When configuring a second Reverse Proxy Web Agent to protect an AdminUI, the browser still gets back to the first Reverse Proxy Web Agent URL.
How can we change the Reverse Proxy Web Agent without having to re-register the AdminUI with the new Reverse Proxy Web Agent?
AdminUI 12.8SP2 on RedHat 7;
Web Agent 12.52SP1CR11 on Apache 2.4 on RedHat 7;
The Web Agent Reverse Proxy URL is written in binaries data for the AdminUI in one of the .dat files here:
{home_adminui}/adminui/standalone/data/derby/siteminder/objectstore/seg0
As per documentation, only 1 AdminUI can be protected by 1 Web Agent (1).
There's a custom workaround to modify the Base URL value from the AdminUI Derby database. This allows changing the Base URL to another DNS name. Note that it won't allow using both DNS names (old and new) simultaneously for the same AdminUI.
Take a backup of the entire repository:
/opt/CA/siteminder/adminui/standalone/data
- Stop the AdminUI;
- Download db-derby-10.14.2.0-bin.tar.gz from https://db.apache.org/derby/releases/release-10_14_2_0.cgi
[[email protected] ~]# cd /opt/db-derby-10.14.2.0-bin/bin
[[email protected] bin]# export JAVA_HOME=/opt/jdk
[[email protected] bin]# ./ij
ij version 10.14
ij> connect 'jdbc:derby:/opt/CA/siteminder/adminui/standalone/data/derby/siteminder/objectstore';
ij> select attribute_value from IM_ENVIRONMENT_JDBC_LD where attribute_name = 'baseurl';
ATTRIBUTE_VALUE
--------------------------------------------------------------------------------------------------------------------------------
https://myfirstadminui.training.com/iam/siteminder
1 row selected
ij> update IM_ENVIRONMENT_JDBC_LD set attribute_value = 'https://mysecondadminui.training.com/iam/siteminder' where attribute_name = 'baseurl';
1 row inserted/updated/deleted
ij> select attribute_value from IM_ENVIRONMENT_JDBC_LD where attribute_name = 'baseurl';
ATTRIBUTE_VALUE
--------------------------------------------------------------------------------------------------------------------------------
https://mysecondadminui.training.com/iam/siteminder
1 row selected
ij> commit;
ij> disconnect;
ij> exit;
- Start the AdminUI;
Then, the browser should be able to log in and be redirected to the AdminUI with the New URL Reverse Proxy Web Agent only.
(1)
Configure an Apache Reverse Proxy Server to Proxy Requests to the UI
If you have more than one Administrative UI to protect, protect
each instance with a separate reverse proxy server.