstoredb/authentication=classic/:write-attribute(name=login-modules,value=[{"code" => "com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin","flag" => "required","module" => "","module-options" => {"userName" => "IDM14","password" => "{PBES}:<encryptedstring>","managedConnectionFactoryName" => "jboss.jca:name=iam/im/jdbc/auditDbDataSource,service=LocalTxCM"}}])


In the sample above, it was changed the "userName" from "IDM" to "IDM14"
After running the command above, run the "reload" command to force reload the configuration.

Note: You need to run one command at a time for each SECURITY-DOMAIN


How to add a user to JBoss-CLI

Note: the user "imuser" below is just an example, you can use any name for the user

config@imuser-vapp-143 VAPP-14.3.0 ( > sudo /opt/CA/wildfly-idm/bin/

What type of user do you wish to add?
 a) Management User (
 b) Application User (
(a): a

Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username: imuser
Password recommendations are listed below. To modify these restrictions edit the configuration file.
 - The password should not be one of the following restricted values {root, admin, administrator}
 - The password should contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
 - The password should be different from the username
Password :
JBAS015266: Password must have at least 1 digit.
Are you sure you want to use the password entered yes/no? yes
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma-separated list, or leave blank for none)[  ]:
About to add user 'imuser' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'imuser' to file '/opt/CA/wildfly-idm/standalone/configuration/'
Added user 'imuser' to file '/opt/CA/wildfly-idm/domain/configuration/'
Added user 'imuser' with groups  to file '/opt/CA/wildfly-idm/standalone/configuration/'
Added user 'imuser' with groups  to file '/opt/CA/wildfly-idm/domain/configuration/'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? no

Now you have the user associated with the Management Realm.

Additional Information

How to change the string connection for Identity Manager to the Database for Recovery Plan Test?