Resetting VMware Identity Manager Default Configuration Admin password
Article ID: 322712
Updated On:
Products
Issue/Introduction
This article includes different alternatives to update the Default Configuration Admin password
- Using an Email server
- Via Rest API from Command Line Interface (CLI) and curl
- Via Rest API using Postman
The VMware Identity Manager local user, Default Configuration Admin, is locked due to an incorrect password or it is required to change the password
Day 2 actions (upgrades, inventory sync, etc) VMware Aria Suite Lifecycle fails with the error LCMVIDM70000
Environment
VMware Identity Manager 2.x
Cause
- The user has forgotten the password or it is locked
- The Default Configuration Admin account is created by VMware Aria Suite Lifecycle (vRealize Suite Lifecycle Manager) with the Roles of Readonly Admin and Super Admin role, because of this the password reset is not possible from Horizon
Resolution
Prerequisite
-
Validate the Default Configuration Admin username in the globalenvironment in VMware Aria Suite Lifecycle 8.x (vRealize Suite Lifecycle Manager)
Procedures
This article includes different alternatives to update the Default Configuration Admin password
- Using Email Server.
- Via API from Command Line Interface (CLI) using curl commands
- Via API using Postman
1. Using the Email Server
- Login to the vIDM console using the admin user or an administrator
- Add or validate you have an Email Server
- Select User and Groups, then the Default Configuration Admin username and then click on Reset the password, the administrator email will receive the steps to reset the password
- Please follow the steps indicated in the Next Steps section of this article
2. Via API from Command Line Interface (CLI) using curl commands
- Obtain a Bearer Token and configadmin ID from the UI:
- Login to vIDM as admin
- Open the client browser DevTools by pressing F12
- Navigate to the Network tab, search for an example request (e.g. PasswordState), and view the request header details:
- Obtain the configadmin ID from the Request URL portion of the header details: https://<FQDN>/SAAS/jersey/manager/api/scim/Users/<CONFIGADMIN ID>/PasswordState
- Obtain the Bearer token from the Cookie section (there may be several cookies separated by a semi-colon, only copy the HZN cookie value ey... without the semi-colon)
- SSH to VMware Aria Suite Lifecycle or a Linux server in order to execute the curl commands
- Run the command to update the password
curl -k --location --request PATCH 'https://ID1/SAAS/jersey/manager/api/scim/Users/ID4' \
--header 'Authorization: Bearer ID2' \
--header 'Content-Type: application/json' \
--data-raw '{"password":"ID5"}'
Considering:
- ID1: vIDM FQDN
- ID2: Cookie or Bearer Token obtained on step 2.2
- ID4: Default Configuration Admin id obtained on step 3.2
- ID5: new password value
3. Via API using Postman
- Capture the Bearer token and Default Configuration Admin username ID following steps from 1 to 3
- In Postman, select the plus sign to create a new request
- Change the method to Patch
- Add the following REST API: https://ID1/SAAS/jersey/manager/api/scim/Users/ID4
- Where:
- ID1: vIDM FQDN.
- ID4: Default Configuration Admin id obtained on step 2.3
- In the Params add the following parameters
- Key: Accept Value: application/json
- Key: Content-Type Value: application/json
- Click on Authorization, in type select Bearer token.
- Paste HZN value captured in step 2.2 in the Token field.
- Click on Body, then select raw and JSON as format. Type the following
{ "password": "ID5"
Where ID5 is the new password.
- Click on Send
- Validate the results, the code 204 is expected
- Try to login to vIDM UI and validate that you can log in using the new password
- Proceed with the next steps
Next Steps
It is required to remediate the password in Locker by following this article Remediating passwords updated outside of VMware Aria Suite Lifecycle
Feedback
