sharedsecrettime parameter explanation in Web Agent SmHost.conf
search cancel

sharedsecrettime parameter explanation in Web Agent SmHost.conf

book

Article ID: 10974

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

When registering a trusted host, the installation process:

  • Automatically generates a shared secret for the Web Agent;
  • Stores the shared secret in the Host Configuration file (SmHost.conf) file;

 

If the shared secret rollover is enabled when registering a trusted host, a rollover of the shared secrets for trusted hosts can be done either manually or periodically in the AdminUI.

During a manual or periodic shared secret rollover, shared secrets are only rolled over for Agents that were configured at installation to allow rollovers (1).

What is the meaning of the "sharedsecrettime" parameter in the SmHost.conf file?

 

Environment

 

Supported versions of Policy Server and Web Agent combinations.

 

Resolution

 

The sharedsecrettime in the SmHost.conf specifies when the shared secret key is rolled over.

This setting is only valid if you had enabled shared secret rollover during host registration. It will show the last time the shared secret changed. 

If the value is 0, it means that shared secret rollover was not enabled.

To illustrate a shared secret rollover disabled:

$ cat SmHost.conf

# Host Registration File - /prod/apps/netegrity/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf
#
# This file contains bootstrap information required by
# the SiteMinder Agent API to connect to Policy Servers
# at startup.  Be sure the IP addresses and ports below
# identify valid listening Policy Servers.  Please do not
# hand edit the encrypted SharedSecret entry.
#

hostname="www.example.com"
sharedsecret="{RC2}+R1CJBLvkCO0mteQ8Dk+4AHql2w+t0................OhkthNtLJYZhlWJJ"
sharedsecrettime="0"
hostconfigobject="XYZHost"

# Add additional bootstrap policy servers here for fault tolerance.

policyserver="xyz1.com,44441,44442,44443"
policyserver="xyz2.com,44441,44442,44443"
policyserver="xyz3.com,44441,44442,44443"
policyserver="xyz4.com,44441,44442,44443"
requesttimeout="60"
cryptoprovider="BSAFE"
Enabledynamichco="yes"

# <EOF>

 

Additional Information

 

(1)

 Shared Secret for a Trusted Host

 Shared secret rollover occurs automatically only on servers that are
 configured to enable agent key generation. You enable agent key
 generation by selecting the Enable Agent Key Generation check box in
 the Keys tab of the Policy Server Management Console. This setting is
 enabled by default.

 

Powered by Wolken Software