Alan Baugher

Update Identity Manager JBOSS/Wildfly Database Ids/Passwords via Jboss-cli.sh

Discussion created by Alan Baugher Employee on Jun 15, 2018
Latest reply on Jul 20, 2018 by Alan Baugher

Team,

 

Using the jboss-cli.sh with the --gui switch allows for easy creation of the CLI processes, if you already have a pre-existing file with values you wish to update.

 

 

There are six (6) databases for CA Identity Manager, and the security context has been moved from the data-source section to a "security" section.

- To update these values, it is possible to vi this file, but if we will to leverage dev-ops processes, any method that allows an API or CLI process is preferred.

 -  Why this method is preferred over manual entry?

     - Avoid fat finger mistakes

     - Ensure a repeatable process that can be tied to dev-ops scripts/tools.

     - Inherent validation of entry and approved values for attributes.

     - Able to rapidly share knowledge and test over web-ex sessions with larger team members.

 

 

 

 

Example of using the jboss-cli.sh with --gui to "discover" and have this tool build the CLI script.

 

 

Step 1:   Start this GUI tool

Step 2:   Use the bottom search box to "find" a keyword for the item you wish to update.

Step 3:   Select the object, and right click to WRITE to this object.

Step 4:   View the top part of the GUI tool, and you will see the CLI line created with the EXISTING values 

Step 5:   Copy this CLI line from the GUI tool, to notepad++ or a new file on Linux host.

Step 6:   Test your new CLI script.

Step 7:   Make a duplicate of your CLI script, and change the key word of "write" to read" and remove any extra "value" from this line.     You now have a proper query of the current state.     If the state of the object says "reload-required", then submit a "reload" command or restart the J2EE services.

Step 8:  Submit reload   

 

 

 

Scripts created by the jboss-cli.sh GUI tool:

 

 

/subsystem=security/security-domain=iam_im-imobjectstoredb/authentication=classic/login-module=com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin/:write-attribute(name=module-options,value={"userName" => "IDM","password" => "{PBES}:B8+4u/F3aiZ9sXus6HyDNA==","managedConnectionFactoryName" => "jboss.jca:name=iam/im/jdbc/jdbc/objectstore,service=NoTxCM"})


/subsystem=security/security-domain=iam_im-imtaskpersistencedb/authentication=classic/login-module=com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin/:write-attribute(name=module-options,value={"userName" => "IDM","password" => "{PBES}:B8+4u/F3aiZ9sXus6HyDNA==","managedConnectionFactoryName" => "jboss.jca:name=iam/im/jdbc/jdbc/archive,service=NoTxCM"})


/subsystem=security/security-domain=iam_im-imworkflowdb/authentication=classic/login-module=com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin/:write-attribute(name=module-options,value={"userName" => "IDM","password" => "{PBES}:B8+4u/F3aiZ9sXus6HyDNA==","managedConnectionFactoryName" => "jboss.jca:name=jdbc/WPDS,service=LocalTxCM"})


/subsystem=security/security-domain=iam_im-imarchivedb/authentication=classic/login-module=com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin/:write-attribute(name=module-options,value={"userName" => "IDM","password" => "{PBES}:B8+4u/F3aiZ9sXus6HyDNA==","managedConnectionFactoryName" => "jboss.jca:name=iam/im/jdbc/jdbc/archive,service=NoTxCM"})

 

/subsystem=security/security-domain=iam_im-imauditdb/authentication=classic/login-module=com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin/:write-attribute(name=module-options,value={"userName" => "IDM","password" => "{PBES}:B8+4u/F3aiZ9sXus6HyDNA==","managedConnectionFactoryName" => "jboss.jca:name=iam/im/jdbc/auditDbDataSource,service=LocalTxCM"})

 

/subsystem=security/security-domain=iam_im-imreportsnapshotdb/authentication=classic/login-module=com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin/:write-attribute(name=module-options,value={"userName" => "IDM","password" => "{PBES}:B8+4u/F3aiZ9sXus6HyDNA==","managedConnectionFactoryName" => "jboss.jca:name=iam/im/jdbc/jdbc/reportsnapshot,service=NoTxCM"})

 

 

To read current values, replace these scripts "write" with a "read:

 


/subsystem=security/security-domain=iam_im-imarchivedb/authentication=classic/login-module=com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin/:read-attribute(name=module-options)

 

/subsystem=security/security-domain=iam_im-imauditdb/authentication=classic/login-module=com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin/:read-attribute(name=module-options)

 

/subsystem=security/security-domain=iam_im-imreportsnapshotdb/authentication=classic/login-module=com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin/:read-attribute(name=module-options)

 

/subsystem=security/security-domain=iam_im-imobjectstoredb/authentication=classic/login-module=com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin/:read-attribute(name=module-options)

 

/subsystem=security/security-domain=iam_im-imtaskpersistencedb/authentication=classic/login-module=com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin/:read-attribute(name=module-options)

 

/subsystem=security/security-domain=iam_im-imworkflowdb/authentication=classic/login-module=com.netegrity.jboss.datasource.PicketBoxPasswordEncryptedLogin/:read-attribute(name=module-options)

 

 

 

 

To update the password, use the IM PasswordTool, under IAM_SUITE/tools sub-folder

   - Ensure you change folders to this folder, to ensure encryption libraries are located. 

             - /opt/CA/IdentityManager/IAM_Suite/IdentityManager/tools/PasswordTool

             - Avoid this error:  "Error: Could not find or load main class com.netegrity.rtl.jce.JSafeTools"

   -  Execute with the -JSAFE option to get the PBES (password-based-encryption-standard) format.

 

 

Copy this NEW encrypted format with the leading {PBES} and the trailing double equal signs ==

    -  After updating, execute a "reload" command if the attribute has a "process-state"  => "reload-required"

    -  Wait 1-2 minutes, for the reload to complete, then execute the query string to see if the value is loaded fine.

 

 

Monitor the server.log for any other info/warn/error/debug messages.

 

 

Cheers,

 

A.

Outcomes