Confirm / Change Provisioning Server Callback Shared Secret (Identity Manager)

book

Article ID: 33309

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Summary: 

This doc will walk you through how to confirm / change your provisioning server callback shared secret.

 

Instructions: 

First we need to configure pwdtools.bat

  • Go to: CA\im\iam suite\im\tools\passwordtool
  • Right click on the bat file and configure the %JAVA_EXE% Attribute.
  • Example: SET JAVA_EXE=C:\Java\jdk1.6.0_45\jre\bin\java.exe

 

Next we need run the pwdtools.bat.Open up CMD and map it to the location of pwdtools.bat

  • To create a FIPS key file  pwdtools -FIPSKEY -k <FIPS key file location>  [-f <param_file>]
  • To add a FIPS key  pwdtools -FIPSKEY -add  [-f <param_file>]
  • To encrypt a plain text value using non FIPS (PBES) algorithm  pwdTools -JSAFE -p <plain text>  [-f <param_file>]
  • To encrypt a shared secret using PBES algorithm and save it  pwdTools -JSAFEKEY -p <shared_secret>  [-f <param_file>]
  • To encrypt a plain text using FIPS key file  pwdTools -FIPS -p <plain text> -k <FIPS key file path> [-f <param_file>]
  • To encrypt a plain text value using non FIPS (RC2) algorithm pwdTools -RC2 -p <plain text> [-f <param_file>]

 

In this example we are going to compare our current password values.

execute the following command:

pwdTools -JSAFE -p password1

 

Results:

     Plain Text: password1

     Encrypted value: {PBES}:WQf3wza4JfYe3zPI8zcveQ==

 

Now lets compare it to our encrypted value for provisioning server callback.

Go to: \iam_im.ear\custom\identitymanager and open up the systemWideProperties.properties file.

Within that file you will notice the IMeTASharedSecret take the encrypted value created by pwdtools and compare it to the existing code.

Should you want to change that password. Simply take the encrypted value that you created and replace it in this file.

 

NOTE: Should you have FIPS enabled this value may be blank as FIPS encryption is configured during installation. Should you have any password problems with FIPS make sure that you are using the same FIPS key for all IM component installs. You will have to uninstall any questionable or all components and re-install them with the same key. This is the only solution.

 

If you have any further password questions or concerns please open a CA Support Ticket.

Environment

Release:
Component: IDMGR