copyright: years: 2024 lastupdated: "2024-05-23"

Unable to login in IBM RPA with UMS

You are unable to login to the IBM RPA Control Center and IBM RPA Studio or the admin credentials fail to log in.

Symptoms

  • Inability to login to the product's components.
  • Unauthorized response in internal calls.
  • Inability to login using admin credentials within the UMS server.

Resolving this issue

To address the login issues, ensure that the Basic Registry is correctly configured. This is crucial because the UMS server operates with at least two user registries: the basic registry and one or more identity provider user registries.

  1. Open the Server.xml file in C:\ProgramData\IBM Robotic Process Automation\servers\umsServer and check for the following content:

    <basicRegistry id="basicRegistry" ignoreCaseForAuthentication="true">
    <user name="${admin.user}" password="${admin.password}" />
</basicRegistry>

  2. Open the umsVariables.xml file in C:\ProgramData\IBM Robotic Process Automation\servers\umsServer\configDropins\overrides and check for the following content:

    <variable name="admin.user" value="admin" />
<variable name="admin.password" value="{xor}LS8+Lz4sLChvLTs=" />

  3. Open the openLDAPFedrated.xml file in C:\ProgramData\IBM Robotic Process Automation\servers\umsServer\configDropins\overrides and check for the following content:

    <server>

    <featureManager>
        <feature>ldapRegistry-3.0</feature>
    </featureManager>

    <ldapRegistry><!-- your ldap registry info /--></ldapRegistry>
    <federatedRepository id="vmm">
        <primaryRealm name="o=defaultWIMFileBasedRealm">
            <participatingBaseEntry name="o=BasicRegistry"/>
            <participatingBaseEntry name="dc=rpa,dc=ibm,dc=com"/>
            <!-- Make sure both basic registry and your DC are both here, you may use the same value from the baseDN from your ldapRegistry configuration-->
        </primaryRealm>

        <extendedProperty dataType="String" name="externalId" entityType="Group"></extendedProperty>
        <extendedProperty dataType="String" name="externalId" entityType="PersonAccount"></extendedProperty>
        <extendedProperty dataType="String" name="serialnumber" entityType="PersonAccount"></extendedProperty>
        <extendedProperty dataType="String" name="locationCity" entityType="PersonAccount"></extendedProperty>
        <extendedProperty dataType="String" name="alternateTelephoneNumber" entityType="PersonAccount"></extendedProperty>
        <extendedProperty dataType="String" name="countryShort" entityType="PersonAccount"></extendedProperty>
        <extendedProperty dataType="String" name="callupName" entityType="PersonAccount"></extendedProperty>
        <extendedProperty dataType="String" name="country" entityType="PersonAccount"></extendedProperty>
        <extendedProperty dataType="String" name="department" entityType="PersonAccount"></extendedProperty>
        <extendedProperty dataType="String" name="countryCode" entityType="PersonAccount"></extendedProperty>
        <extendedProperty dataType="String" name="isManager" entityType="PersonAccount"></extendedProperty>
        <extendedProperty dataType="String" name="jobresponsibilities" entityType="PersonAccount"></extendedProperty>
        <extendedProperty dataType="String" name="notesId" entityType="PersonAccount"></extendedProperty>
        <extendedProperty dataType="String" name="preferredIdentity" entityType="PersonAccount"></extendedProperty>
    </federatedRepository>

</server>

Procedure

Sometimes, the identity provider registry already includes an admin account. You must ensure that the admin account does not conflict with the UMS admin account.

See the following steps to solve this issue:

  1. Change the admin.user value to a unique identifier such as adminUMS.

    <variable name="admin.user" value="REPLACE_THIS_VALUE" />
<variable name="admin.password" value="{xor}LS8+Lz4sLChvLTs=" />

  2. Update the Authenticate.config file in IBM RPA server using PowerShell to decrypt and modify the necessary credentials.

    $ApiPath = "C:\\Program Files\\IBM Robotic Process Automation\\IBM Robotic Process Automation Server\\Api"

$AuthenticationDLLPath = Join-Path -Path $ApiPath -ChildPath "bin\\WDG.Automation.Authentication.dll"

$RegiisFolderPath = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319"

Set-Location $RegiisFolderPath
Copy-Item -Path $ConfigurationEditorDLLPath -Destination $RegiisFolderPath
Copy-Item -Path $AuthenticationDLLPath -Destination $RegiisFolderPath
.\aspnet_regiis.exe -pdf "wdg.auth" $ApiPath

  3. Go to C:\\Program Files\\IBM Robotic Process Automation\\IBM Robotic Process Automation Server\\Api\\Authenticate.config file and replace the username and password attribute values for the umsSettings tag.

    <umsSettings
[…]
userName="ADMIN_USER"
password="YOUR_PASS"
[…]/>