SiteMinder SDK provides Java Agent API to build a custom agent for enforcing access control and for managing user sessions.
1. When dynamic Agent keys are used and rolled over, how does AgentAPI manage it?
2. When Shared Secret is enabled and rolled over, how does AgentAPI manage it?
SiteMinder SDK 12.5
Java Agent API provides automatic encryption key rollover.
1. It is automatically done by Agent API.
Two methods of createSSOToken() and decodeSSOToken() process SMSESSIN cookie. As per the SDK Release Notes, they call doManagement() every 30 seconds. Therefore Agent keys are always synchronized.
2. It is also automatically done by Agent API.
When shared secret is rolled over, AgentAPI update SmHost.conf automatically. Be aware of that write permission to the file should be set properly.
SDK Release Notes: Decoding SSO Token Degrades Performance (159533)