Symantec Access Management

Tech Tip : CA Single Sign-On :Policy Server::Encrypted Active Response

By Ujwol posted 09-12-2016 11:42 PM



In this guide we will write a sample Active Response which will use AES encryption algorithm to encrypt the USERDN and return an encrypted USERDN to the client.


Step 1: Create an active response as shown below :

Step 2 : Configure the Active Response with either OnAuthAccept or OnAccessAccept rule.


Step 3 : Compile the attached sample & classes by running java-build.bat (windows) / (unix).

Note: Prior to running you will need to update the path to the JDK install directory in the JAVA_HOME variable by editing the java-build.bat (windows) / (unix) files.


Step 4. Once compiled, copy the ActiveResponseSample.class and copy it to the <Policy server>/config/properties directory.


Note: This "properties" directory is by default in the classpath of Policy server so you don't need to modify JVMOptions.txt.

If you choose to deploy the class in any other directory, then you will need to add the path to that directory as a classpath in the JVMOptions.txt file.



1. Access the resource which is configured to return the active response. Copy the value of the encrypted response returned (using the server side scripting which prints all the HTTP headers)  :

2. Next, decrpyt the encrypted response header using the attached sample ActiveResponseDecryptor class by running java-run.bat (windows) / (unix)