|
|
|
When you register a trusted host, the installation process automatically generates a shared secret for the Web Agent and stores that shared secret in the SmHost.conf file, the Host Configuration file. If you choose to enable shared secret rollover when registering a trusted host, you can rollover the shared secrets for trusted hosts. You can rollover shared secrets manually or periodically.
During a manual or periodic shared secret rollover, shared secrets are only rolled over for Agents that were configured at installation to allow rollovers.
For information about installing Web Agents and registering trusted hosts, see the SiteMinder Web Agent Installation Guide.
Shared secret rollover occurs automatically only on servers that are configured to enable Agent key generation. You enable Agent key generation by selecting the Enable Agent Key Generation check box in the Keys tab of the Policy Server Management Console. This setting is enabled by default.
Important! We recommend that only one Policy Server be enabled to generate keys. If there are multiple policy stores in an environment, but only a single shared key store, the shared secrets in the policy store are rolled over automatically only in the policy store for the Policy Server with key generation enabled. For the other policy stores, you can manually execute a rollover.
To manually rollover the shared secret, use the FSS Administrative UI or the C Policy Management API running on a Policy Server configured to the target policy store.
Note: The shared secret policy object is kept in the key store, and thus will be shared by all policy stores that share the same key store. The shared secrets themselves are kept in the trusted host objects, which are part of the policy store.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |