How do I update the authentication signing secret in AM (All versions)?

Updating the value of the signing secret

You should generate a random string that is at least 128 bit and base64 encoded for your signing secret. For example, you could use a random number generator and then encode it using the DS base64 tool or you could use openssl:

You can then update the value of the signing secret globally or in a specific realm using this generated string, where realm level takes precedence over the global level:

Global

You can update this value globally using either the AM admin UI or ssoadm:

• AM admin UI: navigate to: Configure > Authentication > Core Attributes > Security > Organization Authentication Signing Secret and enter the value of your shared secret.
• ssoadm: enter the following command: $ ./ssoadm set-attr-defs -s iPlanetAMAuthService -t organization -u [adminID] -f [passwordfile] -a iplanet-am-auth-hmac-signing-shared-secret=[sharedSecret]replacing [adminID], [passwordfile] and [sharedSecret] with appropriate values.

Realm level

You can update this value in a specific realm using either the AM admin UI or ssoadm:

• AM admin UI: navigate to: Realms > [Realm Name] > Authentication > Settings > Security > Organization Authentication Signing Secret and enter the value of your shared secret.
• ssoadm: enter the following command: $ ./ssoadm set-realm-svc-attrs -u [adminID] -f [passwordfile] -s iPlanetAMAuthService -e [realmname] -a iplanet-am-auth-hmac-signing-shared-secret=[sharedSecret]replacing [adminID], [passwordfile], [realmname] and [sharedSecret] with appropriate values.

See Also

Authentication configuration

base64

Related Training

N/A

Related Issue Tracker IDs

OPENAM-8264 (insufficient validator for service property 'iplanet-am-auth-hmac-signing-shared-secret')