Issues with KeyMarker: 4 while importing Agent keys

book

Article ID: 4552

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We are upgrading Siteminder from R12.0 SP3 to R12.52 SP1 CR04 version and also the platform from Solaris to Linux.

We did export the Agent Keys successfully from Solaris environment and also copy the EncryptionKey.txt file from Solaris to Linux Platform.

While Importing the Agent Keys into the New Environment we were facing issues with one Agent Key.

We drill down the problem to a specific Agent Key and found that it is the KeyMarker: 4 that is causing the issue:

 

Unable to decrypt AgentKey key from import file using policy store / key store key. Aborting..

Fatal Error: Failed initialization.

 

We would like to know what the KeyMarker: 4 represents and why it is causing above reported issue.

Cause

The Keymarker 4 is the static key.

So, if you use dynamic keys, then the static key is not used, and so the keymarker 4 will not be used anywhere.

 

If you use static key, then all 4 keys will have the same value.

Environment

Siteminder 12.52 SP1 CR4

Resolution

Solution would be to change R12 to static key via the AdminUI and then run export in order to have both environment running with the same keys.