SMSESSION is not getting changed while using with CA API Gateway

Article Id: 143426

Status: Published

Updated On: 21-01-2020 10:28

Products:

CA Single Sign On Secure Proxy Server (SiteMinder) , AXIOMATICS POLICY SERVER , CA Single Sign On Agents (SiteMinder) , CA Single Sign On Policy Server (SiteMinder) , CA Single Sign On Federation (SiteMinder) , CA Single Sign On SOA Security Manager (SiteMinder) , SITEMINDER

Issue/Introduction:

We're running an API Gateway and when it protects a site and issues an
SMSESSION cookie, the session ends in 10 minutes and during this time,
the SMSESSION never gets update.

How can we fix this ?

Cause:

By configuring the "Manage CA Single Sign-On Configurations" task,
there's an option related to the behavior you see :

Under "Tasks / Users and Authentication / Manage CA Single Sign-On
Configurations" you'll see the option :

"Update SSO Token"

That option manages the behavior of Api Gateway to update or not the
SMSESSION cookie.

Environment:

Policy Server 12.7 on Linux;
CA API Gateway 9.4 on Linux;

Resolution:

Enable "Update SSO Token" by checking the option, to get the SMSESSION on every request.