ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

PKI Authentication Cache

book

Article ID: 186343

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction


We're running a Web Agent and when user access an URL having closed

previously the browser, the user still get access to the Web Site and
it is not asked to provide credentials by PKI Authentication Scheme.

We'd like to know 

  - How to always prompt for the user to enter the pin with new
    browser ?

Cause


At first glance, you should configure the Web Agent to ask the browser

to not keep the SMSESSION cookie on the disk, so it cannot be reused
after you close and open the browser. As mentioned in the
documentation :

  Non-Persistent and Persistent Cookies

    In addition to maintaining the cookie in the web browser, you can
    configure the product to use a cookie that is written to the hard
    disk. Maintaining a cookie on the hard disk is known as a persistent
    cookie. When using persistent cookies, users that close and reopen
    their browser remain logged in.

  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-01/configuring/policy-server-configuration/user-sessions.html

  Set Persistent Cookies

    Persistent cookies remain valid for the configured maximum session
    time-out plus seven days. Many browsers delete the cookie file of
    the web browser after the cookie expires. Some browsers possibly
    handle persistent cookies differently.

     Follow these steps: 

    1. Set the PersistentCookies parameter to yes.
       The SMSESSION cookies are persistent.

  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-01/configuring/web-agent-configuration/user-protection-and-tracking/siteminder-browser-cookies.html

Environment


Web Agent 12.52SP1CR10

Resolution


- In the Web Agent ACO, set the parameter :


  PersistentCookies parameter to no;

- Restart the Web Agent;