We enabled the setting "Use External Password Policies" on Provisioning Server, and recently we changed the inbound notification URL to a https url.
Then when we modify a Global User through the Provisioning Manager, the following error is encountered:
---------------------------
IM Provisioning Manager
---------------------------
:ETA_E_0007<MGU>, Global User 'TestUser' modification failed: PMC_VALIDATE_PASSWORD: Rc: 3. FAILED( https://server.domain.com:port/idm/ETACALLBACK/?env
[rc=60] error setting certificate verify locations:
CAfile: Not assigned
CApath: none
The issue is due to the Trusted CA Certificate is not configured on Provisioning Server, and therefore the Provisioning Server is unable to establish the https connection to IM server for checking password quality.
This issue is resolved by pointing to the Trusted Certificate Authority through the Provisioning Manager.
This is configured from the Provisioning Manager under:
SYSTEM > Domain Configuration > Identity Manager Server > Trusted CA Bundle parameter.
Edit this Parameter Value with the path to the Trusted Certificate Authority.
Note: Changing this parameter will require restarting ALL affected servers.
N/A