How do the CA Single Sign On custom sdk API agents get updated agent keys from the doManagement call function?
Article ID: 38327
CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
How do the CA Single Sign-On custom SDK API Agents get updated agent keys from the doManagement call function ?
SDK Agent all version on Windows/Linux/Unix
Agent keys are used to encrypt CA Single Sign-On cookies that may be read by all agents in a single sign-on environment, and are shared by all agents in a single sign-on environment, since each agent must be able to decrypt cookies encrypted by the other agents. Agent keys are managed by the Policy Server, and distributed to the agents by agent requests.
- The API communicates with SiteMinder server automatically every 30 seconds to check to see if it needs to check for new Agent keys by default.
- If the Agent key is too old,it can perform a domanagement call.
- If the Agent key is not that old. it will not perform a domanagement call.
- If you do not have any Agent keys at all, it will not perform a domanagement call.
- In Agent key roll over is performed, you should get new keys sent within 30 seconds via the domanagement call.
- It might take 2-3 minutes to actually update in the Sdk Api custom agent through the network, etc
- If it takes longer than roughly 3 minutes to update the agent key due to network problems or time sync issues etc , you might have to restart each custom sdk api agent
For additional information on Agent keys, you refer to this link