When running the password history encryption tool (Ustoreservice.sh) as part of the Identity Manager 14.5 CHF2 installation, the tool fails with the following output:

[wildfly@hostname StrongPasswordHotfix]$ ./Ustoreservice.sh scan allPlease enter the password of the user <UUID>Please wait... Analysing Userstore data.ABORTED: SSO Integration Detected. Tool will not process any records.

The Ustoreservice.sh tool is designed to apply strong encryption to password history data residing in the local Identity Manager Object Store database.

In environments where Identity Manager is integrated with SiteMinder (SSO), SiteMinder assumes full responsibility for password-related functions, including the enforcement of password history and policy storage within the SiteMinder Policy Store How Password Policies work. Because the IDM Object Store database is not used to master password history in this configuration, the tool aborts to prevent unnecessary or conflicting processing How Password Policies work.

If SiteMinder is authoritative for your password policies, no further action is required for this specific tool. The "ABORTED" message is an intended safety feature for SSO-integrated environments.

Verification Steps

1. Confirm SSO Authority: Ensure that password policies are correctly defined and managed within the SiteMinder Administrative UI How Password Policies work.
2. Check Integration Status: Verify the SiteMinder integration is enabled in the ra.xml file located on your Identity Manager nodes Password policy modification fails:
   • vApp: /opt/CA/VirtualAppliance/custom/IdentityManager/SiteMinder_config/ra.xml
   • Non-vApp: /iam_im.ear/policyserver.rar/META-INF/ra.xml
3. Validate Directory XML: If you suspect the tool should be running against a specific local store, verify that your directory.xml mappings for %ENABLED_STATE% are correct for your intended authoritative source Password must change feature.