I agree with your theory Jim. Yes, the encryptio/decryption of the shared secret depends on the system-specific in case of unix based systems, specifically it depends on the "hostid" of the system which in turn depends on various other parameters of the system.
I created a KB explaining this earlier, please refer to the same for details:
Failed Handshake between Webagent and Policy Server.
For your qucik refernce, here is the content of the KB:
Introduction:
Already successfully running webagent suddenly reports following error in webserver log.
[Error] SiteMinder Agent Unable to load SiteMinder host configuration object or host configuration file.
Path to the SiteMinder host configuration File is Empty.
Policy Server smps.log shows failed handshake errors:
[1860/2604][Mon Jul 18 2016 13:59:03][CServer.cpp:1959][ERROR][sm-Tunnel-00050] Handshake error: Shared secret incorrect for this client
[1860/2604][Mon Jul 18 2016 13:59:03][CServer.cpp:2121][ERROR][sm-Server-01070] Failed handshake with 155.35.245.129:49184
Question:
What are the reason of a Failed Handshake between Webagent and Policy Server (need to re-register the Agent)?
Environment:
All Unix environments
Answer:
On all non-Windows platforms, the agent code used to encrypt and decrypt the shared secret uses a key that is derived from a hard coded value combined with the results of calling gethostid() on the platform in question. gethostid() is a standard C Library function that returns a 32-bit long value.
Different UNIX system implements this function differently. For e.g Linux, AIX and solaris , the system implementation for the gethostid() C library function is not the same.
As such, SiteMinder web agent might not be able to decrypt the shared secret generated in one UNIX system when moved to other system.
Not only that, if the host ID of the same system changes (due to change in IP, hostname, mac address etc ) , the webagent will not be able to decrypt the shared secret which was originally generated on the same system, in which case you need to re-register the trusted host.
Additional Information:
gethostid Linux Man Page : http://linux.die.net/man/2/gethostid