Symantec Access Management

Expand all | Collapse all

SSO for Multiple Key Store - Requirements

  • 1.  SSO for Multiple Key Store - Requirements

    Posted 09-28-2020 05:19 PM
    From 12.8 documentation,
    Multiple Key Store Requirements
    If you are deploying multiple key stores, complete the following requirements or single sign-on fails.
    1. Disable dynamic Agent key generation for all Policy Servers.
    2. Verify that a SiteMinder administrator has the Administrative UI permissions to specify the same static Agent key and the same session ticket in the r12.x and 12.8.x key stores.
    3. Be sure that the same static Agent key and the same session ticket are configured in the r12.x and 12.8.x key stores. All key stores must use the same agent and session keys or single sign-on fails.
    Does the first step "Disable dynamic Agent key generation for all Policy Servers" refers to disable agent key generation from the policy server management console?

    Or it refers to the setting in the Admin UI Policy Server>>Key Management>>Agent Key Management
    Radio button Use static Agent Key 

    Best Regards




  • 2.  RE: SSO for Multiple Key Store - Requirements

    Broadcom Employee
    Posted 09-29-2020 01:20 AM
    It refers to the first option - disabling agent key generation from the policy server management console, Claudio. We will clarify the statement to convey the same.

    Thank you,
    Gayatri





  • 3.  RE: SSO for Multiple Key Store - Requirements

    Posted 30 days ago

    Hi,
    i change the configuration in the "Policy Server Management Console" but then doing like that when i try to 
     specify the  static key (for both session and agent) i am not allowed since the Key Management in the menu is not available anymore.


    So it seems a chicken and egg situation, or the first step is not needed at all

    Could you please shed a light on this?

    Best Regards
      




  • 4.  RE: SSO for Multiple Key Store - Requirements

    Broadcom Employee
    Posted 30 days ago
    I stand corrected! We verified the flow and confirmed that the step to be performed is through Administrative UI. It is option 2 in your original post. The result of following option 1 is this chicken-egg situation that you showed. My apologies for the confusion, Claudio.


  • 5.  RE: SSO for Multiple Key Store - Requirements

    Posted 30 days ago
    Hi, thank you very much for the clarification.
    I am going to check this configuration
    Best Regards