Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
vidhya Valued Contributor.
Valued Contributor.
88 views

LocksmithElementType error on UA startup

Hi, 

I have installed User application 4.7 pointing to mssql DB which we used for 4.6. Installation and configuration went fine without any issue. 

upon starting up the userapplication,  the following error is thrown up .

2019-12-02 04:40:32,998 ERROR [com.sssw.fw.security.core.EboSecurityManager] (localhost-startStop-1) [RBPM] getElementAclForPermission: The id LDAPRealm\cn=UserAppAdmin,ou=sa,o=system does not exist for the right PROTECT and element type LocksmithElementType.
2019-12-02 04:40:32,999 ERROR [com.sssw.fw.security.core.EboSecurityManager] (localhost-startStop-1) [RBPM] getElementAclForPermission: The id LDAPRealm\cn=UserAppAdmin,ou=SERVICES,o=SYSTEM does not exist for the right PROTECT and element type LocksmithElementType.

Unable to launch idmdash/idmadmin, when i access the idmdash , it says 

 {"Fault":{"Code":{"Value":"Sender","Subcode":{"Value":"XDAS_OUT_FAILURE"}},"Reason":{"Text":"System not in a fully started state. (perhaps starting, shutting down, refreshing configuration, or restarting)"}}}

 

Any solution for this issue? 

Do i need to deploy war file again , deleting the existing war? if  so how do i deploy it again

 

Regards,

Vidhya.

Labels (1)
0 Likes
5 Replies
Knowledge Partner
Knowledge Partner

Re: LocksmithElementType error on UA startup

Did you deploy an User App driver via Designer? 

Did you successfully run configupdate.sh (It requires the UA Driver object to be valid to save, since some of its content is written there and fails to save if it is missing).

0 Likes
vidhya Valued Contributor.
Valued Contributor.

Re: LocksmithElementType error on UA startup

Userapp driver is deployed by 4.7 installer itself. yes i ran configupdate.sh but it did not successfully saved some of the configuration which i tried to change .
0 Likes
vidhya Valued Contributor.
Valued Contributor.

Re: LocksmithElementType error on UA startup - missing osp.jks

Hi, 

 

Now when i try to update configupdate.sh, i observed osp.jks is missing not created by installation. how could i generate it ? 

 

i tried to follow your  link https://community.microfocus.com/t5/Identity-Manager-Tips/Configuring-IDM-4-5s-OSP-to-talk-to-a-Shibboleth-IDP/ta-p/1775504

but did not get it. 

 

This is identity Application 4.7

 

Regards,

Vidhya. 

 

 

0 Likes
Knowledge Partner
Knowledge Partner

Re: LocksmithElementType error on UA startup - missing osp.jks

By 'did not get it' do you mean you did not unuderstand?  If so, snip out the part you do not get so I can try to explain further.

Short version - make a 10-20 year self signed cert for OSP to use.  Then export its public key and import that into the tomcat and cacerts keystores. (Yes cacerts should not be needed, and yet, often I find blasting it everywhere seems to be the best plpan).

 

0 Likes
Knowledge Partner
Knowledge Partner

Re: LocksmithElementType error on UA startup - missing osp.jks

Oops! Just realized!  The CN of the cert should match the DNS name of the front end URL OSP is using.  It should also be added a Subject Alternate Name for the DNS name and the IP address.  That has become critical since I wrote that article. Blame Java for changing the rules on us.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.