How the Agent Reads SiteMinder Cookies

Filed under: Identity & Access Management,Tech — Vaibhav @ 3:27 amTags: Cookies, key rollover, Siteminder

How the Agent Reads SiteMinder Cookies

Web Agents use agent keys to encrypt and decrypt SiteMinder cookies so the data they contain can beread. The Agent uses the key to encrypt cookiesbefore sending them to a user’s browser and to decryptcookies received fromother Web Agents.All Web Agents need to be aware of the same keys, and the keys must be set to the same value for allAgents communicating with a Policy Server. This rule is particularly important for Agents in a singlesign-on environment. To ensure that the keys remain secure, the Policy Server performs a key rollover.A key rollover is the process of generating new keys, encrypting them, and distributing them to all WebAgents within a SiteMinder environment.When a Web Agent starts up and makes a management call request, the Policy Server supplies thecurrent set of keys. Each time that the Web Agent polls the Policy Server, the agent again makes themanagement call. The Web Agent receives the updated keys.

The Policy Server provides two types of keys:

• Dynamic Keys—A dynamic key is generated by a Policy Server algorithm and distributed to otherconnected Policy Servers and their associated WebAgents. Dynamic keys can be rolled over at a regularinterval, or by usingthe Key Management dialog box of the Policy Server User Interface.

• Static Keys—A static key remains the same indefinitely, and can be generated by a Policy Server algorithmor configured manually. SiteMinder uses this type of key for a subset of features that require information tobe stored in cookies over extended periods of time.

Automated key changes ease the process of managing agent keys for largeSiteMinder installations that sharea single key store. A key store is a storage location for all key information; all agents access the key store toobtain the current keys. For Agents that are configured for single sign-on, the key storemust be replicated andshared across all Policy Servers in the single sign-onenvironment. Automating key changes also ensures theintegrity of the keys.

Agent Key Dynamic Rollovers

You can use the SiteMinder Key Management dialog box of the Policy ServerUser Interface to configuredynamic Agent key rollover. Web Agents poll thePolicy Server for key updates at regular intervals. If keyshave been updated,Web Agents pick up the changes during polling. The default polling time is 30seconds, butcan be configured by changing the PSPollInterval parameter of a Web Agent.

When a Web Agent detects that a key rollover has occurred, the Agent retrieves new values for the following

How the Agent Reads SiteMinder Cookies | Vaibhav Tripathi http://vaibhav181.wordpress.com/2012/10/15/how-the-agent-reads-sitem...

1 of 4 3/21/2013 4:38 AM

Share this:

Like this:

One blogger likes this.

Agent keys:

• Old Key—Last value used for the dynamic Agent key before the currentvalue.

• Current Key—Value of the current dynamic Agent key.

• Future Key—Next value that will be used as the current key in a dynamicAgent key rollover.

• Static Key—A long-term key that the Agent can use for SiteMinder featuresthat need to identify a user andmaintain this information for long periods of time. Static keys also support cookie encryption for singlesign-on whendynamic keys are not enabled.

Web Agents require multiple keys to preserve cookie data and ensure a smoothtransition between old keysand new keys.

Key Stores

When the Policy Server generates dynamic keys, it saves and maintains thesekeys in the key store. The keystore is a repository from which all Web Agents retrieve the most current keys. The key store may be part of aSiteMinder policy store or maintained as a standalone key store.

Comments (1)

[...] How the Agent Reads SiteMinder Cookies. [...]

Pingback by How the Agent Reads SiteMinder Cookies « Vaibhav Tripathi — December 15, 2012 @2:30 pm | Reply

1.

share

http://nib.ly/s6UD

About these ads

How the Agent Reads SiteMinder Cookies | Vaibhav Tripathi http://vaibhav181.wordpress.com/2012/10/15/how-the-agent-reads-sitem...

2 of 4 3/21/2013 4:38 AM

RSS feed for comments on this post. TrackBack URI

Leave a Reply

More to Come (1)Tech (25)

Identity & Access Management (15)Way to go…Life to come (5)

Common SiteMinder Deployment Environments.jar files,.war files and .ear filesWebserver and Application ServerWhat is DataPower?Web Service Proxy (WSP)Siteminder Agents and Virtual ServersConcept of Server VirtualizationTips for Tricky Interview questions..Vordel API ServerIdentity and Access Management takes a step towards the Cloud

Enter your email address to follow this blog and receive notifications of new posts by email.

How the Agent Reads SiteMinder Cookies | Vaibhav Tripathi http://vaibhav181.wordpress.com/2012/10/15/how-the-agent-reads-sitem...

3 of 4 3/21/2013 4:38 AM

RegisterLog inEntries RSSComments RSSBlog at WordPress.com.

Theme: Rubric. Blog at WordPress.com.

How the Agent Reads SiteMinder Cookies | Vaibhav Tripathi http://vaibhav181.wordpress.com/2012/10/15/how-the-agent-reads-sitem...

4 of 4 3/21/2013 4:38 AM