CA Device DNA Informative Questions
Article ID: 116647
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
** Question 1 --> when using Session Assurance Device DNA with Federation Partnership, does the Certificate Signature comes into play with session Assurance flow at all?
are we using the Signature to sign anything for session Assurance ?
** Question 2 --> can payload collected by script be replayed in anyway ? is the payload used by Session assurance to generate the hash ? is it possible for someone to get the payload and generate the hash ?
** Question 3 --> can the java script running through Session assurance be executed in background ?
** Question 4 --> Today when Session gets rejected by Session Assurance Example below , we display a 403 Forbidden error within the redirect.sac. Is there a way to customize this message ?
Environment
12.6
12.7
12.8
12.7
12.8
Resolution
** Question 1 --> when using Session Assurance Device DNA with Federation Partnership, does the Certificate Signature comes into play with session Assurance flow at all?
are we using the Signature to sign anything for session Assurance ?
Answer --> we do not use Certificate configured in the partnership for any Session assurance tasks
** Question 2 --> can payload collected by script be replayed in anyway ? is the payload used by Session assurance to generate the hash ? is it possible for someone to get the payload and generate the hash ?
Answer --> session assurance is bound to HTTP request context. So even replayed it will not work.
** Question 3 --> can the java script running through Session assurance be executed in background ?
Answer --> No the java script cannot be exectuted in backaground. It is executed as part of transaction.
** Question 4 --> Today when Session gets rejected by Session Assurance Example below , we display a 403 Forbidden error within the redirect.sac. Is there a way to customize this message ?
Answer --> There is no such feature within session assurance to change the redirection. Recommendation is to use custom error (https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/web-agent-configuration/web-application-protection/custom-error-handling-for-applications)
are we using the Signature to sign anything for session Assurance ?
Answer --> we do not use Certificate configured in the partnership for any Session assurance tasks
** Question 2 --> can payload collected by script be replayed in anyway ? is the payload used by Session assurance to generate the hash ? is it possible for someone to get the payload and generate the hash ?
Answer --> session assurance is bound to HTTP request context. So even replayed it will not work.
** Question 3 --> can the java script running through Session assurance be executed in background ?
Answer --> No the java script cannot be exectuted in backaground. It is executed as part of transaction.
** Question 4 --> Today when Session gets rejected by Session Assurance Example below , we display a 403 Forbidden error within the redirect.sac. Is there a way to customize this message ?
Answer --> There is no such feature within session assurance to change the redirection. Recommendation is to use custom error (https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/web-agent-configuration/web-application-protection/custom-error-handling-for-applications)
Feedback
Yes
No
Powered by
