How to change R12 behavior when a empty persistent key is present in the key store?

book

Article ID: 50872

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

In 6x version of SiteMinder, if the policy server is not able to decrypt the persistent key using the policy store key, it will use empty persistent key to encrypt the data and will not fire an error message. An additional check has been added to the R12 version and it will return an error if it fails to decrypt the persistent key.

[ERROR] Failed to decrypt persistent key

Solution:

In order to get the R6 like functionality in R6 i.e. Policy Server should allow using the empty persistent key a Registry Key has been introduced.

If this registry key is set, no check will occur and 6.x functionality will be maintained.
REGISTRY KEY:
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\ObjectStore
DWORD key: AllowEmptyEncKey
Value: 1

Environment

Release:
Component: SMPLC