Policy Server Administrative UI (AdminUI or WAM UI) login failed with
"Error: Username and password do not match"
message. User was able to login with the same credentials earlier.
AdminUI all versions on Linux
There is no error/warning message logged in any of the log files but
the authentication process took too long to complete. Low entropy
count was found to be the cause of this issue.
As per the documentation (1) the most used one is rngd deamon as it
allows to start the deamon at boot time and insure that even after
system reboot, entropy pool is big enough.
To get this deamon on RedHat 7 systems, you need to install the
following package :
rng-tools-6.3.1-5.el7.x86_64 (RedHat 7)
rng-tools-6.8-3.el8.x86_64 (RedHat 8)
(yum install rng-tools)
No specific configuration is needed, the out of the box one is
sufficient when you configure it as a service.
In order to get it started at boot time as service, then you should
enable it and start it on RedHat 7 and 8 :
# systemctl enable rngd
# systemctl start rngd
# systemctl status rngd
rngd.service - Hardware RNG Entropy Gatherer Daemon
Loaded: loaded (/usr/lib/systemd/system/rngd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-05-06 12:46:56 CEST; 50s ago
Main PID: 11062 (rngd)
Tasks: 1
CGroup: /system.slice/rngd.service
└─11062 /sbin/rngd -f
On other Linux systems, you may be able to start manually the deamon
that way as per documentation (1):
# rngd -r /dev/urandom -o /dev/random -b
Finally, use the following command to monitor the entropy (2):
# watch -n 1 cat /proc/sys/kernel/random/entropy_avail
(1)
Prepare for the Policy Server Installation
Good security and not FIPS compliant: Configure the rngd daemon to
populate /dev/random. Execute the following command:
rngd -r /dev/urandom -o /dev/random -b
Third-party alternatives to the rngd entropy daemon are also
available.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/installing/install-a-policy-server/install-policy-server-on-unix/prepare-for-the-policy-server-installation.html#PrepareforthePolicyServerInstallation-IncreaseEntropy
(2)
Increase Entropy
To monitor the entropy on the system, execute the following
command:
watch -n 1 cat /proc/sys/kernel/random/entropy_avail
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/installing/install-a-policy-server/install-policy-server-on-unix/prepare-for-the-policy-server-installation.html#PrepareforthePolicyServerInstallation-IncreaseEntropy