IDM/SM Integration Issue - Password policy is not getting updated in SSO - Integration cannot be proceeded because an environment named "identityEnv" exists in SSO server.
Article ID: 251397
Updated On:
Products
Issue/Introduction
After applying the Hotfix 2 to IDM 14.4.1, we are seeing behavior where SSO is not updating when making changes in IDM.
For example, if we create a new password policy it is not getting updated in SSO. However authentication into the application is working as expected.
Environment
Release : Identity Manager 14.4.1 CP2
Siteminder 12.8 SP6a
Cause
SSO Policy Server already have an Environment with the name IdentityEnv and specific OID number.
As you created on the new IDM installed server an Environment with the same name IdentityEnv and tried to sync it with the Policy Server, policy Server rejected the API call from IDM and reported that an Object with the same property name IdentityEnv already exist. This causes the failure.
You will need to clean up manually the previously created objects in Siteminder with property name IdentityEnv in order for the new IDP environment to be able to sync properly the newly created objects with Siteminder.
Resolution
- New IDM Installation created
- Existing Siteminder Environment 12.8 SP6a
- IDM Adminui keeps reporting an Error that the IdentityEnv exists when syncing with the Siteminder policy Server
#### Steps to resolve ####
Below are the Objects that needed to be deleted
* IMS Environment --> deleted from XPSExplorer
* IMS Domain --> deleted from Siteminder XPSExplorer (or you can delete from adminui)
* IMS Auth Schemes --> deleted from Siteminder XPSExplorer (or you can delete from adminui)
Once deleted, dump the Siteminder Policy Store using XPSExport full_dump.xml -xb and make sure no more properties with name IdentityEnv exists in the store .
Restart the IDM server and access the IDM UI. Confirm you are able to create the IDM objects and sync it to the policy Server.
Feedback
