How to modify communication TCP ports for the various SSO components?

book

Article ID: 52557

calendar_today

Updated On:

Products

CA Single Sign-On

Issue/Introduction

Description:

This article is describing how to modify the communication port for the various SSO components.

Solution:

IMPORTANT: This article contains information about modifying the registry.
Before you modify the registry, make sure to create back up of the registry and ensure that you understand how to restore the registry if a problem may occur.
For more information about how to back up, restore, and edit the registry, please review the relevant Microsoft Knowledge Base articles on support.microsoft.com.

In case the default communication port used is not suitable, e.g. because another service is using the same port or maybe due to company policy requirements, it is desirable to have the option to modify the relevant TCP port for the following components:

In the below example 43980 is the new sample value for the relevant communication port.

Adjust this value according to your needs.

Policy Server (listen to Clients):

  • Launch SSO Policy Manager

  • Go to Configuration Resources / Policy Server Settings / Communication

  • Modify
    PortNumber (for non-FIPS communication, e.g. SM6.x)
    SslPortNumber (for FIPS enabled Clients)

  • Alternatively you can also use the following selang commands:
    chres PSCONFIGPROPERTY ("[email protected] ) gen_prop("VALUE") gen_val("43980");
    (for non-FIPS communication, e.g. SM6.x) or
    chres PSCONFIGPROPERTY ("[email protected]") gen_prop("VALUE") gen_val("43980");
    (for FIPS enabled Clients) respectively.

SSO Client (talk):

  • Edit Auth.ini

  • Add the port-number to the relevant hostname, e.g.
    PolicyServers=sso12Server:43980
    (for the Port take into account whether the Client needs to communicate using FIPS)

  • Use the same syntax (hostname:port) also for specifying alternative ports to talk to any TGA (but WinTGA)

WinTGA (listen):

  • You cannot modify since well known ports are used (NetBIOS)

AD-Listener (listen to AD):

  • regedit
    HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\SingleSignOn\AD Listener\AD\Port

AD-Listener (talk to SSO Server):

  • regedit
    HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\SingleSignOn\AD Listener\AD\Host=sso12Server:43980
    (for the Port take into account whether the AD-Listener needs to communicate using FIPS)

Policy Manager (talk to SSO Server):

  • Specify the alternative communication port in the "Host Name" text field of the connect dialog, e.g.
    localhost:43980
    Note that this is currently working only while starting the Policy Manager afresh.

Environment

Release: SOASA199000-12.1-SOA Security Manager-w/ SOA Agent Addl CPUs
Component:

Resolution

.