igadmin user unable to login

Hi there,

I have freshly installed IG 3.7.3 on RHEL 8.9 with below versions.

VSN_ACTIVEMQ="6.0.0"
VSN_JDK="8.74.0.17-ca-jdk8.0.392"
VSN_TOMCAT="9.0.83"

When I am trying to login with igadmin the dasboard is not opening and always redirecting to login page

xxxxx:8080/.../app

Inside tomcat log below error is showing.

/opt/netiq/idm/apps/tomcat/logs/catalina.out

13-Dec-2023 13:42:23.150 INFO [main] org.apache.catalina.core.StandardServer.await A valid shutdown command was received
via the shutdown port. Stopping the Server instance.
13-Dec-2023 13:42:23.151 INFO [main] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["http-nio-8080"]
13-Dec-2023 13:42:23.155 INFO [main] org.apache.catalina.core.StandardService.stopInternal Stopping service [Catalina]
13-Dec-2023 13:42:23.164 INFO [main] org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler ["http-nio-8080"]
13-Dec-2023 13:42:23.167 INFO [main] org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler ["http-nio-808
0"]
2023-12-13 13:42:28
Full thread dump OpenJDK 64-Bit Server VM (25.392-b08 mixed mode):

"osp-common-thread-10" #41 prio=5 os_prio=0 tid=0x00007f4f10001000 nid=0x1519e waiting on condition [0x00007f4fb2322000]
   java.lang.Thread.State: WAITING (parking)
        at sun.misc.Unsafe.park(Native Method)
        - parking to wait for  <0x00000007478f4018> (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObj
ect)
        at java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)
        at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2044)
        at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:1088)
        at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:809)
        at java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1074)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1134)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:750)

Is there any miss match or any way I can identify the issue.

  • 0  

    Hello,

    have a look in the "/opt/netiq/idm/apps/tomcat/logs/catalina.<date>.log" log-file for more informations. Are use using an integration with IDM or the IDM OSP?

    In addition, there should be an OSP log file in '/opt/netiq/idm/apps/tomcat/logs', which also contains further information, or via the browser DEV tools.

    I have no experience with the "igadmin" user, as I have always configured an (OSP) integration with IDM and used uaadmin as the user.

    BR

    Tobias

  • 0   in reply to   

    Greetings,

    1) What LDAP server (eDirectory or AD) do you have OSP pointing to?

    2) Where is OSP deployed:
    -Same Tomcat as ID Gov
    -Save Tomcat as ID Apps
    -Separate Tomcat server

    3) During the install of OSP you are prompted to select if the Bootstrap user will either come from File System or LDAP. Which did you select?

    4) During the install of OSP and ID Gov you needed to provide the DNS value that will be used in a browser to access.
    -Did you supply the same value in all the places
    -Does that match what is currently in your browser

    Based upon the above responses opening a Service Request may be required


    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

  • 0  

    You might get more from the OSP log, but you will likely need to crank up the level to debug.  That is done by passing in a java parameter during tomcat startup, and this has been made (relatively) easier by looking at the tomcat/bin/setenv.sh script, and you should see a debug level for osp there, just increase it to debug, then restart tomcat.  You'll want to revert that when you are done.    The debug osp log is very verbose and holds many clues.

    Similarly, in your idgov/bin/configutil.sh tool, are you using a file based admin on the Authentication Server Details tab?

    --Jim