|
|
|
The Policy Server supports periodic shared secret rollovers for trusted hosts hourly, daily, weekly, or monthly. The shortest allowable period between rollovers is one hour.
Unlike Agent key rollover, periodic shared secret rollover is associated with the age of the shared secret for each individual trusted host. The Policy Server initiates rollovers based on the age of the shared secret, rather than at a specific time of the day, week, or month. By rolling over each shared secret as it expires, the processing associated with the rollover is distributed over time, and avoids placing a heavy processing load on the Policy Server. However, if you use the manual rollover feature, future periodic rollovers will generally be clustered together for all trusted hosts, since the manual rollover sets new shared secrets for all trusted hosts that allow shared secret rollover.
Important! If you enable key generation on more than one Policy Server associated with a single policy store, the same shared secret can be rolled over more than once in a short period of time due to object store propagation delays. This can result in orphaned hosts whose new shared secrets have been discarded. To avoid this potential problem, enable shared secret rollover for a single Policy Server per policy store.
Note: In order to enable periodic shared secret rollover, the Enable Agent Key Generation check box must be selected in the Keys tab of the Policy Server Management Console.
To configure periodic shared secret rollover
The SiteMinder Key Management dialog box opens.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |