|
|
|
The Keys tab is where you configure how the Policy Sever handles Agent key generation.
If selected, the Policy Server generates dynamic keys and writes them to the key store. If this check box is not selected, the Policy Server does not generate keys.
Leaving Agent key generation disabled is useful if you want to limit the number of Policy Servers that generate Agent keys (for example, when more than one Policy Server is pointing at the same Key Store, only one of the Policy Servers should generate keys) or if a Policy Server uses a replicated key store for its Agent keys.
If selected, the Policy Server encrypts the key store using the Policy Server’s Encryption Key. If this check box is not selected, you must enter a key store encryption key in the Key Store Encryption Key field.
For most single sign-on environments, the keys used by SiteMinder for single sign-on between cookie domains are handled using a single key store common to all Policy Servers.
In the case of a common key store for separate policy stores, you must enter the same key store key in the Policy Server Management Console for each Policy Server instance, unless all of the Policy Servers use the same Encryption Key.
Re-enter the key store encryption key in this field to confirm the key.
If selected, the session key, which is used to encrypt session and identity specs, is stored in memory in an unencrypted state. Selecting this check box increases performance, because the key will not have to be decrypted each time it is used.
Important! Although it increases performance, selecting this check box is less secure than the default setting. If this check box is not selected, the session key is decrypted each time it is used.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |