Register Trusted Hosts with External Admin Account

book

Article ID: 36556

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Issue

 

- From Adminui ,Configure an External Admin Store to create Administrators to access the Adminui

- The created Admins are granted SuperUser Roles and are able to access the Adminui with no issues

- Now if you attempt to use the External Admin Store admins to perform Host Registration ( for example attempting to register an agent) ,you will get an Unknown Administrator error such as the below

 

 

<command=login>

<user=!test>

<password=** Not Shown **>

[Failed to resolve administrator '!test']

<status=E/0093/6/Unknown administrator>

 

 

Resolution

 

1) Adminui External Admin Store users are strictly to be used for the Adminui management ONLY .

2) The SuperUser Admin Role applies to the Adminui Functionalities and cannot be used to perform host registration

3) this is working per design on all 12.x Siteminder Releases

4) Only Legacy Admins are allowed to perform host registration

 

To create a Legacy user ,Please follow the below Steps

 

1) created a User directory based on the same User directory used by the Admin External Store

2) Under the Administration --> Administrator --> Legacy Administrators ,create a new Legacy Administrator as follows

a) Name --> give the Admin name to be created

b) under Administrator lookup ,chose "External Directory" and chose the User Directory you created in the first step and select  "Basic Authentication"

c) under "Administrator Privileges" ,chose the "System" and select all the tasks including the "Register Trusted Hosts" and save the changes

3) now if you go under Administration --> Administrator --> Administrators ,you will see that the indicated admin was created with -legacy attached to the name

 

 

Now this legacy admin can be used to perform Host registrations .

 

In Summary --> Only Legacy Admins can be used to Register Trusted Hosts.

Environment

Release:
Component: SMAPC