Patrick-Dussault

Tech Tip : CA Single Sign-On : Policy Server Configuration on Linux Machine

Discussion created by Patrick-Dussault Employee on Aug 30, 2018

Question:


We're running smconsole on Linux Policy Server, the tool works very slow and we'd like to know
if there's a way to modify configuration ?

 

Answer:

 

At first glance, you can stop the Policy Server and edit the
sm.registry manually. But depending what you want to do, you might
also use XPSConfig.

 

Here a sample to do so for database connection :

 

How to update DB Session Store details without the smconsole ?
https://comm.support.ca.com/kb/how-to-update-db-session-store-details-without-the-smconsole/kb000010637

 

You can also use the smldapsetup to connect to a dummy ldap server to
encrypt the password.

 

Tech Tip : CA Single Sign-On :Policy Server:How to encrypt password in Sm.registry file without using SmConsole
https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2016/08/16/tech-tip-ca-single-sign-on-policy-serverhow-to-encrypt-password-in-smregistry-file-without-using-smconsole


All these are workaround and they are all at your risks.

 

Overall we invite you to vote at the following link to get implemented
direct command lines available in order to modify the sm.registry,
which command lines will validate the input you're giving.

 

Command line options for Policy server management console (smconsole)
https://communities.ca.com/ideas/235732441-command-line-options-for-policy-server-management-console-smconso

 

KB : KB000112512

Outcomes