search cancel

Validation Period Disabled on Persistent Realm Impact in Policy Server


Article ID: 132523


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER



What are the consequences of disabling "Validation Period" on a Realm
configured for persistent session ?




Policy Server 12.8SP6 on RedHat 7;




According to documentation (1), when disabling the Validation Period,
the Web Agent will always try to validate the session from its cache
and it will only call Policy Server if the session is not available in
its cache.

On one hand, this should result in less calls to Policy Server and
Session Store. On the other hand, this might lead to the fact that the
Web Agent still validates the session, even if the session doesn't
exist anymore in the Session Store.


Additional Information



    Realm Dialog Reference 

      Be aware of the following: 

      For persistent sessions, the Idle Timeout must be enabled and set 
      to a value higher than that specified for the Validation Period. 

    Validation Period 

      If enabled, determines the period that the Agent caches the result 
      of a session validation call to the Policy Server. Session 
      validation calls perform two functions: informing the Policy 
      Server that a user is still active and checking that the user 
      session is still valid. Session validation calls inform the Policy 
      Server that a user is active and confirm that the user session is 
      valid. If disabled, the agent always tries to validate the session 
      from its cache and only calls the Policy Server if the session is 
      not available in its cache. 

      To specify the validation period, enter values in the Hours, 
      Minutes, and Seconds fields. If you are configuring the system to 
      provide a Windows user security context, set this value high, for 
      example, 15-30 minutes. 

      Note: The Validation Period value must be greater than zero. 

      Important! The session validation period must be less than the 
      specified Idle Timeout value.