Quote Originally Posted by stevewdj View Post
On 4/24/19 5:34 AM, marcus jonsson wrote:
>
> Hi all!
>
> Running Identity Governance 3.5.1 (Tocmat 9.0.17,
> zulu8.31.0.1-jdk8.0.181, MS SQL 2017) on server 1 with OSP (6.3.1
> 2019-01-04T18:57:40Z) on IDM 4.7.2 on server 2.
>
> Following the documentation, I have set Bootstrap Admin to
> cn=uaadmin,ou=sa,o=data and Authentication Source to Identity Vault in
> configutil.sh.
>
> I can login to IDGov, but no menu options are shown. In the
> catalina.<date>.log file I see the following:
> com.netiq.iac.server.j2ee.AuthFilter matchUser - [IG-SERVER] User
> Identity Applications (cn=uaadmin,ou=sa,o=data) is authenticated, but
> cannot access the Identity Governance application. The following
> attributes for matching users are not configured as searchable. Users
> will not be able to log in until at least one of these attributes is
> made searchable: dn
>
> I see no other error messages in the catalina logs.
>
> How can I resolve this issue?
>
> Best regards
> Marcus
>
>

Greetings,

1.a) The Bootstrap Admin does not have to the vault when using IDM. The
only time they have to be in the Vault is when you are using SAML or
OAuth from NAM instead of OSP (with this last one that is not possible
since you appear to want to SSO with IDM 4.7).

1.b) When you do put the bootstrap admin in the Vault, it should not be
a user that you will want to user later as a global admin. So using
uaadmin is not recommended. I always create another system account
account in the Vault.


2) Based upon what you have outlined, please open a Service Request with
Support so that I can get certain information from your install and like
that should not be shared on the Forums.



--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
Hi Steven!

1.a) Ok, I think the documentation is a bit weak on this point then. Look at https://www.netiq.com/documentation/.../b19v78jn.html and search for "igadmin" and it seems to apply to using OSP with Identity manager.

1.b) Agreed, uaadmin was used for testing only.

2) SR opened now

Thank you.

Best Regards
Marcus