SiteMinder Password policy integration broken after Upgrade to 14.4 vapp
Article ID: 236056
Updated On:
Products
Issue/Introduction
After upgrading from vAPP 14.2 CP5 to 14.4, password policies for IM users are being ignored. Any newly created pwd polices created in IM's no longer get pushed to the SSO Policy server. Somehow the 14.4 upgrade partially broke the SSO integration as far as pwd policies are concerned. Authentication/Authorization integration still works.
Environment
Release : 14.4
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
Cause
There was a missing SMOID in IM_ENVIRONMENT_JDBC_LD table.
Resolution
Resolved by adding missing SMOID.
Note, you will first need to find the correct SMOID either from SSO (examining the LDIF export) or from examining other IM Object Store tables.
Once you have the smoid, run this sql:
update IM_ENVIRONMENT_JDBC_LD set ATTRIBUTE_VALUE='03-000645d5-898f-1d82-ab45-7fc60a825a5a' where UNIQUE_NAME=262152 and ATTRIBUTE_NAME='accessdomain'
After running the above update SiteMinder password policies in IDM became visible.
Here is an example:
Below are the queries to be run to resolve the issue.
IM tables need to be updated with correct SMOID and accessdomain values. Following queries are expected to fix this discrepancy:
update IM_ENVIRONMENT_JDBC set SMOID = '35-3f7d5100-e10b-4fbe-bc56-399cc18b2e5d' where FRIENDLYNAME = 'mytestenv';
update IM_ENVIRONMENT_JDBC_LD set ATTRIBUTE_VALUE = '03-4bfccb5a-6f73-4b4f-b1e5-81ba849e4bdb' where ATTRIBUTE_NAME = 'accessdomain';
Query 1 will ensure the correct SMOID is used in the IM_ENVIRONMENT_JDBC table, while query 2 will ensure that the correct accessdomain is used in the IM_ENVIRONMENT_JDBC_LD table. These values were taken from the imsenvironment6 and smdomain5 tables, and output of Policy Store to a spreadsheet like IMObjandSMPolStoreQuery.xlsx, for example.
Feedback
