Implementation Guide › SiteMinder Components › SiteMinder Components › CA Business Intelligence › Key Store

Key Store

(Required) By default, the SiteMinder key store (key store) is automatically configured and collocated with the policy store. The purpose of this component is to store the encryption keys Policy Servers and Agents use to encrypt sensitive data, which include:

• The keys Agents use to encrypt SiteMinder cookies.
• The keys Policy Servers use to encrypt sensitive policy store information, such as administrator passwords.
• The keys Policy Servers use to encrypt SiteMinder session tickets that contain credentials and other information that is related to user sessions.

You can store encryption keys in a separate directory or database. The need to deploy a separate key store depends on:

• How you implement Policy Servers and policy stores.
• Single sign–on requirements.

More information:

Documentation Roadmap

SiteMinder Audit Database

(Optional) By default, the Policy Server writes audit events to a text file, which is known as the Policy Server log. The purpose of audit logs is to track information about all user activity, including:

• All successful authentications
• All failed authentications
• All successful authorization attempts
• All failed authorization attempts
• All administrative login attempts
• All administrative actions, such as changes to administrator passwords, the creation of policy store objects, and changes to policy store objects

However, you can configure a stand–alone SiteMinder audit database (audit database). When deciding where to store audit events, consider that:

• The Report Server requires a connection to an audit database to create audit–based reports. The Report Server cannot create audit–based reports from a Policy Server log written to a text file.
• Storing audit logs to a database is more secure than logging the information to a text file.
• If supported, a policy store can also function as an audit database.

Note: For more information about configuring an audit database, see the documentation roadmap.

More information:

Documentation Roadmap

Session Store

(Optional) When SiteMinder authenticates a user, the Policy Server issues a session ticket. A session ticket contains basic information about the user and authentication information for the user. By default, SiteMinder implements session management through non–persistent sessions. If non–persistent sessions are enabled, an Agent writes the session ticket to a cookie on the browser of the users. However, some SiteMinder features require persistent sessions.

If persistent sessions are enabled, an Agent must write the session ticket to a stand–alone database.

You deploy a SiteMinder session store (session store) for the following primary reasons:

• If a SiteMinder log off URI is implemented, a session store prevents a SiteMinder session from being used again after a user logs off.
• To provide support for features that require persistent user sessions.

Agents use this information to identify users and provide session information to the Policy Server.

Note: For more information about configuring a session store, see the documentation roadmap.

More information:

Documentation Roadmap