search cancel

Administrator is disabled error - Other SiteMinder Administrators are unable to logon when siteminder user is disabled

book

Article ID: 237738

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

When the default "siteminder" administrator account is disabled, other administrator accounts are not able to logon to AdminUI.

 

For example, there are "siteminder" and "admin" account which are both super users.

When "SiteMinder" account is set to disabled, "admin" account or any other administrators are not able to logon to AdminUI.

 

Workaround was to use XPSSecurity to remove the "DISABLED" flag from the default siteminder account, and restart the adminui service before we able able to login with the admin account again.


Following error is displayed in the smps.log when "SiteMinder" is disabled and when other admins try to login.

"System Error: Administrator is disabled."

 

Cause

AdminUI uses Policy Store as a "Admin User Store".
And the account used for accessing this "Admin User Store" is the "SiteMinder" account.
So if the "SiteMinder" account is disabled, AdminUI is no longer able to access the Admin Accounts in the user store.

 

Environment

Release : 12.8.06/12.8.06a

Component : SITEMINDER WAM UI

Resolution

Temporary hotfix is available to address this issue on R12.8.06 and R12.8.06a.
The steps to apply:
1. Turn off the web admin service
2. in  siteminder\adminui\standalone\deployments\iam_siteminder.ear\user_console.war\WEB-INF\lib replace webadmin.jar with the new  webadmin.jar (after renaming the original one, just in case,  for backup)
3. Restart the service

This is planned to be included in the R12.8 SP7.

Additional Information

For R12.8.06  #DE524754
For R12.8.06a #DE534250

Attachments

webadmin_12806a_jar_1652308118472.zip get_app
webadmin_12806_1652069602391.zip get_app