How do the CA Single Sign On custom sdk API agents get updated agent keys from the doManagement call function?
Article ID: 38327
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
How do the CA Single Sign-On custom SDK API Agents get updated agent
keys from the doManagement call function ?
Environment
SDK Agent all version on Windows/Linux/Unix
Resolution
Agent keys are used to encrypt CA Single Sign-On cookies that may be
read by all agents in a single sign-on environment, and are shared by
all agents in a single sign-on environment, since each agent must be
able to decrypt cookies encrypted by the other agents. Agent keys are
managed by the Policy Server, and distributed to the agents by agent
requests.
- The API communicates with SiteMinder server automatically every 30
seconds to check to see if it needs to check for new Agent keys by
default.
- If the Agent key is too old,it can perform a domanagement call.
- If the Agent key is not that old. it will not perform a domanagement
call.
- If you do not have any Agent keys at all, it will not perform a
domanagement call.
- In Agent key roll over is performed, you should get new keys sent
within 30 seconds via the domanagement call.
- It might take 2-3 minutes to actually update in the Sdk Api custom
agent through the network, etc
- If it takes longer than roughly 3 minutes to update the agent key
due to network problems or time sync issues etc , you might have to
restart each custom sdk api agent
Additional Information
For additional information on Agent keys, you refer to this link
Agent Keys Introduced
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-01/administrating/manage-encryption-keys/agent-keys-introduced.html
Feedback
Yes
No
Powered by
