Symantec Access Management

Even though we have configured the policy store for Siteminder, it not showing all the users in the XPSExplorer which we have created using AdminUI.

We have both legacy users and external AD users as admin users. Recently I've created a new user in AdminUI, but I didn't find it in the XPSExplorer.

Please let me know what I need to do in order to make both AdminUI and XPSExplorer similar.

Is there any other database which the AdminUI users to store the admin users?

Do I need to delete any legacy users?

Thanks in Advance.

Hi,

Can you detail the steps on how you create the new user in adminUI?

Did you exist the xpsexplorer and re-run xpsexplorer -> 93 -> S?

I expect both AdminUI and XPSExplore (option 93) should return the same results.

What I experienced before was I need to re-run the xpsexplorer to see the new contents if the xpsexplorer was run prior to user add.

Regards,

Kar Meng

Hi Kar,

Thanks for the response.

I've created the user by clicking on "Create Administrator" link. I've created the admin pointing to the external AD datastore already configured in the siteminder.

After creating the user I've checked in the XPSExplorer (option 93). The user was not listed in the XPSExplorer.

My adminui server is located in machine other than siteminder server.

Regards,

MADHU

Hi Madhu,

Few Questions :

• Could you please specify your SiteMinder Policy Server Version ?
• Is the Admin UI pointing to the same Policy server from which you are running XPSExplorer or is it pointing to different Policy Server ?
• Does the new admin user show up if you do the full policy store export ?
• What is your Policy Store?
• If you restart the Policy server (where you are running XPSExplorer) does it then show up ?

This sounds like a known bug with few version of SM !!!

Some food for thought : Admin UI updates not seen in any other policy server other than the one that created the object

Regards,

Ujwol

Hi Ujwol,

sorry for delayed reply. I was struck with some other work.

Please find the response to the above questions:

• Could you please specify your SiteMinder Policy Server Version ? 12.52.0.142
• Is the Admin UI pointing to the same Policy server from which you are running XPSExplorer or is it pointing to different Policy Server ? YES
• Does the new admin user show up if you do the full policy store export ? YES
• What is your Policy Store? We are using LDAP policy store. but for administrators we are using external AD store.
• If you restart the Policy server (where you are running XPSExplorer) does it then show up ? NO

Also note that in one of the environment, where we have two admin UI, both UI are showing same administrators, only XPSExplorer is missing some users.

I've also tried with XPSSweeper. But didn't got updated. The administrators listed in the XPSExplorer is subset of the users listed in adminUI.

Thanks and Regards,

MADHU

Hi Madhu,

You are looking at the wrong place in XPS tool.

You need to look at XPSSecurity ==> Administrator to find the newly created Administrator from Admin UI.

PS : Please verify this ..I will add bit more details to the thread a bit later.

Cheers,

Ujwol