How does Java AgentAPI manage Agent Key and Shared Secret rollover?

Document ID : KB000044516
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

SiteMinder SDK provides Java Agent API to build a custom agent for enforcing access control and for managing user sessions.

Question: 

1. When dynamic Agent keys are used and rolled over, how does AgentAPI manage it?

2. When Shared Secret is enabled and rolled over, how does AgentAPI manage it?


Environment:  

SiteMinder SDK 12.5

OS: All

Answer: 

Java Agent API provides automatic encryption key rollover.

 

1. It is automatically done by Agent API.
Two methods of createSSOToken() and decodeSSOToken() process SMSESSIN cookie. As per the SDK Release Notes, they call doManagement() every 30 seconds. Therefore Agent keys are always synchronized.

2. It is also automatically done by Agent API. 

When shared secret is rolled over, AgentAPI update SmHost.conf automatically. Be aware of that write permission to the file should be set properly.


Additional Information:

SDK Release Notes: Decoding SSO Token Degrades Performance (159533)