Description:
I am tuning the Policy Server and in the document it says:
"It is recommended that the TCP Idle Session Timeout be set to 60% of the idle timeout of any stateful device(s) to ensure that the Policy Server s timeout occurs first;"
I am running Policy Server on SunOS and in the sm.registry file I have changed "Tcp Idle Session Timeout" parameter under:
"HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer" Tcp Idle Session Timeout= 0x40; REG_DWORD
But I note that this parameter is defined under other branches as well and I want to know what are they used for? Should their value be changed also?
"HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Accounting" "Tcp Idle Session Timeout"
"HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Administration" "Tcp Idle Session Timeout"
"HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Authentication" "Tcp Idle Session Timeout"
"HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Authorization" "Tcp Idle Session Timeout"
Solution:
In SiteMinder 5.x and older there used to 4 different process in SiteMinder Policy Server: 1.Authentication, 2. Authorization, 3. Accounting and 4. Administration. But in SiteMinder R6 and above there is only one process which listens on different ports.
So the entry in sm.registry:
"HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Accounting" "Tcp Idle Session Timeout" "HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Administration" "Tcp Idle Session Timeout" "HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Authentication" "Tcp Idle Session Timeout" "HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Authorization" "Tcp Idle Session Timeout"
correspond to the old 5.x which is no longer in use.
Only one under:
"HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer"
is currently used in R6 and above.