Highlighted
Respected Contributor.
Respected Contributor.
331 views

LocksmithElementType error on UA startup

Hi, 

I have installed User application 4.7 pointing to mssql DB which we used for 4.6. Installation and configuration went fine without any issue. 

upon starting up the userapplication,  the following error is thrown up .

2019-12-02 04:40:32,998 ERROR [com.sssw.fw.security.core.EboSecurityManager] (localhost-startStop-1) [RBPM] getElementAclForPermission: The id LDAPRealm\cn=UserAppAdmin,ou=sa,o=system does not exist for the right PROTECT and element type LocksmithElementType.
2019-12-02 04:40:32,999 ERROR [com.sssw.fw.security.core.EboSecurityManager] (localhost-startStop-1) [RBPM] getElementAclForPermission: The id LDAPRealm\cn=UserAppAdmin,ou=SERVICES,o=SYSTEM does not exist for the right PROTECT and element type LocksmithElementType.

Unable to launch idmdash/idmadmin, when i access the idmdash , it says 

 {"Fault":{"Code":{"Value":"Sender","Subcode":{"Value":"XDAS_OUT_FAILURE"}},"Reason":{"Text":"System not in a fully started state. (perhaps starting, shutting down, refreshing configuration, or restarting)"}}}

 

Any solution for this issue? 

Do i need to deploy war file again , deleting the existing war? if  so how do i deploy it again

 

Regards,

Vidhya.

Labels (1)
0 Likes
9 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: LocksmithElementType error on UA startup

Did you deploy an User App driver via Designer? 

Did you successfully run configupdate.sh (It requires the UA Driver object to be valid to save, since some of its content is written there and fails to save if it is missing).

0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: LocksmithElementType error on UA startup

Userapp driver is deployed by 4.7 installer itself. yes i ran configupdate.sh but it did not successfully saved some of the configuration which i tried to change .
0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: LocksmithElementType error on UA startup - missing osp.jks

Hi, 

 

Now when i try to update configupdate.sh, i observed osp.jks is missing not created by installation. how could i generate it ? 

 

i tried to follow your  link https://community.microfocus.com/t5/Identity-Manager-Tips/Configuring-IDM-4-5s-OSP-to-talk-to-a-Shibboleth-IDP/ta-p/1775504

but did not get it. 

 

This is identity Application 4.7

 

Regards,

Vidhya. 

 

 

0 Likes
Knowledge Partner
Knowledge Partner

Re: LocksmithElementType error on UA startup - missing osp.jks

By 'did not get it' do you mean you did not unuderstand?  If so, snip out the part you do not get so I can try to explain further.

Short version - make a 10-20 year self signed cert for OSP to use.  Then export its public key and import that into the tomcat and cacerts keystores. (Yes cacerts should not be needed, and yet, often I find blasting it everywhere seems to be the best plpan).

 

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: LocksmithElementType error on UA startup - missing osp.jks

Oops! Just realized!  The CN of the cert should match the DNS name of the front end URL OSP is using.  It should also be added a Subject Alternate Name for the DNS name and the IP address.  That has become critical since I wrote that article. Blame Java for changing the rules on us.

 

0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: LocksmithElementType error on UA startup - missing osp.jks

Thankyou for your suggestions. i have managed to create osp.jks and have done confogurations in config utility. now userapplication is up and running fine.

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: LocksmithElementType error on UA startup - missing osp.jks

So to close the loop, and help future people who find this through a search, what specifically do you think you did different this time, that made it work?

0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: LocksmithElementType error on UA startup - missing osp.jks

Earlier after i created osp.jks, i have tried to do post install userapp configuration by launch configupdate utility in console mode and somehow the changes i made was not getting saved and throwed error upon missing values in other fields. But when i tried to do post install configurations by launching configupdate utility in GUI mode then changes got saved successfully without error. and i was able to get userappliation up and running fine. it sounds strange but this is how it worked for me.
0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: LocksmithElementType error on UA startup - missing osp.jks

In other fresh setup for osp.jks issue : one more attempt we tried was uninstalling(clean) and reinstalling complete setup ( idm+userapplication) and it worked. Again we had to do post install configuration in configupdate utility in GUI mode only.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.