How do the CA Single Sign On custom sdk API agents get updated agent keys from the doManagement call function?

book

Article ID: 38327

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction


How do the CA Single Sign-On custom SDK API Agents get updated agent

keys from the doManagement call function ?

Environment


SDK Agent all version on Windows/Linux/Unix

Resolution


Agent keys are used to encrypt CA Single Sign-On cookies that may be

read by all agents in a single sign-on environment, and are shared by
all agents in a single sign-on environment, since each agent must be
able to decrypt cookies encrypted by the other agents. Agent keys are
managed by the Policy Server, and distributed to the agents by agent
requests.

- The API communicates with SiteMinder server automatically every 30
  seconds to check to see if it needs to check for new Agent keys by
  default.

- If the Agent key is too old,it can perform a domanagement call.

- If the Agent key is not that old. it will not perform a domanagement
  call.

- If you do not have any Agent keys at all, it will not perform a
  domanagement call.

- In Agent key roll over is performed, you should get new keys sent
  within 30 seconds via the domanagement call.

- It might take 2-3 minutes to actually update in the Sdk Api custom
  agent through the network, etc

- If it takes longer than roughly 3 minutes to update the agent key
  due to network problems or time sync issues etc , you might have to
  restart each custom sdk api agent

Additional Information


For additional information on Agent keys, you refer to this link


Agent Keys Introduced
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-01/administrating/manage-encryption-keys/agent-keys-introduced.html