Problem:
A trial version of the SiteMinder Policy Server can operate in FIPS-compatibility and FIPS-migration modes. Setting the Policy Server to operate in FIPS-only mode results in the Policy Server rejecting the trial license because the license was encrypted using algorithms that are not FIPS compliant.
Solution:
Ensure that the SiteMinder Policy Servers you want to migrate to FIPS-only mode are using a valid SiteMinder license and not a trial license.
Under certain circumstances, running analysis and audit-based reports may slow SiteMinder performance. We recommend analyzing the load patterns in your environment to determine the best time to run reports.
Do not use brackets around the IP address when using IPv6 ODBC data sources or the connection fails.
Example: use fec0::9255:20c:29ff:fe47:8089 instead of [fec0::9255:20c:29ff:fe47:8089]
Note: More information on IPv6-supported databases exists in the SiteMinder Platform Support Matrix.
Symptom:
(LDAP) The default Policy Server behavior is to treat a CertSerialNumber as a broken string of numbers. This behavior causes a custom certificate mapping to fail if the user directory stores the CertSerialNumber as an unbroken string of numbers. The Policy Server fails to lookup the user because the default LDAP search contains spaces.
Solution:
Enable the NoSpacesinCertNumbers registry setting. Enabling the registry setting causes the Policy Server to treat certificate serial numbers as an unbroken string of numbers for all serial number comparisons.
Location: HKEY_LOCAL_MACHINE/SOFTWARE/Netegrity/Siteminder/CurrentVersion/PolicyServer/NoSpacesInCertSerialNumbers
Values: 0 (disabled) 1 (enabled)
Default Value: 0
|
Copyright © 2012 CA.
All rights reserved.
|
|