This doc will walk you through how to confirm / change your provisioning server callback shared secret.
First we need to configure pwdtools.bat
- Go to: CA\im\iam suite\im\tools\passwordtool
- Right click on the bat file and configure the %JAVA_EXE% Attribute.
- Example: SET JAVA_EXE=C:\Java\jdk1.6.0_45\jre\bin\java.exe
Next we need run the pwdtools.bat.Open up CMD and map it to the location of pwdtools.bat
- To create a FIPS key file pwdtools -FIPSKEY -k <FIPS key file location> [-f <param_file>]
- To add a FIPS key pwdtools -FIPSKEY -add [-f <param_file>]
- To encrypt a plain text value using non FIPS (PBES) algorithm pwdTools -JSAFE -p <plain text> [-f <param_file>]
- To encrypt a shared secret using PBES algorithm and save it pwdTools -JSAFEKEY -p <shared_secret> [-f <param_file>]
- To encrypt a plain text using FIPS key file pwdTools -FIPS -p <plain text> -k <FIPS key file path> [-f <param_file>]
- To encrypt a plain text value using non FIPS (RC2) algorithm pwdTools -RC2 -p <plain text> [-f <param_file>]
In this example we are going to compare our current password values.
execute the following command:
pwdTools -JSAFE -p password1
Results:
Plain Text: password1
Encrypted value: {PBES}:WQf3wza4JfYe3zPI8zcveQ==
Now lets compare it to our encrypted value for provisioning server callback.
Go to: \iam_im.ear\custom\identitymanager and open up the systemWideProperties.properties file.
Within that file you will notice the IMeTASharedSecret take the encrypted value created by pwdtools and compare it to the existing code.
Should you want to change that password. Simply take the encrypted value that you created and replace it in this file.
NOTE: Should you have FIPS enabled this value may be blank as FIPS encryption is configured during installation. Should you have any password problems with FIPS make sure that you are using the same FIPS key for all IM component installs. You will have to uninstall any questionable or all components and re-install them with the same key. This is the only solution.
If you have any further password questions or concerns please open a CA Support Ticket.