search cancel

When installing CA Secure Gateway (formerly Secure Proxy Server) What is the "Master Key for Policy Server' ?

book

Article ID: 42214

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Introduction: 

During the install of the CA Secure Gateway (formerly CA Secure Proxy Server) one of the screens presented on install is one asking to "Enter the Master Key for Policy Server".

<Please see attached file for image>

MasterKey.png

 

Question: 

What is the "Master Key for Policy Server' ?

Environment:  

All (windows, linux, solaris)

Answer: 

There is some confusion as the policy server key that first comes to mind is the one that is stored in EncryptionKey.txt on the policy server, as this is the key used to encrypt sensitive data stored in the policy store and in the registry - this is not that key.

This key is the Session Assurance Master Key, which is used by the RiskMinder service which (since R12.52) is installed on default install of the Policy Server and the CA Secure Gateway.  So when you install either the Policy Server or the CA Secure Gateway you will be asked for this key.

The key that you enter on install of the CA Secure Gateway must match the one you entered when installing the Policy Server.  You can change this key by re-running the install process, selecting no entries and then you will be re-prompted for the new Session Assurance Master Key value. 

 

Additional Information:

 

How to Configure Enhanced Session Assurance with DeviceDNA(tm)
https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/configuring/policy-server-configuration/enhanced-session-assurance-with-devicedna

 

Environment

Release: ETRSBB99000-12.52-SiteMinder-B to B
Component:

Attachments

1558721733700000042214_sktwi1f5rjvs16w63.png get_app