< Home

plug-in shared-key

Function

The plug-in shared-key command configures the shared key for encapsulating the packets exchanged between the device and an AD monitor (device equipped with ADSSO_Setup.exe) during SSO.

The undo plug-in shared-key command deletes the shared key for encapsulating the packets exchanged between the device and an AD monitor during SSO.

Format

plug-in [ enhanced ] shared-key shared-key

undo plug-in shared-key

Parameters

Parameter Description Value
shared-key shared-key Specifies the shared key for encapsulating the packets exchanged between the device and an AD monitor. This shared key must be the same as the Device Shared Key parameter specified when you install the AD SSO service.
  • The value is a string that contains 1 to 23 case-sensitive characters and is saved in cipher text. Spaces are not supported. Special characters are supported, such as exclamation points (!), at signs (@), number signs (#), dollar signs ($), and percents (%). If the string has 1 to 16 characters, the cipher text is 32-byte long; if the string has 17 to 23 characters, the cipher text is 56-byte long.
  • To enhance security, a shared key is recommended to meet the minimum strength requirement, that is, it needs to contain at least three types of the following characters: upper-case letters (A to Z), lower-case letters (a to z), digits (0 to 9), and special characters such as exclamation points (!), at signs (@), number signs (#), dollar signs ($), and percent (%).
enhanced Indicates that the encryption algorithm AES128 is used for communication between the device and AD monitor. A shared key is dynamically calculated based on the configured shared key for encryption, enhancing security. If this parameter is not configured, the 3DES encryption algorithm is used. The configured shared key is used for encryption.

-

Views

AD SSO view

Default Level

2: Configuration level

Usage Guidelines

The shared key is used to encapsulate the packets exchanged between the device and the AD monitor, and must be the same at both ends.

To use an enhanced encryption algorithm, ensure that the AD SSO service program supports the enhanced encryption algorithm.

Example

# Set the shared key for encrypting the packets exchanged between the device and an AD monitor during SSO to Admin@123.

<sysname> system-view
[sysname] user-manage single-sign-on ad
[sysname-sso-ad] plug-in shared-key Admin@123
Parent Topic: User and Authentication Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >