How do I update the authentication signing secret in AM (All versions)?
The purpose of this article is to provide information on updating the value of the authentication signing secret in AM. The signing secret is a random key that AM generates upon startup and uses to sign the authentication token (authID). You can replace the generated value with a static value if required.
1 reader recommends this article
Updating the value of the signing secret
You should generate a random string that is at least 128 bit and base64 encoded for your signing secret. For example, you could use a random number generator and then encode it using the DS base64 tool or you could use openssl:
$ openssl rand -base64 32You can then update the value of the signing secret globally or in a specific realm using this generated string, where realm level takes precedence over the global level:
Global
You can update this value globally using either the AM admin UI or ssoadm:
- AM admin UI: navigate to: Configure > Authentication > Core Attributes > Security > Organization Authentication Signing Secret and enter the value of your shared secret.
- ssoadm: enter the following command: $ ./ssoadm set-attr-defs -s iPlanetAMAuthService -t organization -u [adminID] -f [passwordfile] -a iplanet-am-auth-hmac-signing-shared-secret=[sharedSecret]replacing [adminID], [passwordfile] and [sharedSecret] with appropriate values.
Realm level
You can update this value in a specific realm using either the AM admin UI or ssoadm:
- AM admin UI: navigate to: Realms > [Realm Name] > Authentication > Settings > Security > Organization Authentication Signing Secret and enter the value of your shared secret.
- ssoadm: enter the following command: $ ./ssoadm set-realm-svc-attrs -u [adminID] -f [passwordfile] -s iPlanetAMAuthService -e [realmname] -a iplanet-am-auth-hmac-signing-shared-secret=[sharedSecret]replacing [adminID], [passwordfile], [realmname] and [sharedSecret] with appropriate values.
Note
You must restart the web application container in which AM runs to apply these configuration changes.
See Also
Related Training
N/A