Reset the CA Siteminder r12.5 WAMUI Manually
On occasion it may be necessary to manually ‘Reset’ or reconfigure the CA Siteminder r12.5 WAMUI. This can be the case when you’ve overwritten an existing Policy Store to which the Policy Server which the WAMUI is configured to connect to has been overwritten by the import of a policy store from another environment. This may also be necessary when pointing an existing WAMUI at a new environment. This can frequently be presented as a problem connecting to the Policy Server with the WAMUI where previously it had worked without any problems.
Frequently previous attempts to re-run XPSRegClient and even smreg –su to reset the Siteminder password have not resolved connection issues with the WAMUI.
This document goes through the detailed steps on how to rest an existing WAMUI. However it primarily focuses on the steps when the WAMUI is implemented on the default embedded JBoss application server.
I. Stop the Application Server Hosting the WAMUI
You will need to stop the application server which is hosting the WAMUI. The default application server embedded with the CA Siteminder WAMUI is JBoss, however the r12.51 WAMUI is also supported on IBM WebSphere, Oracle WebLogic, and Red Hat JBoss.
ØStop the embedded Jboss Application Server
o MS Windows:
1. Open the Services Manager
a. Start -> Run -> Services.msc
b. Launch Server Manager and browse to Configuration -> Services.
c. Start –Control Panel -> Administrative Tools -> Services
2. Stop the “SiteMinder Administrative UI” service
NOTE: Alternative you could simply run one of the following commands from a command prompt:
sc stop SMADMINUI
net stop SMADMINUI
1. Logon to the host running the WAMUI
2. Navigate to:
3. Run the following command:
ØStop 3rd Party Application Servers
o IBM WebSphere: See OEM documentation
o Oracle WebLogic: See OEM documentation
o Red Hat JBoss: See OEM documentation
II. Delete the WAMUI Configuration from the Embedded JBoss Application Server
1. Logon to the WAMUI host
2. Navigate the file system to the following directory:
3. Delete the entire “data” directory
III.Delete the WAMUI objects from the Policy Store
Delete the SMWAMUI Administrator Account
1. Open the command prompt / shell on the Policy Server
2. Change to the <Policy Server Install Dir>/bin
3. Run "XPSExplorer"": Run: xpsexplorer
4. Type ‘13’ for “ 13 – Admin*”, then hit ENTER
5. Type 's' for “Search Objects”, then hit ENTER
6. Locate the Admin object with the name "SMWAMUI:siteminder". It will look something like this:
(I) Name : "SMWAMUI:siteminder"
(C) Rights : ManageAllDomains,ManageSecurity,ManageUsers,None
7. Confirm the Object ID for the Admin Object with the name "SMWAMUI:siteminder".
Ø (The object id prefaces “CA.SM::[email protected]”. In the example above, the object id is “2”)
8. Type the object id number which corresponds to the name "SMWAMUI:siteminder", then hit ENTER
9. Type ‘d’ to delete the selected object id, then hit ENTER.
10. Type 'q' to go back, and then 'q' again, and then 'q' again (until you get the big list where it says 'MAIN MENU')
11. Type ‘56’ for “56 – TrustedHost*” , then hit ENTER
13. Type 's' for “Search Objects”, then hit ENTER
14. Locate the Trusted Host Object with the Desc: "Generated by the Administrative UI" (Altnernatively it may be named “Generated by XPSRegClient”) with the host name of the WAMUI possibly listed as an FQDN. It will look something like this:
(I) Name : "siteminder"
(C) Desc : "Generated by XPSRegClient"
(C) IpAddr : "0000:0000:0000:0000:0000:FFFF:"
(C) RolloverEnabled : false
(I) Name : "smpolicy1.smlab1.com
(C) Desc : "Generated by the Administrative UI"
(C) IpAddr : "192.168.100.30”
(C) RolloverEnabled : false
15. Confirm the Object ID for the Trusted Host Object with the name Desc that corresponds to the WAMUI host (The object id prefaces “CA.SM::[email protected] fwrk~”. In the example above, the object id is “3”)
16. Type the object id number which corresponds to the WAMUI Trusted host object, then hit ENTER
17. Type ‘d’ to delete the selected object id, then hit ENTER.
18. Type 'q' to go back, and then 'q' again, and then 'q' again (until you get the big list where it says 'MAIN MENU')
19. Choose 'q' again to exit XPSExplorer
20. Run XPSSecurity
21. Delete the 'SiteMinder Administrative UI Directory User')
Ø NOTE: DO NOT DELETE THE 'Siteminder' ADMIN IN XPSEXPLORER!
i. Do it only in XPSSecurity.
Ø XPSSecurity is found in the installation binaries along with “smreg” and is not copied to the \bin directory during installation.
22. Run XPSsweeper and allow it to complete.
23. Rest the Siteminder password (using the same password as was previously used):
smreg –su <password>
24. Start the JBOSS server.
25. Run XPSRegclient:
XPSRegclient siteminder:<passphrase> -adminui-setup
26. Now try to log in the WAMUI again.