Dynamic Agent Key Manual Rollover option is disabled

Document ID:  TEC1815782
Last Modified Date:  08/09/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Single Sign-On

Releases

  • CA Single Sign-On:Release:12.5
  • CA Single Sign-On:Release:12.51
  • CA Single Sign-On:Release:12.51 CA SiteMinder
  • CA Single Sign-On:Release:12.52
  • CA Single Sign-On:Release:12.52 CA SiteMinder
  • CA Single Sign-On:Release:12.52 SP1
  • CA Single Sign-On:Release:12.52 SP2
  • CA Single Sign-On:Release:12.6
  • CA Single Sign-On:Release:12.6.1
  • CA Single Sign-On:Release:12.7

Components

  • SITEMINDER -POLICY SERVER:SMPLC
Introduction:

The manual key rollover option for Dynamic Agent Key is by default disabled. 

dynamic agent key .jpg

This KB guides how to enable this feature.

 

Environment:
Policy server : r12.5 and above
Instructions:

1. Perform a full key store export by running following command :

smkeyexport -d<admin> -w<password> -okeys.txt

 

2. Once the key store is is exported, change the value for IsEnabled option under KeyManagement to true from false:

Old :

objectclass: KeyManagement

Oid: 1a-XXXXX

IsEnabled: false

ChangeFrequency: 0

ChangeValue: 0

NewKeyTime: 0

OldKeyTime: 1502258688

FireHour: 0

PersistentKey: {RC2}2SraPUoK8PLYItUrJFCeck7rlcWl77g+3vpJY07rso39+ojFmbn7zn0IdwGjWeCQ

 

New :

objectclass: KeyManagement

Oid: 1a-XXXXX

IsEnabled: true

ChangeFrequency: 0

ChangeValue: 0

NewKeyTime: 0

OldKeyTime: 1502258688

FireHour: 0

PersistentKey: {RC2}2SraPUoK8PLYItUrJFCeck7rlcWl77g+3vpJY07rso39+ojFmbn7zn0IdwGjWeCQ

Note : DO NOT MAKE ANY OTHER CHANGE

 

3. After making the above change, save the export file and import it by running following command :

smkeyimport -d<admin> -w<password> -ikeys.txt

4. You should now have the manual rollover option enabled for the dynamic agent key 

enabled.jpg

 

 

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >