Reset the CA Siteminder r12.5 Administrative UI Manually
search cancel

Reset the CA Siteminder r12.5 Administrative UI Manually

book

Article ID: 32458

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

 Reset the CA Siteminder r12.5 WAMUI Manually

On occasion it may be necessary to manually ‘Reset’ or reconfigure the CA Siteminder r12.5 WAMUI.  This can be the case when you’ve overwritten an existing Policy Store to which the Policy Server which the WAMUI is configured to connect to has been overwritten by the import of a policy store from another environment.   This may also be necessary when pointing an existing WAMUI at a new environment.  This can frequently be presented as a problem connecting to the Policy Server with the WAMUI where previously it had worked without any problems.

Frequently previous attempts to re-run XPSRegClient and even smreg –su to reset the Siteminder password have not resolved connection issues with the WAMUI.

This document goes through the detailed steps on how to rest an existing WAMUI. However it primarily focuses on the steps when the WAMUI is implemented on the default embedded JBoss application server.

 

Environment

Release:
Component: SMAUI

Resolution

  1. Stop the Application Server Hosting the WAMUI

You will need to stop the application server which is hosting the WAMUI.  The default application server embedded with the CA Siteminder WAMUI is JBoss, however the r12.51 WAMUI is also supported on IBM WebSphere, Oracle WebLogic, and Red Hat JBoss.

ØStop the embedded Jboss Application Server

o   MS Windows:

  1. Open the Services Manager
  2. Start -> Run -> Services.msc

OR

  1. Launch Server Manager and browse to Configuration -> Services.

OR

  1. Start –Control Panel -> Administrative Tools -> Services
  2. Stop the “SiteMinder Administrative UI” service

NOTE: Alternative you could simply run one of the following commands from a command prompt:

sc stop SMADMINUI

net stop SMADMINUI

o   UNIX:

  1. Logon to the host running the WAMUI
  2. Navigate to:

 <WAMUI Home>/CA/siteminder/adminui/bin/administrative_ui_install

  1. Run the following command:

shutdown.sh


ØStop 3rd Party Application Servers


o   IBM WebSphere: See OEM documentation

o   Oracle WebLogic: See OEM documentation

o   Red Hat JBoss: See OEM documentation

 

  1. Delete the WAMUI Configuration from the Embedded JBoss Application Server
  2. Logon to the WAMUI host
  3. Navigate the file system to the following directory:

<WAMUI Home>\CA\SiteMinder\adminui\server\default

  1. Delete the entire “data” directory


III.Delete the WAMUI objects from the Policy Store

Delete the SMWAMUI Administrator Account

  1. Open the command prompt / shell on the Policy Server
  2. Change to the <Policy Server Install Dir>/bin
  3. Run "XPSExplorer"":   Run: xpsexplorer
  4. Type ‘13’ for “ 13 – Admin*”, then hit ENTER
  5. Type  's' for “Search Objects”, then hit ENTER
  6. Locate the Admin object with the name "SMWAMUI:siteminder". It will look something like this:

2-CA.SM::Admin@12-0007ccfc-a2eb-1cc9-991a-06200a27c0a4

(I) Name :    "SMWAMUI:siteminder"

(C) Rights :    ManageAllDomains,ManageSecurity,ManageUsers,None

  1. Confirm the Object ID for the Admin Object with the name "SMWAMUI:siteminder".

Ø   (The object id prefaces “CA.SM::Admin@”.  In the example above, the object id is “2”)

  1. Type the object id number which corresponds to the name "SMWAMUI:siteminder", then hit ENTER
  2. Type ‘d’ to delete the selected object id, then hit ENTER.
  3. Type 'q' to go back, and then 'q' again,  and then 'q' again (until you get the big list where it says 'MAIN MENU')
  4. Type ‘56’ for “56 – TrustedHost*” , then hit ENTER
  5. Type 's' for “Search Objects”, then hit ENTER
  6. Locate the Trusted Host Object with the Desc: "Generated by the Administrative UI" (Altnernatively it may be named “Generated by XPSRegClient”) with the host name of the WAMUI possibly listed as an FQDN.  It will look something like this:

3-CA.SM::TrustedHost@24-xpsagent-fwrk-1cc9-991a-062X4CC9A2EB

(I) Name :     "siteminder"

(C) Desc :      "Generated by XPSRegClient"

(C) IpAddr :  "0000:0000:0000:0000:0000:FFFF:"

(C) RolloverEnabled : false

 

OR

 

3-CA.SM::TrustedHost@24-xpsagent-fwrk-1cc9-991a-062X4CC9A2EB

(I) Name :     "_host.example.com"

(C) Desc :      "Generated by the Administrative UI"

(C) IpAddr :  "10.0.0.1”

(C) RolloverEnabled : false

  1. Confirm the Object ID for the Trusted Host Object with the name Desc that corresponds to the WAMUI host (The object id prefaces “CA.SM::TrustedHost@24-xpsagent-  fwrk~”.  In the example above, the object id is “3”)
  2. Type the object id number which corresponds to the WAMUI Trusted host object, then hit ENTER
  3. Type ‘d’ to delete the selected object id, then hit ENTER.
  4. Type 'q' to go back, and then 'q' again,  and then 'q' again (until you get the big list where it says 'MAIN MENU')
  5. Choose 'q' again to exit XPSExplorer
  6. Run XPSSecurity
  7. Delete the 'SiteMinder Administrative UI Directory User')

Ø  NOTE: DO NOT DELETE THE 'Siteminder' ADMIN IN XPSEXPLORER!

  1. Do it only in XPSSecurity.

Ø  XPSSecurity is found in the installation binaries along with “smreg” and is not copied to the \bin directory during installation.

  1. Run XPSsweeper and allow it to complete.
  2. Rest the Siteminder password (using the same password as was previously used):

smreg –su <password>

  1. Start the JBOSS server.
  2. Run XPSRegclient:

XPSRegclient siteminder:<passphrase> -adminui-setup

  1. Now try to log in the WAMUI again.

 

Powered by Wolken Software