ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
PKI Authentication Cache
Article ID: 186343
CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On Agents (SiteMinder)CA Single Sign On Federation (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)SITEMINDER
We're running a Web Agent and when user access an URL having closed previously the browser, the user still get access to the Web Site and it is not asked to provide credentials by PKI Authentication Scheme.
We'd like to know
- How to always prompt for the user to enter the pin with new browser ?
At first glance, you should configure the Web Agent to ask the browser to not keep the SMSESSION cookie on the disk, so it cannot be reused after you close and open the browser. As mentioned in the documentation :
Non-Persistent and Persistent Cookies
In addition to maintaining the cookie in the web browser, you can configure the product to use a cookie that is written to the hard disk. Maintaining a cookie on the hard disk is known as a persistent cookie. When using persistent cookies, users that close and reopen their browser remain logged in.
Persistent cookies remain valid for the configured maximum session time-out plus seven days. Many browsers delete the cookie file of the web browser after the cookie expires. Some browsers possibly handle persistent cookies differently.
Follow these steps:
1. Set the PersistentCookies parameter to yes. The SMSESSION cookies are persistent.