URL "http://<host>:<port>/idm/admin" brings "Service is down" message (IdM 7.2)
I need your help again, another "little" problem just won't go away quietly.
It's pretty simple really... when I call http://<host>:<port>/idm/admin in our (prod) portal 7.3, I get the following:
What's not right with this picture is, the status of the IdM applications in the NWA look like this:
The NWA clearly thinks, the services are running (except for the one that's not needed). I even stopped and started them several times, but the message just won't change (except when I stopped the IDM Data Source, then I got a nice big error).
1. I know that the action idm_monitoring_administration is needed. It's added to a role named idm.monitoring and that role is assigned to my user.
2. My user has also IdM admin rights.
3. We have a test portal with the same release and SP versions, same action-role-user-combo, same status in the NWA and it's working just fine on that system.
Why is the service down and more important: how do I get it running? Is there another place I need to start something, too? I read the doc Installing and configuring the Identity Management User Interface (page 30 "Access to Monitoring ("Monitoring" tab)" is the thing I'm talking about here) and there is no mention of starting something to use that tab/service.
I just don't know where to look anymore. Help, please.
Steffi Warnecke replied
so I'm back with more news.
Indeed I found something in the logs:
No permission to view configuration data at com.sap.idm.jmx.impl.SAP_ITSAM_IDM_Service_ConfigChangeImpl.retrieveGlobalConstants(SAP_ITSAM_IDM_Service_ConfigChangeImpl.java:537)at com.sap.idm.jmx.impl.SAP_ITSAM_IDM_Se...
And another thing, too:
I logged on with the standard "administrator"-account (UME-user) and you won't believe it, that one worked.
Which confuses me even more, because my account has (among others) the superadmin-role and the administrator-role AND is a member of the administrators-group.
So I tested with a simple ume-user, which has just the everyone-role assigned. I gave it the superadmin-role, too and the idm.authenticated and idm.monitoring-role and... that one can call the monitoring-tab, too!
But my LDAP-account with the same rights can't. At least in the prod portal, because in the testsystem it's working. I'm just... -.-
So it IS a problem with the priviledges (yay for the misleading message), but I just don't know WHAT is missing. I even compared my priviledges from test- and prod-portal and everything I have assigned in the testportal I also have assigned in the prod-system.
Has anybody any ideas left? I don't want to log out from the portal and log in with an UME-account just to be able to see that monitoring tab (and I'm pretty sure my colleague thinks like that, too).
After a lot of account copying and testing with UME and LDAP accounts it's safe to say: it's something about my account.
Tried with another LDAP account of mine: works
Copied my LDAP account to a UME account: works
Copied my LDAP account to a test LDAP account: works
Obviously it's nothing general, though I don't understand what's causing this chaos. BUT I have a solution/workaround, so there's that at least.
I'll talk to my colleague next week (who has the same problem) and we'll try to kind of re-create our LDAP accounts, since that seems the way to go here.
Thank you all for your help on this.
Message was edited by: Steffi Warnecke