Page History

...

There might be situations when users lock the door behind them and throw away the key to access the JOC Cockpit, for example:

• if JS7 - Identity Services are used that are based on external access to an Identity Provider, such as an JS7 - LDAP Identity Service that is not accessible.
• if a misconfiguration occurs that prevents an Identity Service from authenticating and/or authorizing a user account, for example due to missing permissions.

...

The Rescue Script is available to administrators with access to the server for which the JOC Cockpit is operated on.

Identify the JOC Cockpit Installation Directory

JOC Cockpit by default is installed:

• for Unix to in the
  • installation directory: /opt/sos-berlin.com/js7/joc
• for Windows to in the
  • installation directory:  Program Files\sos-berlin.com\js7\joc

...

• For Unix execute the command
  • ps -ef | grep js7 or ps -ef | grep joc
  • This should return processes related to JS7. The process in question includes the characters "joc" and should indicate its installation directory.
• For Windows use the Task Manager to identity a process with the name 
  • js7_joc.exe
  • Adding the "command line" column to the display of processes with the Task Manager should present reveal the installation directory.

...

./joc_install_tables.sh -rescue

Notes:

• Consider Note that the Rescue Script requires the java executable to be included in the directories specified by your PATH environment variable.
• If in doubt then identify the location of your Java JDK or JRE and execute for example:
  • PATH=$PATH:/usr/lib/java/jdk/bin
  • provided that your java executable is located in /usr/lib/java/jdk/bin

...

joc_install_tables.cmd -rescue

Notes:

• Consider that the The Rescue Script requires the java.exe executable to be included in the directories specified by your PATH environment variable.
• If in doubt then identify the location of your Java JDK or JRE and execute for example
  • set PATH=%PATH%;C:\Program Files\Java\jdk\bin
  • provided that your java.exe executable is located in C:\Program Files\Java\jdk\bin

...

• The Rescue Script acts on the JS7 - Database and works independently from the fact that of whether or not the JOC Cockpit is started or not.
• The Rescue Script:
  • disables any existing Identity Services,
  • adds an Identity Service of type JOC with the name JOC-RESCUE,
    • adds an administrative role for full access to JOC Cockpit with the name all to the Identity Service,
    • adds a user account with the name root and the password root to the Identity Service.

With After the Rescue Script being has been executed you can login to JOC Cockpit by specifying the following credentials:

...

After login you should find:

• a new Identity Service JOC-RESCUE being is active:
  • the this Identity Service includes a single user account root with the all role that is granted full permissions
• any previously configured Identity Services being are disabled.

This is the perfect point in time to reconfigure the offending Identity Service(s) that prevented users from login.

• Consider to Only enable the offending Identity Service(s) after having reworked the respective their configuration.
• It is recommended to make that Identity Services are made optional during the repair phase and not to use required Identity Services.

Then try to login to JOC Cockpit by using accounts specified from for the repaired Identity Service(s).

...

• Deleting the Identity Service includes:
  • to delete deleting the user account root from the Identity Service (other Identity Services still can use a user account with this name that which is local to the Identity Service),
  • to delete deleting the all role of the Identity Service,
  • to delete deleting the Identity Service configuration.

...