I have migrated all the policies and CA SSO configuration also onto a new environment via GMU command line scripts. However, the CA SSO Assertion from API Gateway on the new environment fails.
Then I had to manually open CA SSO Configuration and click on Register button and hit OK button again in the subsequent dialog box, then only the CA SSO Assertion started working.
Why Registering CA SSO Configuration manually is needed after the policy migration?
If it is a must, then is there a way to call Register CA SSO Configuration via command line thru some service call to get this accomplished?
Appreciate your inputs.
I believe it's a required step, the "Register” is to register the CA SSO Agent on the gateway to the siteminder policy server. The settings on SSO server side needs to be correct to make the integration work.
The GMU only makes the changes on gateway side.
Thanks for your Reply.
Well, then there is no automation possible when we deploy the changes to the next environment for the first time?
Is it possible to run the smreghost (command line utility that is part of the Siteminder SDK) and then subsequently import the SMHost.conf file that is generated by that command into the API Gateway?
The register process does use the smreghost command but we stored it into our database tables so the smhost.conf will not port through to the table. You can try to use the restman command outlined on the local online documentation to create a new configuration: https://<GW FQDN>:8443/restman/1.0/doc/restDoc.html#1.0/siteMinderConfigurations
Once the new one is created then you can map it using GMU for the migration from the other system.