How do the CA Single Sign-On custom SDK API Agents get updated agent
keys from the doManagement call function ?
SDK Agent all version on Windows/Linux/Unix
Agent keys are used to encrypt CA Single Sign-On cookies that may be
read by all agents in a single sign-on environment, and are shared by
all agents in a single sign-on environment, since each agent must be
able to decrypt cookies encrypted by the other agents. Agent keys are
managed by the Policy Server, and distributed to the agents by agent
- The API communicates with SiteMinder server automatically every 30
seconds to check to see if it needs to check for new Agent keys by
- If the Agent key is too old,it can perform a domanagement call.
- If the Agent key is not that old. it will not perform a domanagement
- If you do not have any Agent keys at all, it will not perform a
- In Agent key roll over is performed, you should get new keys sent
within 30 seconds via the domanagement call.
- It might take 2-3 minutes to actually update in the Sdk Api custom
agent through the network, etc
- If it takes longer than roughly 3 minutes to update the agent key
due to network problems or time sync issues etc , you might have to
restart each custom sdk api agent
For additional information on Agent keys, you refer to this link
Agent Keys Introduced