Password policy data consideration when Upgrading Siteminder
Article ID: 38200
CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
When upgrading Siteminder Environment, we'd like to know if it is possible to lose my Password Policy Data from the User Directory ?
Policy Server all versions
If you have Password Policies and in the process of Upgrading your Siteminder Environment, below what you need to consider:
- When configuring a Password policy for a User Directory, you need to specify an attribute on the directory where Siteminder can store their Password Data (PasswordBlob)
- The password data contains the user tracking details (last logon ,password changes ....) and is created as data Blob which is encrypted by a session key
- This session key is stored within the key store along with the Agent keys .
- The session key value is encrypted by the Policy server encryption key by Default.
When you upgrade to a newer Siteminder Release ,you need to consider the below :
- Make sure to Migrate your Session Key to the new Environment with the new Environment having the same Encryption key of the policy server as the old one otherwhise your Policy server will not be able to read the session Key to decrypt the Password data blob
- IF you need to change your Encryption Key for the New Policy server ,you need to export your Session Key from the Old environment key store in clear text so you can set it up the same on the new Environment
you can use the smkeyexport tool to export the session key in clear text as indicated below