Can I export the Session Keys between my environments?

book

Article ID: 33224

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Question

I am trying to export Siteminder R12.52 Agent Keys and Session Keys from one environment and import them into a new environment. 

I used the smkeyexport command ti export the keys. When I open the output file (.smdif) I see 4 agent keys but no session key. The other key that shows up in the file is the persistent key. 

Is this key the same as the session key? Is there a different commend to export the session. I have searched the siteminder bookshelf but did not find anything specifc to exporting session key.

 

Answer

No, Session Key and Persistent Key/Session Ticket Key are NOT same. 

Session Keys- used to encrypt traffic to/from the PS

Session Ticket Keys/Persistent Key - used by PS to encrypt session and identity specs

Session Keys are NOT stored in the policy store. They are auto generated using some seed.

While operating in FCC Compat Mode, it uses RC4-128 bit cipher (Session Keys) to encrypt traffic between Policy Server and Web Agent.

While operating in FCC Migration Mode or FIPs Only Mode, it uses AES-128 bit cipher to encrypt traffic between Policy Server and Web Agent.

 

Environment

Release:
Component: SMPLC