PKI Authentication Cache
search cancel

PKI Authentication Cache


Article ID: 186343


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER


We're running a Web Agent and when user access an URL having closed

previously the browser, the user still get access to the Web Site and
it is not asked to provide credentials by PKI Authentication Scheme.

We'd like to know 

  - How to always prompt for the user to enter the pin with new
    browser ?


Web Agent 12.52SP1CR10


At first glance, you should configure the Web Agent to ask the browser

to not keep the SMSESSION cookie on the disk, so it cannot be reused
after you close and open the browser. As mentioned in the
documentation :

  Non-Persistent and Persistent Cookies

    In addition to maintaining the cookie in the web browser, you can
    configure the product to use a cookie that is written to the hard
    disk. Maintaining a cookie on the hard disk is known as a persistent
    cookie. When using persistent cookies, users that close and reopen
    their browser remain logged in.

  Set Persistent Cookies

    Persistent cookies remain valid for the configured maximum session
    time-out plus seven days. Many browsers delete the cookie file of
    the web browser after the cookie expires. Some browsers possibly
    handle persistent cookies differently.

     Follow these steps: 

    1. Set the PersistentCookies parameter to yes.
       The SMSESSION cookies are persistent.


- In the Web Agent ACO, set the parameter :

  PersistentCookies parameter to no;

- Restart the Web Agent;