What is the originator info?
Originally Published: 2010-10-21
Article Number
Applies To
Issue
What is the originator info (or ORIGINATOR_INFO, or originator ID)
Resolution
Originator information is stored in the application registration file. It is a way to uniquely identify the source where encryption was done.
A new Originator ID is requested to RKM server automatically when the RKM client detects a client environment or configuration change such as:
- Operation user account name has changed. (Operating system login user)
- IP address has changed
- Host name has changed
- Credentials have changed. (Client Identity certificate changed)
RKM 2.7 introduced the concept of originator information.
Originator information is a related to client registration. This is described starting on page 43 of the 2.7.1 C# Client Developer's Guide. The following information appears on page 45:
"If the Key Manager C# Client application is registered with a Key Manager Server, or if the Key Manager C# Client detects an environment change (such as a change of IP address), it automatically requests the information from the Key Manager Server and stores it in the registration file to renew the originator information. If the Key Manager Server is unavailable, or transport is disabled for local cache operations and environment data has been changed, encryption operations will normally fail because the Key Manager C# Client cannot renew the originator information. However, if high availability encryption is required, add the following parameter to the registration file:
client.origin_info.optional_in_ciphertext=true
When this option is set to true, the originator information renewal error is ignored and the Key Manager C# Client does not add the originator identifier in the cipher text."
So, if there has been an environment change (such as IP address) on the RKM client, the client will try to retrieve updated originator info from the RKM server. If the RKM client cannot contact the RKM Server, encryption operations will fail unless the following is set in the C or C# client registration file (not the configuration file):
client.origin_info.optional_in_ciphertext=true
The Java client implements this differently. It has a different variable that needs to be set in the configuration file:
high.availability=true
Regardless of whether you're running in high availability mode, when the client can't contact the server, you may see non-fatal errors in the client logs such as: "Error reading origin info from RKM server, ret: 10003".
Related Articles
Additional Apache Struts INFO level messages in WebLogic log files. Number of Views .\src\service_provider\https_svc_impl.c:488 - ret = 10022. HTTP error in Key Reponse: 302 Number of Views Cloud Administration Retrieve License Usage API Version 2 Number of Views RSA Governance & Lifecycle Blueprint - License Insights Solution - Dashboard Info v1 Number of Views RSA Governance & Lifecycle Recipes: Report - Review Results - Review Summary Info Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager Upgrade Process
Don't see what you're looking for?
