How to reset suite-admin password from DB

  • Document ID:KM03604064
  • Creation Date:28-Feb-2020
  • Modified Date:28-Feb-2020
    • Micro Focus Products:
      service management automation

This document has not been formally reviewed for accuracy and is provided "as is" for your convenience.

Summary

In case that the suite admin user password gets lost and needs a reset, it is possible to modify it directly from the DB.

Reference

Problem Description:

This will help us to avoid uninstalling the whole suite when the suite-admin user gets corrupted or you forgot it

Cause:

Suite-admin user corrupted or password lost.

Resolution:

It is important to understand the you can use the following logs to identify problems with that user:

You can see in the idm logs the following messages when trying to login:

  • 2019-12-27T11:01:45.660-0600 ERROR [https-jsse-nio-8443-exec-8] com.hp.ccue.identity.seeded.DBSeededAuthenticationProvider  - User account suite-admin is locked
  • 2019-12-27T11:09:36.197-0600 ERROR [https-jsse-nio-8443-exec-1] com.hp.ccue.identity.service.IdentityServiceImpl  - Authentication failure for suite-admin in sysbo

 

So, if you have troubles entering the Service Management Automation Suite Administration, also known as BO, you do the following to get more information about why we are not able to login:

  • kubectl get pods --all-namespaces | grep idm

Example output:

[root@ult01vm0308 ~]# kubectl get pods --all-namespaces | grep idm

core          idm-b7d57596f-dhghm                                  2/2     Running     0          24m

core          idm-b7d57596f-vflsb                                  2/2     Running     0          23m

itsma-jbwtq   idm-769f7959bd-4hj89                                 2/2     Running     0          2m59s

 

  • Now run the following to tail the idm log and identify what is the message received during the login process:
    • kubectl logs idm-769f7959bd-4hj89 -n itsma-jbwtq -c idm -f
    • This will keep tailing the logs and you will be able to get messages like:
      • 2019-12-27T11:01:45.660-0600 ERROR [https-jsse-nio-8443-exec-8] com.hp.ccue.identity.seeded.DBSeededAuthenticationProvider  - User account suite-admin is locked
      • 2019-12-27T11:09:36.197-0600 ERROR [https-jsse-nio-8443-exec-1] com.hp.ccue.identity.service.IdentityServiceImpl  - Authentication failure for suite-admin in sysbo
  • If for some reason the password is not getting updated or the account remains locked, you can modify it directly in the DB doing the following:
  • Login to the pgAdmin or postgresql console.
  • Search for the idm DB and the table database_user and set the fields as this for the suite-admin user:
    • password='D9+T/1Khc6LmT9tLhwyJ8oFsIReGsQEzrkXW+pjHGPY='
    • salt='Zdgxptm0OnwjJEFgL5MQeWbNJ9aThG/SyIvCvvuUI+E='
    • password_expired_date=NULL
  • On console you can use:

update database_user set password='D9+T/1Khc6LmT9tLhwyJ8oFsIReGsQEzrkXW+pjHGPY=', salt='Zdgxptm0OnwjJEFgL5MQeWbNJ9aThG/SyIvCvvuUI+E=' where name='suite-admin';”

update database_user set password_expired_date=NULL where name='sysadmin';

  • On this case 'D9+T/1Khc6LmT9tLhwyJ8oFsIReGsQEzrkXW+pjHGPY=' is the encrypted password for “Admin_1234”
  • Save the changes is you are on PGAdmin and test again, you should be able to login using the "Admin_1234" password for suite-admin user.

 

Environment:

Tested on 2019.11.