search cancel

SMsession can't be validated cross siteminder instances.

book

Article ID: 188654

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

We are setting up two siteminder nodes which are pointing to two different policy store but shared session store.

The configuration within policy store of both siteminder nodes are almost same , apart from certain host object and aco.

Now we can set up access gateway to create SMsession against each node , and the validation against the same node has no issue. 

But the validation against the other node doesn't work.

The same setup to have different policy store but same session store works on our old production environment. 

And it was design to provide HA and also keep the policy deployment separately.

Environment

Release : 12.8.03

Component : SITEMINDER -WEB AGENT FOR APACHE

Resolution

To make it work - the key store should be shared as well.

Both nodes have to connect to same key store and then re-register all the web agent to make sure the new keys were distributed.