The local Policy Manager administrator account is used to ensure administrative access to the Gateway via the Policy Manager is available even if an external identity provider that provides user authentication and authorization is disabled or unavailable. It may be necessary to reset this password if the credentials are lost. This article will describe this process.
API Gateway: 9.X
API Gateway: 10.X
The administrative credentials for a user authorized to access the CA API Gateway Policy Manager can be changed by any other user assigned to the Administrator role within the API Gateway. If another administrative user is not available then the credentials can be reset from the privileged shell of the API Gateway appliance as the root user. To reset the credentials in this manner, do the following:
Connect to the API Gateway via a serial cable, direct console access, or SSH
Log in as the ssgconfig user
Select Option #3: Use a privileged shell (root)
Execute the following command: /opt/SecureSpan/Appliance/bin/resetAdmin.sh dbUser dbPassword
NOTE: The values dbUser and dbPassword should be replaced with the username and password of the privileged MySQL user. The privileged Linux user account is not used for this purpose
Provide the API Gateway database name
Provide the username of the administrative account to be unlocked
The password for the account in step #6 will be changed to password. It is recommended that this password be changed immediately upon logging in and ensuring the replacement password conforms to the Gateway password policy.
If the account is locked out due to too many attempts, changing the password would not be enough, and user would still be getting 'admin' exceeded max failed logon attempts' when trying to login. To fix that issue, user needs to remove the corresponding record for admin from the logon_info table:
# mysql -e "DELETE FROM ssg.logon_info WHERE login='admin';"