About The Policy Server encryption key (EncryptionKey.txt)
In infrastructures where several web-agents communicate with common shared Policy servers and where SiteMinder policy-stores are replicated, it is mandatory that all such Policy servers should use a common Policy server Encryption key so that they may decipher and use the shared policy-store data.
How to Reset/Change/Update the Policy server encryption key
Once a SiteMinder Policy Server encryption key is defined during installation, the clear text encryption key value cannot be retrieved. If a reset of the Policy server encryption key is required, the "smreg" command-line tool can be used to overwrite the old key value. To ensure that sensitive information in the SiteMinder Policy store that is encrypted with the current encryption key is not lost when the Policy server encryption key is reset; the following steps must be carried out:
smobjexport -o<output text-file name> -c -d<SiteMinder admin ID> -w<SiteMinder admin password> -v -t(Note the lack of spaces between parameters and values. Also note that the SiteMinder admin ID has the have the rights to manage the entire Policy store - for e.g., the default global admin ID, "SiteMinder".)
smreg -key <new encryption key value>(Note the space between the parameter and value. Also note that the "smreg" tool is not automatically installed into the <SiteMinder install root> directory because the tool is considered sensitive. The tool is located on the SiteMinder CD-ROM installation image under the "/Tools" directory. However, SiteMinder Policy server service-packs may contain updates to this tool. Therefore using the latest version of the tool supplied with the service pack is highly recommended.)
smobjimport -i<input text-file name> -f -c -d<SiteMinder admin ID> -w<SiteMinder admin password> -v -t(Note the lack of spaces between parameters and values. Also note that the SiteMinder admin ID has the have the rights to manage the entire Policy store - for e.g., the default global admin ID, "SiteMinder".)