Resetting VMware Identity Manager Default Configuration Admin password
search cancel

Resetting VMware Identity Manager Default Configuration Admin password

book

Article ID: 322712

calendar_today

Updated On:

Products

VMware

Issue/Introduction

This article includes different alternatives to update the Default Configuration Admin password.

  1. Using an Email server.
  2. Via Rest API from Command Line Interface (CLI) and curl
  3. Via Rest API using Postman


Symptoms:

The VMware Identity Manager local user, Default Configuration Admin, is locked due to an incorrect password or it is required to change the password.

Day 2 actions (upgrades, inventory sync, etc) VMware Aria Suite Lifecycle fails with the error LCMVIDM70000


Environment

VMware Identity Manager 3.3.x
VMware Identity Manager 2.x

Cause

  • The user has forgotten the password or it is locked.
  • The Default Configuration Admin account is created by VMware Aria Suite Lifecycle (vRealize Suite Lifecycle Manager) with the Roles of Readonly Admin and Super Admin role, because of this the password reset is not possible from Horizon.

image.png

Resolution

Prerequisite

  • Validate the Default Configuration Admin username in the globalenvironment in VMware Aria Suite Lifecycle 8.x (vRealize Suite Lifecycle Manager)image.png

Procedures

This article includes different alternatives to update the Default Configuration Admin password

  1. Using Email Server.
  2. Via API from Command Line Interface (CLI) using curl commands.
  3. Via API using Postman

To reset the Default Configuration Admin password follow the next steps:

1. Using the Email Server

  1. Login to the vIDM console using the admin user or an administrator.
  2. Add or validate you have an Email Server.

  1. Select User and Groups, then the Default Configuration Admin username and then click on Reset the password, the administrator email will receive the steps to reset the password. 
  2. Please follow the steps indicated in the Next Steps section of this article. 

2. Via API from Command Line Interface (CLI) using curl commands

  1. Obtain a Bearer Token from the UI:
    1. Login to vIDM as admin
    2. Open the client browser DevTools by pressing F12
  2. Capture the Bearer Token by navigating to Application> Cookies > [htttps://vidm] > HZNimage.png
  3. Obtain the Default Configuration Admin username id.
    1. Search in the vIDM UI the Default Configuration User and select itimage.png
    2. Find and copy the username id from the URL of the browser.image.png
  4. SSH to VMware Aria Suite Lifecycle or a Linux server in order to execute the curl commands.
  5. Run the command to update the password.
curl -k --location --request PATCH 'https://ID1/SAAS/jersey/manager/api/scim/Users/ID4' \
--header 'Authorization: Bearer ID2' \
--header 'Content-Type: application/json' \
--data-raw '{"password":"ID5"}'

Considering:         

  • ID1: vIDM FQDN.
  • ID2: Cookie or Bearer Token obtained on step 2.2
  • ID4: Default Configuration Admin id obtained on step 3.2
  • ID5: new password value.
  1. Please follow the steps indicated in the Next Steps section of this article. 

3. Via API using Postman

  1. Capture the Bearer token and Default Configuration Admin username ID following steps from 1 to 3.
  2. In Postman, select the plus sign to create a new request.image.png
  3. Change the method to Patch.image.png
  4. Add the following REST API: https://ID1/SAAS/jersey/manager/api/scim/Users/ID4
  • Where:
    • ID1: vIDM FQDN.
    • ID4: Default Configuration Admin id obtained on step 2.3image.png
  1. In the Params add the following parameters.
  • Key: Accept Value: application/json
  • Key: Content-Type Value: application/jsonimage.png
  1. Click on Authorization, in type select Bearer token.image.png
  2. Paste HZN value captured in step 2.2 in the Token field.image.png
  3. Click on Body, then select raw and JSON as format. Type the following.
    { "password": "ID5" }
  • Where ID5 is the new password.image.png
  1. ​​​​​Click on Sendimage.png
  2. Validate the results, the code 204 is expected.image.png
  3. Try to login to vIDM UI and validate that you can log in using the new password.
  4. Proceed with the next steps. 

Next Steps

It is required to remediate the password in Locker by following this article Remediating passwords updated outside of VMware Aria Suite Lifecycle.