Previous Topic: Dynamic Agent Key Rollover

Next Topic: Rollover Intervals for Agent Keys

Agent Keys Used in Dynamic Key Rollover

SiteMinder deployments use the following keys in a dynamic key rollover and maintain them in the key store:

When the Policy Server processes a dynamic Agent key rollover, the value of the current key replaces the value of the old key. The value of the future key replaces the value of the current key, and the Policy Server generates a new value for the future key.

When receiving a cookie from a client browser, the Web Agent uses the current key from the key store to decrypt the cookie. If the decrypted value is not valid, the Web Agent tries the old key, and if necessary, the future key. The old key may be required to decrypt cookies from an Agent that has not yet been updated, or to decrypt existing cookies from a client's browser. The future key may be required for cookies created by an updated Agent, but read by an Agent that has not yet polled the key store for updated keys.


Copyright © 2010 CA. All rights reserved. Email CA about this topic