Symantec Access Management

Tech Tip : CA Single Sign-On : Policy Server Configuration on Linux Machine

  • 1.  Tech Tip : CA Single Sign-On : Policy Server Configuration on Linux Machine

    Posted 08-30-2018 04:03 AM

    Question:


    We're running smconsole on Linux Policy Server, the tool works very slow and we'd like to know
    if there's a way to modify configuration ?

     

    Answer:

     

    At first glance, you can stop the Policy Server and edit the
    sm.registry manually. But depending what you want to do, you might
    also use XPSConfig.

     

    Here a sample to do so for database connection :

     

    How to update DB Session Store details without the smconsole ?
    https://comm.support.ca.com/kb/how-to-update-db-session-store-details-without-the-smconsole/kb000010637

     

    You can also use the smldapsetup to connect to a dummy ldap server to
    encrypt the password.

     

    Tech Tip : CA Single Sign-On :Policy Server:How to encrypt password in Sm.registry file without using SmConsole
    https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2016/08/16/tech-tip-ca-single-sign-on-policy-serverhow-to-encrypt-password-in-smregistry-file-without-using-smconsole


    All these are workaround and they are all at your risks.

     

    Overall we invite you to vote at the following link to get implemented
    direct command lines available in order to modify the sm.registry,
    which command lines will validate the input you're giving.

     

    Command line options for Policy server management console (smconsole)
    https://communities.ca.com/ideas/235732441-command-line-options-for-policy-server-management-console-smconso

     

    KB : KB000112512