Policy store export xml has blank value for user directory password.
search cancel

Policy store export xml has blank value for user directory password.

book

Article ID: 280706

calendar_today

Updated On:

Products

SITEMINDER CA BCS Premier for CA Single Sign-On CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

After new installation of 12.8sp7 policy server,  store export xml does not have user directory password value anymore.

When login new 12.8sp7 admin ui, also saw no password under user directory properties.

Output from "XPSExport store.xml -xb -npass"

<Property Name="CA.SM::UserDirectory.Password" Sensitive="Yes">
<StringValue></StringValue>

Output from "XPSExport store.xml -xb -pass"

<Property Name="CA.SM::UserDirectory.Password" Sensitive="Yes">
<StringValue>{AESKW}xxxxxxx.......</StringValue>

However, a lower version of 12.8.x policy server connects to the same policy store, its clear text store export xml does have user directory password value in it.

The servers are in FIPS COMPAT mode.

Environment

Platform: ALL

Cause

This store export output means password does exist in the policy store, the 12.8sp7 server just can not read/decrypt it. While older 12.8.x server can.

Wrong encryption key was used during installation of 12.8sp7 policy server.

Resolution

Use the same correct encryption key password when installing 12.8sp7 policy server, as the old policy servers did.

Make sure there is only one policy server enabled for key generation in the environment.

Powered by Wolken Software