Trusted Host Registration and IP Address on Unix / Linux.
Article ID: 53083
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
Description:
- What part of the registration of a Trusted Host contains a reference to the IP Address on Unix / Linux systems?
- Why is the Shared Secret in the SmHost.conf file and the Shared Secret on the Policy Server different on Unix / Linux systems?
Solution:
- There is no part containing a reference to the IP Address:
The Shared Secret is computed by the Policy Server and sent to the Web Agent. On Unix, a second encryption is done by the OS of this Shared Secret and this uses all IP address available on the OS and other component. Then, when changing one of the IP address on the server, you need to re-register the Web Agent to allow it to restart. - The second encryption on the Unix system let you notice differences between what you see in SmHost.conf file and what you see in the Policy Store.
Note: Second encryption done by OS does not happen on Windows systems.
Environment
Release:
Component: SMPLC
Component: SMPLC
Feedback
Yes
No
Powered by
