SSO between CA Siteminder platforms
search cancel

SSO between CA Siteminder platforms


Article ID: 194377


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



When running a Web Agent in mixed Policy Server versions environment
and the Policy Server fails to validate session and reports error :

  status: Not Validated. Invalid key in use




Policy Server 12.8SP3 on RedHat 7;




You have cloned the Key Store to the second environment. But
infortunately, the persistent key value in the new Key Store is empty :

  [smuser@policyserver1252] siteminder # grep "Key:" key1252.txt
  PersistentKey: id25Xtjq7kuoPt62HlYygoXRjasdasWws

  [smuser@policyserver128] siteminder # grep "Key:" key128.txt




One way to fix this is :

  1. Manually copy the Persistent Key using ldap browser from the
     12.52 Key Store to the 12.8 Key Store;
  2. Modified the 12.8 Policy Server sm.registry by adding the
     following key: AllowEmptyEncKey = 0x1; REG_DWORD
  3. Restart all the 12.8 policy servers;
  4. Restart Web Agents;