rsimonsatidentr Absent Member.
Absent Member.
292 views

Password Sync Status Application Settings Missing


Customer was upgraded from IDM v4.0.1 to IDM v4.0.2 as part of the
upgrade to IDM v4.5. After successfully upgrading PROD to IDM v4.0.2, it
was discovered that Password Sync Status configuration has been lost.
This was something that no one knew was configured or even being used
until the PROD upgrade. Yikes! So now everyone is scrambling to find
out how to get it back.

So the most important question is there a way to find out how this was
configured short of finding the original implementation document? Does
Designer or some file in the old JBoss directory hold this information?

Secondly is this expected as part of the upgrade of User Application so
we can plan for the IDM v4.5 upgrade portion?

Thanks in advance!


--
rsimonsatidentropy
------------------------------------------------------------------------
rsimonsatidentropy's Profile: https://forums.netiq.com/member.php?userid=3816
View this thread: https://forums.netiq.com/showthread.php?t=56757

Labels (1)
0 Likes
6 Replies
Knowledge Partner
Knowledge Partner

Re: Password Sync Status Application Settings Missing

On 10/25/2016 12:04 PM, rsimonsatidentropy wrote:
>
> Customer was upgraded from IDM v4.0.1 to IDM v4.0.2 as part of the
> upgrade to IDM v4.5. After successfully upgrading PROD to IDM v4.0.2, it
> was discovered that Password Sync Status configuration has been lost.
> This was something that no one knew was configured or even being used
> until the PROD upgrade. Yikes! So now everyone is scrambling to find
> out how to get it back.


Did you got 4.02E or 4.02 with IDM Home then 4.5? this is part of the
Password Management, that in 4.5 is mostly meant to be replaced by 4.5
and I do not think this aspect is ported to SSPR.

I am not sure if you cannot use both the way you might like.

The Password Management plugin can be SSPR, legacy, or rolled your own.
The idea is when you login, UA (or OSP in 4.5/Home) checks if your
account is expired/locked/etc. And possibly forces a password change,
so UA needs to know where that is.

The Pass Sync Status I think is part of the UA old one, starting to be
dep-recated in favour of SSPR, but SSPR does not support that/

So in Config Update check and see which password provider is set as a
first step and try to follow the docs on reconfiguring that one.


>
> So the most important question is there a way to find out how this was
> configured short of finding the original implementation document? Does
> Designer or some file in the old JBoss directory hold this information?
>
> Secondly is this expected as part of the upgrade of User Application so
> we can plan for the IDM v4.5 upgrade portion?
>
> Thanks in advance!
>
>


0 Likes
rsimonsatidentr Absent Member.
Absent Member.

Re: Password Sync Status Application Settings Missing


Thank you for your response Geoff! This is straight IDM v4.0.2 (No IDM
Home or SSPR), and yes it does have Patch E for IDM v4.0.2. But I think
the configuration was lost when UA was upgraded to the shipping version
of IDM v4.0.2. This is used like the "Check Password Sync Status" in
iManager.

For clarification, yes specifically this is the "old" UA url under the
"Administration" tab, "Application Configuration" tab, on the left side
under "Password Module Setup", "Password Sync Status". Then at the
bottom there is an "Add" button under "Password Sync Status Application
Settings". This is where the configuration should have been defined, but
instead it is completely removed.


--
rsimonsatidentropy
------------------------------------------------------------------------
rsimonsatidentropy's Profile: https://forums.netiq.com/member.php?userid=3816
View this thread: https://forums.netiq.com/showthread.php?t=56757

0 Likes
Knowledge Partner
Knowledge Partner

Re: Password Sync Status Application Settings Missing

On 10/27/2016 11:23 AM, rsimonsatidentropy wrote:
>
> Thank you for your response Geoff! This is straight IDM v4.0.2 (No IDM
> Home or SSPR), and yes it does have Patch E for IDM v4.0.2. But I think
> the configuration was lost when UA was upgraded to the shipping version
> of IDM v4.0.2. This is used like the "Check Password Sync Status" in
> iManager.
>
> For clarification, yes specifically this is the "old" UA url under the
> "Administration" tab, "Application Configuration" tab, on the left side
> under "Password Module Setup", "Password Sync Status". Then at the
> bottom there is an "Add" button under "Password Sync Status Application
> Settings". This is where the configuration should have been defined, but
> instead it is completely removed.


So run configupdate for this instance of UA, look at the password
settings. Honestly, I forget the heading name and do not have a 4.02
system handy I could run it on to check. Make sure it is configured in
configupdate (Which requires a UA web app restart to take affect).



0 Likes
Knowledge Partner
Knowledge Partner

Re: Password Sync Status Application Settings Missing

I would ask how many users were using it and evaluate if it is worth setting up again.

If they upgrade to 4.5 or later and want to use sspr and they most likely do want that since it's in my experience more user friendly they will not have this possibility in the interface.
0 Likes
Highlighted
rsimonsatidentr Absent Member.
Absent Member.

Re: Password Sync Status Application Settings Missing


Thank you Joakim... At this point we have moved forward with recreating
based on people's memory. 😄 It is pretty quick and simple to setup, it
just might not have the same graphics as before.


--
rsimonsatidentropy
------------------------------------------------------------------------
rsimonsatidentropy's Profile: https://forums.netiq.com/member.php?userid=3816
View this thread: https://forums.netiq.com/showthread.php?t=56757

0 Likes
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: Password Sync Status Application Settings Missing

On 26/10/2016 17:46, joakim ganse wrote:
>
> I would ask how many users were using it and evaluate if it is worth
> setting up again.
>
> If they upgrade to 4.5 or later and want to use sspr and they most
> likely do want that since it's in my experience more user friendly
> they will not have this possibility in the interface.
>
>


Very true, the DirXml-PasswordSyncStatus attribute is still being set by
the drivers, and the information about it can be found here:
https://www.netiq.com/documentation/idm45/idm_password_management/data/bo16edb.html


Casper
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.