How to Reset Encryption Key using MSSQL Databases

Document ID : KB000022581
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

Reset Policy Server Encryption Key with SQL Server Policy Store

 

Question: 

How do I reset the SiteMinder Policy Server encryption key when using SQL Server As Policy Store?

 

Environment:  

Policy Server Version: 12sp3 and lower.

Policy Server O/S: All

Policy Store: SQL Server

 

Answer: 

To reset the policy store Encryption Key Perform the following steps:

  1. Export your existing policy store content in clear text.
    * run "smobjexport -d<admin> -w<password> -oFullExport.smdif -c -k -v"

    **** if the export has errors do not proceed ****

    IF you are using Applications in your environment use XPSExport and SMKeyExport instead.
    run xpsexport File_name.xml -xa -vT -e exportlog.log
    run smkeyexport -d<admin> -w<pass> -okeys.txt -c

    Note:When doing an xpsexport it will prompt for your a passphase, you will need that when importing so write it down.

  2. Now if you want to you're the same SQL server Database then perform step-3 or if you can create a new fresh SQL server database then create a new database and proceed to step-4 without performing step-3.

  3. Remove SiteMinder Data/Schema from SQL server database using SQL server Management Studio.

    Run the following scripts in SQL Management Studio to remove the SiteMinder Data
    $NETE_PS_ROOT/db/sql/sm_mssql_ps_delete.sql (for Policy Store and Keystore databases if applicable)
    $NETE_PS_ROOT/db/sql/sm_mssql_logs_delete.sql (for Audit databases if applicable)
    $NETE_PS_ROOT/db/sql/sm_mssql_token_delete.sql (for Token Database if applicable)
    $NETE_PS_ROOT/db/sql/sm_mssql_ss_delete.sql (for Session Store Database if applicable)
    If you are using sqlplus, run the schema using an @ sign.
    Example: @$NETE_PS_ROOT/db/sql/sm_mssql_ps.sql

  4. Run "smreg -key new_encryption_key" to reset the Encryption Key.

  5. Reboot the machine.

  6. Load the Policy Server Management Console and point your Policy store to SQL server database. Make sure the MSSQL database instance that will contain the SiteMinder data is accessible from the Policy Server machine by performing a test connect from Sm Console.

  7. Now Open SQL Management Studio and Recreate the SiteMinder Schema in your SQL server database.
    Create the SiteMinder schema in the MSSQL database:

    1. Log in to MSSQL with sqlplus (or some other MSSQL utility) as the user who administers the Policy Server database information.

    2. Import the scripts to create the SiteMinder schema:
      $NETE_PS_ROOT/db/sql/sm_mssql_ps.sql (for Policy Store and Keystore databases if applicable)
      $NETE_PS_ROOT/db/sql/sm_mssql_logs.sql (for Audit databases if applicable)
      $NETE_PS_ROOT/db/sql/sm_mssql_token.sql (for Token Database if applicable)
      $NETE_PS_ROOT/db/sql/sm_mssql_ss.sql (for Session Store Database if applicable)
      ****If you are using sqlplus, run the schema using an @ sign.
      Example: @$NETE_PS_ROOT/db/sql/sm_mssql_ps.sql

    3. Ensure your Policy Server is running and pointing at the configured policy store.

  8. Run "smreg -su SiteMinder_admin_password" to reset SiteMinder Administrator password.

  9. Import the export from Step 1
    * run "smobjimport -d<admin> -w<password> -iFullExport.smdif -v -k -c"
    or If you used xpsexport you must use xpsimport to import the data back
    * xpsimport File_Name.xml -passphrase {PassPhrase} -Validate -fo -e Error_logfile.log
    * smkeyimport -d<admin> -w<pass> -ikeys.txt -c