Symantec IGA

Expand all | Collapse all

How to update the encryption key in CA Identity Manager?

Jump to Best Answer
  • 1.  How to update the encryption key in CA Identity Manager?

    Broadcom Employee
    Posted 09-05-2017 05:19 AM

    We have an existing environment with CA IM 12.5. We are creating a parallel environment with CA IM 14.0. Both the IM's point to same user store, so that user creation and modification from both IM's hits the same user store.

     

    When accessing FPS task in CA IM 14.0 for a disabled user, we are seeing - "Unable to execute task. User is disabled". But when access FPS task in CA IM 14.0 for a enabled user, we could see the FPS page.

     

    This could be because of using different encryption keys in IM environments. Do anyone know how to update the encryption key in a IM environment? You help is much appreciated.



  • 2.  Re: How to update the encryption key in CA Identity Manager?

    Broadcom Employee
    Posted 09-06-2017 03:32 PM

    Can you provide some one data on how you try to use the forgotten password? where you trigger it from?

     

    It seems he portal\IDM uses the target user instead of the dedicated public user to run this task.



  • 3.  Re: How to update the encryption key in CA Identity Manager?
    Best Answer

    Broadcom Employee
    Posted 09-06-2017 06:04 PM

    This is to do with the Allowable Disable Reasons. Edit the task and modify the search screen to set the allowable states.

     



  • 4.  Re: How to update the encryption key in CA Identity Manager?

    Posted 09-05-2017 09:46 AM

    While not specifically a response to your question, having two IMEs hit the same userstore is not a good idea (even worse idea since they are different product versions). The %IDENTITY_POLICY% well-known attribute will contain IME dependent data about PX Policies. There is likely other attributes where overlapping different IMEs will cause problems too.



  • 5.  Re: How to update the encryption key in CA Identity Manager?

    Broadcom Employee
    Posted 09-06-2017 08:38 AM

    Objective of having two stacks with different version of IM's is, we are trying to do a upgrade from 12.5 to 14.0, and once the upgrade is done old stack will be decommissioned.