Question :
Running SDK Agent, once the Agent Keys have been rolled over two times,
the decodeSSOToken() method isn't able to decode the SMSESSION cookie
anymore and my SDK Agent always throws an exception.
How often can the Agent Keys be rolled over before the SDK Agent cannot decode it anymore ?
Two or three times?
I'd say three times because there are 3 Keys : the PAST, CURRENT and FUTURE.
Environment :
This applies to all Agent versions.
Answer :
By design, if you roll 2 times the Agent Keys, then SDK Agent won't be able to decode the SMSESSION cookie anymore.
1 - The SMSESSION cookie is encrypted with the Current Key (k1). (k0-k1-k2)
2 - At the first roll, the Current Key value is set as the Old Key
and the k0 old key isn't available anymore (k1-k2-k3).
3 - At the second roll, the key value which has encrypted the SMSESSION
cookie (k1) will not be available, and as such, the SMSESSION cookie cannot
be decoded by the Web Agent (k2-k3-k4).
KB : TEC1853933