000029279 - FIM DATABASE AND ADMIN PASSWORDS

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029279
Applies ToRSA Federated Identity Manager (FIM) 4.2 
TOMCAT 7
WEBLOGIC 10/11G 
 
IssueThere are 2 passwords that can be created reset in FIM.  The user for the Database Connection and the admingui user(s).   User passwords of FIM services that federate are not stored in FIM but with the WAM  that is required such as RSA Access Manager.  What are the utilities that set these 2 passwords in FIM?
ResolutionIn the case of the database connection password.
updateDBCredentials.cmd/sh utility will update the database username/password information.
Below is the description of the Utility:
 
This utility is used to update FIM_DB credentials to connect the DB. 
In case of Derby database it prompts for only the DB Password where as incase of Postgres/ORAC it prompts for Username and Password.
Once the script is executed successfully it will update the fim.properties with the new username and encrypted password.
 
NOTE: Please take the database backup (backupConfig.cmd/sh) before executing this script if the customer want to restore it to the new database.
 
Please refer I&C Guide Changing Database Providers section from step 2 to step 4 for more details of executing the script.
If it’s related to FIMConfig GUI credentials on Tomcat stored in md5/sha then please refer SAML-4481 for updating the fim-users.xml file with the new password.
The fimUserInfo.sh/cmd  is the utility for changing that password located in the FIM directory after the insatll of FIM 4.2.1
NOTE : Don't include spaces in the password as the script won't work for passwords containing spaces

The weblogic script for changing , adding administrators is called cliCreateUserGroupsForWLS
cliCreateUserGroupsForWLS.sh/cmd  username password
serveraddress:port usersfilepath

It is also possible to add/manage FIM admins using the weblogic console as by default we use the security realms of weblogic for the admins.
Using the admin roles defined in the FIM Install & Config guide.   See user "myfimadmin"  which is a FIM super admin
weblogic console showing default realms


 

Attachments

    Outcomes