SSO between CA Siteminder platforms

book

Article ID: 194377

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a Web Agent in mixed Policy Server version environment
and the Policy Server fails to validate session and reports error :

  status: Not Validated. Invalid key in use

How can we fix that ?

 

Cause

 

You have cloned the Key Store to the second environment. But
infortunatly, the persistent key value in the new Key Store is empty :

  [[email protected]] siteminder # grep "Key:" key1252.txt
  PersistentKey: id25Xtjq7kuoPt62HlYygoXRjasdasWws

  [[email protected]] siteminder # grep "Key:" key128.txt
PersistentKey:

 

Environment

 

Policy Server 12.8SP3 on RedHat 7;

 

Resolution

 

One way to fix this is :

  1. Manually copy the Persistent Key using ldap browser from the
     12.52 Key Store to the 12.8 Key Store;
  2. Modified the 12.8 Policy Server sm.registry by adding the
     following key: AllowEmptyEncKey = 0x1; REG_DWORD
  3. Restart all the 12.8 policy servers;
  4. Restart Web Agents;