How to configure RiskMinder component at the Policy Server manually

Blog Post created by SungHoon_Kim Employee on Jan 14, 2016

Reformatting this previous article for publishing as Knowledge Document.



    - How to configure RiskMinder component at the Policy Server manually.



    - You configured the Policy Store manually and find the RiskMinder component is not configured.

    - You try to configure CA Gateway(SPS) and its tomcat service is crashing.

    - You are trying to configure SessionAssurance but Policy Server side RiskMinder is not working.


Introduction / Summary: 

    The RiskMinder component at the Policy Server is configured during the Policy Server installation given that the Policy Store is already configured or is one of those servers that the Installation Wizard can setup Policy Store automatically without requiring manual steps.

    However, if the Policy Store had to be configured manually, then it is not going to configure the RiskMinder component.

    The following steps will guide you to configure the RiskMinder component and also show how to verify it is setup(or to check if it is not setup).



Run the "Policy Server Configuration Wizard".


DO NOT choose any features to configure. Just click "Next".


You will be asked to enter the "Master Key".  This only accepts alphanumeric!!!

This is not Policy Store encryption Key. This is a key used by RiskMinder component.

You must keep a record of this key as you will need it in the future.


It asks again to set a password for the "SiteMinder" super user.

You cannot skip this part without entering a value so enter whatever password suits you. You will use that to administer the policy server.


If the RiskMinder Component is configured successfully, you will find the "Default_<PolicyServerMachineName>_AAS" HostConfigObject.

If you do not have AdminUI installed yet you still can check from XPSExplorer.

In the following sample, the Policy Server machine name(hostname) is "TESTMC1" so you should have "Default_TESTMC1_AAS" HCO object.

If you have 2 Policy Server, then you are expected to see 2 HCO named "Default_<PolicyServerMachineName>_AAS"

If you don't have the matching number of HCO objects, then you will need to check the Policy Server MachineName to determine which one need to run the configuration wizard to register.


** This article is now published as a Knowledge Document linked below.