local/admin cannot access the AA Administrative Portal - wrong chain assignment

  • Document ID:7025151
  • Creation Date:11-Jun-2021
  • Modified Date:16-Jun-2021
    • Micro Focus Products:
      Advanced Authentication

Environment

Advanced Authentication 6.x

Situation

Unable to login to Advanced Authentication Administrative Portal as local\admin after changing the chains assigned to the AdminUI event.

Resolution

If the Password Only chain was removed for the AdminUI event, you can restore access to the Administrative Portal by following the instructions below:
Note: It’s strongly recommended to create a snapshot before following the steps.
 
1. Get Event ID for the AdminUI event:
docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT id from event WHERE name='AdminUI';"
 
2. Get Chains assigned to the AdminUI event:
docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT * from event_logon_chain WHERE event_id='REPLACE BY EVENT ID FROM STEP 1';"
Please take a look at the number of rows at the bottom.
 
3. Get Chain ID for the Password Only chain:
docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT id, name, methods from logon_chain WHERE name='Password Only';"
 
4. Add the Password Only chain to the AdminUI event:
docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "insert into event_logon_chain (event_id, logon_chain_id, position, row_ver) values ('REPLACE BY EVENT ID FROM STEP 1', 'REPLACE BY CHAIN ID FROM STEP 3', 'REPLACE BY NUMBER OF ROWS FROM STEP 2', '2020-12-08 00:00:00.00000');"
 
This should add the chain to the next row.

The below steps are optional and can be used to remove the wrong chain from the AdminUI event:
 
5. Get the complete list of chains
docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT id, name, methods from logon_chain"
Find id of a chain that needs to be removed.
 
6. Delete the wrong chain from the AdminUI event:
docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "DELETE from event_logon_chain WHERE logon_chain_id='REPLACE BY CHAIN ID FROM STEP 5' AND event_id='REPLACE BY EVENT ID FROM STEP 1';"


Cause

The Password Only chain is used by members of the LOCAL repository. The members of the LOCAL repository do not have the LDAP Password method.

Additional Information

If local\admin cannot access the AA Administrative Portal because of the expired password, use the TID 7022003
If the password lost or forgotten, use the TID 7023511.