Symantec Access Management

Expand all | Collapse all

how is siteminder shared secret determined during webagent registration?

  • 1.  how is siteminder shared secret determined during webagent registration?

    Posted Aug 28, 2014 07:06 PM

    is it based on web server ip address?  mac address? other? combination?  can a web agent be registered and then work through NAT?



  • 2.  Re: how is siteminder shared secret determined during webagent registration?
    Best Answer

    Posted Aug 29, 2014 11:01 AM

    Hello Mike, First the mechanism of generating the shared secret his proprietary and we can not provide much details or you will be able to decrypt the initial and trusted connection between Agent and Policy Server. During an host registration, depending on the type of Host the that you will register with the Policy Server you will use some different parameters. In case of Unix/Linux we are using the hostID which is a numeric translation of the Network MAC address if no specific /etc/hostid defined but is in general specific to each host. This hostid in combination with the PS encryption key is used to generate the shared secret to the agent stored in the smhost.conf and generate the trusted host object in the PS. For Winodows it is different as you can copy the smhost between boxes, something that you can not do for Unix boxes. If you change the hostid or the network car you would have to do the host registation again for Unix boxes. Hope it helps. Julien