SSO between CA Siteminder platforms
search cancel

SSO between CA Siteminder platforms

book

Article ID: 194377

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

When running a Web Agent in mixed Policy Server versions environment
and the Policy Server fails to validate session and reports error :

  status: Not Validated. Invalid key in use

 

Environment

 

Policy Server 12.8SP3 on RedHat 7;

 

Cause

 

You have cloned the Key Store to the second environment. But
infortunately, the persistent key value in the new Key Store is empty :

  [smuser@policyserver1252] siteminder # grep "Key:" key1252.txt
  PersistentKey: id25Xtjq7kuoPt62HlYygoXRjasdasWws

  [smuser@policyserver128] siteminder # grep "Key:" key128.txt
  PersistentKey:

 

Resolution

 

One way to fix this is :

  1. Manually copy the Persistent Key using ldap browser from the
     12.52 Key Store to the 12.8 Key Store;
  2. Modified the 12.8 Policy Server sm.registry by adding the
     following key: AllowEmptyEncKey = 0x1; REG_DWORD
  3. Restart all the 12.8 policy servers;
  4. Restart Web Agents;

 

Powered by Wolken Software