Fallback to legacy administrator when AD is unavailable
search cancel

Fallback to legacy administrator when AD is unavailable


Article ID: 92811


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We currently have SiteMinder v12.7 policy servers that use AD to authenticate administrators when they log in to the Web Admin UI. How can we configure the policy server to fallback to local SiteMinder administrators when the AD is unavailable? Have tried to create "legacy administrators" (with various options including "System" and "CA Single Sign-On Database" but this does not seem to permit login via the admin UI.


Component: SMPLC


Unfortunately this is not possible, see:

"Note: Legacy Administrators can access the Administrative UI when the policy store is configured as the source of administrator identities (the default). However, after an external administrator store is configured, Legacy Administrator accounts cannot access the Administrative UI."


However, you can "reset" the adminui, see: 

1) Stop JBoss service 

2) Delete the folder: <CA Install location>\SiteMinder\adminui\server\default\data 

(Note: This defaults the user back to using policy store authentication.) 

3) Restart JBoss service 

4) Log back in using the original policy store based user and password.