search cancel

Why is the encrypted admin password is different for each policy server?


Article ID: 38261


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



The AdminPW for the policy store defined in the sm.registry is different between servers. However, they can all connect to the policy store. The value stored in the

sm.registry file is encrypted with the encryption key entered at installation time and that key should be the same for all servers that share a policy store.


Why the encrypted admin password is different for each policy server?




If it was the same password on every server it would be a security violation because you would compare hash values. 

Encoding would just substitute a value for another value encrypting is the actual obfuscating the actual value so it can't be discovered. 

The reason is every policy server environment has the same encryption key. However the hash value can look different.

The reason being they are encrypted and not encoded. The same would apply to the admin directory password” "adminpassword" 

If the password is the same, shouldn't the encrypted/hashed value be the same also? The answer to this is no. 

Before encryption, the key is prefixed with one block of random characters to avoid 

Identical cipher-text when the same value is encrypted several times.

Additional Information:







Component: SMSSO