Confirm / Change Provisioning Server Callback Shared Secret (Identity Manager)
search cancel

Confirm / Change Provisioning Server Callback Shared Secret (Identity Manager)

book

Article ID: 33309

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

This doc will walk you through how to confirm / change your provisioning server callback shared secret.

Environment

Release:
Component: IDMGR

Resolution

First we need to configure pwdtools.bat

  • Go to: CA\im\iam suite\im\tools\passwordtool
  • Right click on the bat file and configure the %JAVA_EXE% Attribute.
  • Example: SET JAVA_EXE=C:\Java\jdk1.6.0_45\jre\bin\java.exe

 

Next we need run the pwdtools.bat.Open up CMD and map it to the location of pwdtools.bat

  • To create a FIPS key file  pwdtools -FIPSKEY -k <FIPS key file location>  [-f <param_file>]
  • To add a FIPS key  pwdtools -FIPSKEY -add  [-f <param_file>]
  • To encrypt a plain text value using non FIPS (PBES) algorithm  pwdTools -JSAFE -p <plain text>  [-f <param_file>]
  • To encrypt a shared secret using PBES algorithm and save it  pwdTools -JSAFEKEY -p <shared_secret>  [-f <param_file>]
  • To encrypt a plain text using FIPS key file  pwdTools -FIPS -p <plain text> -k <FIPS key file path> [-f <param_file>]
  • To encrypt a plain text value using non FIPS (RC2) algorithm pwdTools -RC2 -p <plain text> [-f <param_file>]

 

In this example we are going to compare our current password values.

execute the following command:

pwdTools -JSAFE -p password1

 

Results:

     Plain Text: password1

     Encrypted value: {PBES}:WQf3wza4JfYe3zPI8zcveQ==

 

Now lets compare it to our encrypted value for provisioning server callback.

Go to: \iam_im.ear\custom\identitymanager and open up the systemWideProperties.properties file.

Within that file you will notice the IMeTASharedSecret take the encrypted value created by pwdtools and compare it to the existing code.

Should you want to change that password. Simply take the encrypted value that you created and replace it in this file.

 

NOTE: Should you have FIPS enabled this value may be blank as FIPS encryption is configured during installation. Should you have any password problems with FIPS make sure that you are using the same FIPS key for all IM component installs. You will have to uninstall any questionable or all components and re-install them with the same key. This is the only solution.