Marcus Tornberg Super Contributor.
Super Contributor.
316 views

Bootstrap admin issue

Hi all!

Running Identity Governance 3.5.1 (Tocmat 9.0.17, zulu8.31.0.1-jdk8.0.181, MS SQL 2017) on server 1 with OSP (6.3.1 2019-01-04T18:57:40Z) on IDM 4.7.2 on server 2.

Following the documentation, I have set Bootstrap Admin to cn=uaadmin,ou=sa,o=data and Authentication Source to Identity Vault in configutil.sh.

I can login to IDGov, but no menu options are shown. In the catalina.<date>.log file I see the following:
com.netiq.iac.server.j2ee.AuthFilter matchUser - [IG-SERVER] User Identity Applications (cn=uaadmin,ou=sa,o=data) is authenticated, but cannot access the Identity Governance application. The following attributes for matching users are not configured as searchable. Users will not be able to log in until at least one of these attributes is made searchable: dn

I see no other error messages in the catalina logs.

How can I resolve this issue?

Best regards
Marcus
0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: Bootstrap admin issue

On 4/24/19 5:34 AM, marcus jonsson wrote:
>
> Hi all!
>
> Running Identity Governance 3.5.1 (Tocmat 9.0.17,
> zulu8.31.0.1-jdk8.0.181, MS SQL 2017) on server 1 with OSP (6.3.1
> 2019-01-04T18:57:40Z) on IDM 4.7.2 on server 2.
>
> Following the documentation, I have set Bootstrap Admin to
> cn=uaadmin,ou=sa,o=data and Authentication Source to Identity Vault in
> configutil.sh.
>
> I can login to IDGov, but no menu options are shown. In the
> catalina.<date>.log file I see the following:
> com.netiq.iac.server.j2ee.AuthFilter matchUser - [IG-SERVER] User
> Identity Applications (cn=uaadmin,ou=sa,o=data) is authenticated, but
> cannot access the Identity Governance application. The following
> attributes for matching users are not configured as searchable. Users
> will not be able to log in until at least one of these attributes is
> made searchable: dn
>
> I see no other error messages in the catalina logs.
>
> How can I resolve this issue?
>
> Best regards
> Marcus
>
>

Greetings,

1.a) The Bootstrap Admin does not have to the vault when using IDM. The
only time they have to be in the Vault is when you are using SAML or
OAuth from NAM instead of OSP (with this last one that is not possible
since you appear to want to SSO with IDM 4.7).

1.b) When you do put the bootstrap admin in the Vault, it should not be
a user that you will want to user later as a global admin. So using
uaadmin is not recommended. I always create another system account
account in the Vault.


2) Based upon what you have outlined, please open a Service Request with
Support so that I can get certain information from your install and like
that should not be shared on the Forums.



--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
Marcus Tornberg Super Contributor.
Super Contributor.

Re: Bootstrap admin issue

stevewdj;2498746 wrote:
On 4/24/19 5:34 AM, marcus jonsson wrote:
>
> Hi all!
>
> Running Identity Governance 3.5.1 (Tocmat 9.0.17,
> zulu8.31.0.1-jdk8.0.181, MS SQL 2017) on server 1 with OSP (6.3.1
> 2019-01-04T18:57:40Z) on IDM 4.7.2 on server 2.
>
> Following the documentation, I have set Bootstrap Admin to
> cn=uaadmin,ou=sa,o=data and Authentication Source to Identity Vault in
> configutil.sh.
>
> I can login to IDGov, but no menu options are shown. In the
> catalina.<date>.log file I see the following:
> com.netiq.iac.server.j2ee.AuthFilter matchUser - [IG-SERVER] User
> Identity Applications (cn=uaadmin,ou=sa,o=data) is authenticated, but
> cannot access the Identity Governance application. The following
> attributes for matching users are not configured as searchable. Users
> will not be able to log in until at least one of these attributes is
> made searchable: dn
>
> I see no other error messages in the catalina logs.
>
> How can I resolve this issue?
>
> Best regards
> Marcus
>
>

Greetings,

1.a) The Bootstrap Admin does not have to the vault when using IDM. The
only time they have to be in the Vault is when you are using SAML or
OAuth from NAM instead of OSP (with this last one that is not possible
since you appear to want to SSO with IDM 4.7).

1.b) When you do put the bootstrap admin in the Vault, it should not be
a user that you will want to user later as a global admin. So using
uaadmin is not recommended. I always create another system account
account in the Vault.


2) Based upon what you have outlined, please open a Service Request with
Support so that I can get certain information from your install and like
that should not be shared on the Forums.



--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus


Hi Steven!

1.a) Ok, I think the documentation is a bit weak on this point then. Look at https://www.netiq.com/documentation/identity-governance-35/install-guide/data/b19v78jn.html and search for "igadmin" and it seems to apply to using OSP with Identity manager.

1.b) Agreed, uaadmin was used for testing only.

2) SR opened now

Thank you.

Best Regards
Marcus
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.