Symantec IGA

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

Confirm / Change Provisioning Server Callback Shared Secret (Identity Manager)

  • 1.  Confirm / Change Provisioning Server Callback Shared Secret (Identity Manager)

    Posted Mar 09, 2015 02:03 PM

    This doc will walk you through how to confirm / change your provisioning server callback shared secret.

     

    First we need to configure pwdtools.bat

    • Go to: CA\im\iam suite\im\tools\passwordtool
    • Right click on the bat file and configure the %JAVA_EXE% Attribute.
    • Example: SET JAVA_EXE=C:\Java\jdk1.6.0_45\jre\bin\java.exe


    Next we need run the pwdtools.bat.Open up CMD and map it to the location of pwdtools.bat

    • To create a FIPS key file  pwdtools -FIPSKEY -k <FIPS key file location>  [-f <param_file>]
    • To add a FIPS key  pwdtools -FIPSKEY -add  [-f <param_file>]
    • To encrypt a plain text value using non FIPS (PBES) algorithm  pwdTools -JSAFE -p <plain text>  [-f <param_file>]
    • To encrypt a shared secret using PBES algorithm and save it  pwdTools -JSAFEKEY -p <shared_secret>  [-f <param_file>]
    • To encrypt a plain text using FIPS key file  pwdTools -FIPS -p <plain text> -k <FIPS key file path> [-f <param_file>]
    • To encrypt a plain text value using non FIPS (RC2) algorithm pwdTools -RC2 -p <plain text> [-f <param_file>]

     

    In this example we are going to compare our current password values.

    execute the following command:

    pwdTools -JSAFE -p password1

     

    Results:

         Plain Text: password1

         Encrypted value: {PBES}:WQf3wza4JfYe3zPI8zcveQ==

     

    Now lets compare it to our encrypted value for provisioning server callback.

    Go to: \iam_im.ear\custom\identitymanager and open up the systemWideProperties.properties file.

    Within that file you will notice the IMeTASharedSecret take the encrypted value created by pwdtools and compare it to the existing code.

    Should you want to change that password. Simply take the encrypted value that you created and replace it in this file.

     

    NOTE: Should you have FIPS enabled this value may be blank as FIPS encryption is configured during installation. Should you have any password problems with FIPS make sure that you are using the same FIPS key for all IM component installs. You will have to uninstall any questionable or all components and re-install them with the same key. This is the only solution.

     

    If you have any further password questions or concerns please open a CA Support Ticket.



  • 2.  Re: Confirm / Change Provisioning Server Callback Shared Secret (Identity Manager)

    Posted Mar 09, 2015 04:47 PM

    Thanks for sharing this tip with the Community, parvi07!