Password Sync Status Application Settings Missing


Customer was upgraded from IDM v4.0.1 to IDM v4.0.2 as part of the
upgrade to IDM v4.5. After successfully upgrading PROD to IDM v4.0.2, it
was discovered that Password Sync Status configuration has been lost.
This was something that no one knew was configured or even being used
until the PROD upgrade. Yikes! So now everyone is scrambling to find
out how to get it back.

So the most important question is there a way to find out how this was
configured short of finding the original implementation document? Does
Designer or some file in the old JBoss directory hold this information?

Secondly is this expected as part of the upgrade of User Application so
we can plan for the IDM v4.5 upgrade portion?

Thanks in advance!


--
rsimonsatidentropy
------------------------------------------------------------------------
rsimonsatidentropy's Profile: https://forums.netiq.com/member.php?userid=3816
View this thread: https://forums.netiq.com/showthread.php?t=56757

  • On 10/25/2016 12:04 PM, rsimonsatidentropy wrote:
    >
    > Customer was upgraded from IDM v4.0.1 to IDM v4.0.2 as part of the
    > upgrade to IDM v4.5. After successfully upgrading PROD to IDM v4.0.2, it
    > was discovered that Password Sync Status configuration has been lost.
    > This was something that no one knew was configured or even being used
    > until the PROD upgrade. Yikes! So now everyone is scrambling to find
    > out how to get it back.


    Did you got 4.02E or 4.02 with IDM Home then 4.5? this is part of the
    Password Management, that in 4.5 is mostly meant to be replaced by 4.5
    and I do not think this aspect is ported to SSPR.

    I am not sure if you cannot use both the way you might like.

    The Password Management plugin can be SSPR, legacy, or rolled your own.
    The idea is when you login, UA (or OSP in 4.5/Home) checks if your
    account is expired/locked/etc. And possibly forces a password change,
    so UA needs to know where that is.

    The Pass Sync Status I think is part of the UA old one, starting to be
    dep-recated in favour of SSPR, but SSPR does not support that/

    So in Config Update check and see which password provider is set as a
    first step and try to follow the docs on reconfiguring that one.


    >
    > So the most important question is there a way to find out how this was
    > configured short of finding the original implementation document? Does
    > Designer or some file in the old JBoss directory hold this information?
    >
    > Secondly is this expected as part of the upgrade of User Application so
    > we can plan for the IDM v4.5 upgrade portion?
    >
    > Thanks in advance!
    >
    >


  • I would ask how many users were using it and evaluate if it is worth setting up again.

    If they upgrade to 4.5 or later and want to use sspr and they most likely do want that since it's in my experience more user friendly they will not have this possibility in the interface.

  • Thank you for your response Geoff! This is straight IDM v4.0.2 (No IDM
    Home or SSPR), and yes it does have Patch E for IDM v4.0.2. But I think
    the configuration was lost when UA was upgraded to the shipping version
    of IDM v4.0.2. This is used like the "Check Password Sync Status" in
    iManager.

    For clarification, yes specifically this is the "old" UA url under the
    "Administration" tab, "Application Configuration" tab, on the left side
    under "Password Module Setup", "Password Sync Status". Then at the
    bottom there is an "Add" button under "Password Sync Status Application
    Settings". This is where the configuration should have been defined, but
    instead it is completely removed.


    --
    rsimonsatidentropy
    ------------------------------------------------------------------------
    rsimonsatidentropy's Profile: https://forums.netiq.com/member.php?userid=3816
    View this thread: https://forums.netiq.com/showthread.php?t=56757

  • On 10/27/2016 11:23 AM, rsimonsatidentropy wrote:
    >
    > Thank you for your response Geoff! This is straight IDM v4.0.2 (No IDM
    > Home or SSPR), and yes it does have Patch E for IDM v4.0.2. But I think
    > the configuration was lost when UA was upgraded to the shipping version
    > of IDM v4.0.2. This is used like the "Check Password Sync Status" in
    > iManager.
    >
    > For clarification, yes specifically this is the "old" UA url under the
    > "Administration" tab, "Application Configuration" tab, on the left side
    > under "Password Module Setup", "Password Sync Status". Then at the
    > bottom there is an "Add" button under "Password Sync Status Application
    > Settings". This is where the configuration should have been defined, but
    > instead it is completely removed.


    So run configupdate for this instance of UA, look at the password
    settings. Honestly, I forget the heading name and do not have a 4.02
    system handy I could run it on to check. Make sure it is configured in
    configupdate (Which requires a UA web app restart to take affect).




  • Thank you Joakim... At this point we have moved forward with recreating
    based on people's memory. :D It is pretty quick and simple to setup, it
    just might not have the same graphics as before.


    --
    rsimonsatidentropy
    ------------------------------------------------------------------------
    rsimonsatidentropy's Profile: https://forums.netiq.com/member.php?userid=3816
    View this thread: https://forums.netiq.com/showthread.php?t=56757

  • On 26/10/2016 17:46, joakim ganse wrote:
    >
    > I would ask how many users were using it and evaluate if it is worth
    > setting up again.
    >
    > If they upgrade to 4.5 or later and want to use sspr and they most
    > likely do want that since it's in my experience more user friendly
    > they will not have this possibility in the interface.
    >
    >


    Very true, the DirXml-PasswordSyncStatus attribute is still being set by
    the drivers, and the information about it can be found here:
    https://www.netiq.com/documentation/idm45/idm_password_management/data/bo16edb.html


    Casper