I stand corrected! We verified the flow and confirmed that the step to be performed is through Administrative UI. It is option 2 in your original post. The result of following option 1 is this chicken-egg situation that you showed. My apologies for the confusion, Claudio.
Original Message:
Sent: 09-29-2020 01:21 PM
From: Claudio Fina
Subject: SSO for Multiple Key Store - Requirements
Hi,
i change the configuration in the "Policy Server Management Console" but then doing like that when i try to
specify the static key (for both session and agent) i am not allowed since the Key Management in the menu is not available anymore.
So it seems a chicken and egg situation, or the first step is not needed at all
Could you please shed a light on this?
Best Regards
Original Message:
Sent: 09-29-2020 01:19 AM
From: Gayatri Mothey
Subject: SSO for Multiple Key Store - Requirements
It refers to the first option - disabling agent key generation from the policy server management console, Claudio. We will clarify the statement to convey the same.
Thank you,
Gayatri
Original Message:
Sent: 09-28-2020 05:19 PM
From: Claudio Fina
Subject: SSO for Multiple Key Store - Requirements
From 12.8 documentation,
Multiple Key Store Requirements
If you are deploying multiple key stores, complete the following requirements or single sign-on fails.
- Disable dynamic Agent key generation for all Policy Servers.
- Verify that a SiteMinder administrator has the Administrative UI permissions to specify the same static Agent key and the same session ticket in the r12.x and 12.8.x key stores.
- Be sure that the same static Agent key and the same session ticket are configured in the r12.x and 12.8.x key stores. All key stores must use the same agent and session keys or single sign-on fails.
Does the first step "Disable dynamic Agent key generation for all Policy Servers" refers to disable agent key generation from the policy server management console?
Or it refers to the setting in the Admin UI Policy Server>>Key Management>>Agent Key Management
Radio button Use static Agent Key