Confirm / Change Provisioning Server Callback Shared Secret (Identity Manager)
search cancel

Confirm / Change Provisioning Server Callback Shared Secret (Identity Manager)


Article ID: 33309


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On


This doc will walk you through how to confirm / change your provisioning server callback shared secret.


Component: IDMGR


First we need to configure pwdtools.bat

  • Go to: CA\im\iam suite\im\tools\passwordtool
  • Right click on the bat file and configure the %JAVA_EXE% Attribute.
  • Example: SET JAVA_EXE=C:\Java\jdk1.6.0_45\jre\bin\java.exe


Next we need run the pwdtools.bat.Open up CMD and map it to the location of pwdtools.bat

  • To create a FIPS key file  pwdtools -FIPSKEY -k <FIPS key file location>  [-f <param_file>]
  • To add a FIPS key  pwdtools -FIPSKEY -add  [-f <param_file>]
  • To encrypt a plain text value using non FIPS (PBES) algorithm  pwdTools -JSAFE -p <plain text>  [-f <param_file>]
  • To encrypt a shared secret using PBES algorithm and save it  pwdTools -JSAFEKEY -p <shared_secret>  [-f <param_file>]
  • To encrypt a plain text using FIPS key file  pwdTools -FIPS -p <plain text> -k <FIPS key file path> [-f <param_file>]
  • To encrypt a plain text value using non FIPS (RC2) algorithm pwdTools -RC2 -p <plain text> [-f <param_file>]


In this example we are going to compare our current password values.

execute the following command:

pwdTools -JSAFE -p password1



     Plain Text: password1

     Encrypted value: {PBES}:WQf3wza4JfYe3zPI8zcveQ==


Now lets compare it to our encrypted value for provisioning server callback.

Go to: \iam_im.ear\custom\identitymanager and open up the file.

Within that file you will notice the IMeTASharedSecret take the encrypted value created by pwdtools and compare it to the existing code.

Should you want to change that password. Simply take the encrypted value that you created and replace it in this file.


NOTE: Should you have FIPS enabled this value may be blank as FIPS encryption is configured during installation. Should you have any password problems with FIPS make sure that you are using the same FIPS key for all IM component installs. You will have to uninstall any questionable or all components and re-install them with the same key. This is the only solution.


If you have any further password questions or concerns please open a CA Support Ticket.