ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Validation Period Disabled on Persistent Realm Impact
Article ID: 132523
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
I'd like to know what is the consequence of disabling Validation
Period on a Realm configured for persistent session ?
Environment
Release: MSPPSF99000-12.51-Single Sign-On-Agent for Oracle PeopleSoft-MSP
Component:
Component:
Resolution
According to documentation, if you disable the Validation Period, the
Web Agent will always try to validate the session from its cache and
only call Policy Server if the session is not available in its cache.
On one hand, this should result in less calls to Policy Server and
Session Store. On the other hand, this might lead to the fact that the
Web Agent still validate the session, even if the session doesn't
exist anymore in the Session Store.
Web Agent will always try to validate the session from its cache and
only call Policy Server if the session is not available in its cache.
On one hand, this should result in less calls to Policy Server and
Session Store. On the other hand, this might lead to the fact that the
Web Agent still validate the session, even if the session doesn't
exist anymore in the Session Store.
Additional Information
Realm Dialog Reference
Be aware of the following:
For persistent sessions, the Idle Timeout must be enabled and set
to a value higher than that specified for the Validation Period.
Validation Period
If enabled, determines the period that the Agent caches the result
of a session validation call to the Policy Server. Session
validation calls perform two functions: informing the Policy
Server that a user is still active and checking that the user
session is still valid. Session validation calls inform the Policy
Server that a user is active and confirm that the user session is
valid. If disabled, the agent always tries to validate the session
from its cache and only calls the Policy Server if the session is
not available in its cache.
To specify the validation period, enter values in the Hours,
Minutes, and Seconds fields. If you are configuring the system to
provide a Windows user security context, set this value high, for
example, 15-30 minutes.
Note: The Validation Period value must be greater than zero.
Important! The session validation period must be less than the
specified Idle Timeout value.
https://docops.ca.com/ca-single-sign-on/12-8/en/using/administrative-ui/realm-dialog-reference
Be aware of the following:
For persistent sessions, the Idle Timeout must be enabled and set
to a value higher than that specified for the Validation Period.
Validation Period
If enabled, determines the period that the Agent caches the result
of a session validation call to the Policy Server. Session
validation calls perform two functions: informing the Policy
Server that a user is still active and checking that the user
session is still valid. Session validation calls inform the Policy
Server that a user is active and confirm that the user session is
valid. If disabled, the agent always tries to validate the session
from its cache and only calls the Policy Server if the session is
not available in its cache.
To specify the validation period, enter values in the Hours,
Minutes, and Seconds fields. If you are configuring the system to
provide a Windows user security context, set this value high, for
example, 15-30 minutes.
Note: The Validation Period value must be greater than zero.
Important! The session validation period must be less than the
specified Idle Timeout value.
https://docops.ca.com/ca-single-sign-on/12-8/en/using/administrative-ui/realm-dialog-reference
Feedback
Yes
No
Powered by
