000027948 - KB-1469 - Changing ACM Passwords

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027948
Applies ToAffected Versions: 4.X; 3.6.X
ResolutionOn login, we take the userID, validate that it *is* in our database, and then send it and the users password to the authentication source for validation. If it is a valid combination, then we grant access. Again, there is no password storage or look-up from our tables.



After a fresh Install of ACM, the AveksaAdmin password is 'aveksa123'. On first login, a prompt will appear to change the password. You can then reset it to new password, which takes effect on next login.


To change AveksaAdmin password
 
  1. After a successive login
  2. In the UI, Go to Admin->Settings->Edit,
  3. Change the password for AveksaAdmin.
  4. After specifying the new password, logout and Login to activate the password.

To setup the password for the TestAuth
 

In Admin-Settings you can add a custom property:

 
  1. Go to Admin-->Settings-->Edit-->Add custom property
  2. Add the property "TestAuthProviderUserPassword"and the 'password'(Value)
  3. Click OK
  4. Logout & Login

All these flags are cached for better performance. It is necessary to Log out and then log in for the changes to take effect.



After trying the above steps, if the user login fails, then check whether Demo Authentication is set up on the system.
Installing the TestAuth Provider



In order to log in as a user other than AveksaAdmin you will need to upload or validate the existence of TestAuthProvider.config. This file can be found in



For Tomcat (with Aveksa 3.X) ->/usr/bin/tomcat/webapps/aveksa/WEB-INF/config/



For jboss (with Aveksa 4.x) ->/home/oracle/jboss/server/default/deploy/aveksa.ear/aveksa.war/WEB-INF/config



If you are not able to see this file then copy this file from respective locations as mentioned below-



For Tomcat (with Aveksa 3.X)



cp /home/oracle/database/SampleData/TestAuthProvider.config

/usr/bin/tomcat/webapps/aveksa/WEB-INF/config/



For jboss (with Aveksa 4.x)



cp /home/oracle/database/SampleData/TestAuthProvider.config

/home/oracle/jboss/server/default/deploy/aveksa.ear/aveksa.war/WEB-INF/config



Once the file is in place, insert a row into the configuration table as follows:



Login to Database as 'avuser' and execute the below command-


 
INSERT INTO T_AUTH_CONFIGURATIONS

(ID, IDC_ID, AUTH_PROVIDER_NAME, AUTH_CONFIGURED_PROPERTIES,AUTH_PROVIDER_TYPE,AUTH_PROVIDER_CLASS)

VALUES(AUTH_CONFIGURATION_SEQUENCE.nextval, 1, 'TestAuthProvider',

'<?xml version="1.0" encoding="UTF-8"?><properties></properties>',

'TestAuthProviderType', 'com.aveksa.server.authentication.TestLoginModule');



After modifying the table,restart the ACM.



Note: if the above fails to allow general user login, the Active Directory collector number entered above (“1”) may be incorrect. You can manually edit the table and insert the correct collector number.



Now you can login with just a user id. Select a user from the unified users, then login as that user id and see what the difference is between a “regular” user and the Admin.



NOTE: In the case where there is more than 1 IDC configured, more entries will have to added into the T_AUTH_CONFIGURATIONS table and the "TestAuthProvider.config" will have to be duplicated for the other IDCs. For example, if there is another IDC called "MySecondAuthProvider", then in this case the following needs to be done



1. First copy the TestAuthProvider.config to MySecondAuthProvider.config from their actual locations.

(For example copy the /usr/bin/tomcat/webapps/aveksa/WEB-INF/config/TestAuthProvider.config into /usr/bin/tomcat/webapps/aveksa/WEB-INF/config/MySecondAuthProvider.config).



2. Find out the IDC ID of this auth provider by looking at the "ID" column in the T_DATA_COLLECTORS table.



sqlplus avuser/secret

select ID,NAME from T_DATA_COLLECTORS;



3. Insert a new entry into the T_AUTH_CONFIGURATIONS table using the query above and using IDC_DC from the ID column mentioned above, and the name should be "MySecondAuthProvider".



The same process can be repeated for other IDCs. As mentioned above, once the entries have been added and the file created, a server restart is required. 

Attachments

    Outcomes