How to modify communication TCP ports for the various SSO components?
search cancel

How to modify communication TCP ports for the various SSO components?


Article ID: 52557


Updated On:


CA Single Sign-On



This article is describing how to modify the communication port for the various SSO components.


IMPORTANT: This article contains information about modifying the registry.
Before you modify the registry, make sure to create back up of the registry and ensure that you understand how to restore the registry if a problem may occur.
For more information about how to back up, restore, and edit the registry, please review the relevant Microsoft Knowledge Base articles on

In case the default communication port used is not suitable, e.g. because another service is using the same port or maybe due to company policy requirements, it is desirable to have the option to modify the relevant TCP port for the following components:

In the below example 43980 is the new sample value for the relevant communication port.

Adjust this value according to your needs.

Policy Server (listen to Clients):

  • Launch SSO Policy Manager

  • Go to Configuration Resources / Policy Server Settings / Communication

  • Modify
    PortNumber (for non-FIPS communication, e.g. SM6.x)
    SslPortNumber (for FIPS enabled Clients)

  • Alternatively you can also use the following selang commands:
    chres PSCONFIGPROPERTY ("[email protected] ) gen_prop("VALUE") gen_val("43980");
    (for non-FIPS communication, e.g. SM6.x) or
    chres PSCONFIGPROPERTY ("[email protected]") gen_prop("VALUE") gen_val("43980");
    (for FIPS enabled Clients) respectively.

SSO Client (talk):

  • Edit Auth.ini

  • Add the port-number to the relevant hostname, e.g.
    (for the Port take into account whether the Client needs to communicate using FIPS)

  • Use the same syntax (hostname:port) also for specifying alternative ports to talk to any TGA (but WinTGA)

WinTGA (listen):

  • You cannot modify since well known ports are used (NetBIOS)

AD-Listener (listen to AD):

  • regedit
    HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\SingleSignOn\AD Listener\AD\Port

AD-Listener (talk to SSO Server):

  • regedit
    HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\SingleSignOn\AD Listener\AD\Host=sso12Server:43980
    (for the Port take into account whether the AD-Listener needs to communicate using FIPS)

Policy Manager (talk to SSO Server):

  • Specify the alternative communication port in the "Host Name" text field of the connect dialog, e.g.
    Note that this is currently working only while starting the Policy Manager afresh.


Release: SOASA199000-12.1-SOA Security Manager-w/ SOA Agent Addl CPUs