How is Shared Secret generated and is it specific to a machine?

book

Article ID: 51260

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Shared secret value is used for communication between a web agent and a policy server.

The shared secret value is generated by the WebAgent, and then stored in the SmHost.conf file on the WebAgent side, and in the trusted host object on the policy server side.

If your WebAgent is on UNIX, then the hostid of the server is used in the hash of the shared secret. This means that for a UNIX platform any time you move an agent you will be required to register it again. So, SmHost.conf files cannot be moved from one UNIX machine to another.

Shared Secret that gets written in SmHost.conf is generated randomly using the Encryption key stored in <SiteMinder policy server installation>\bin\EncryptionKey.txt and Session key which is encoded with unique hash bits derived from the MAC address of the machine. Thus if Shared Secret is ported to a different machine, it would not work.

Environment

Release:
Component: SMPLC