search cancel

Siteminder session store activation questions

book

Article ID: 189636

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

We have a problem when the session store is enabled in the policy after configuring the session store in connection with SAML interworking with the customer.

For example, an agent connection portal system.

When the SAML interworking system is configured and the user selects a link from the portal to access it, the following issue occurs.

In order to be able to access the Portal-> SAML interworking system when accessing as above, it is understood that the Portal Store must be enabled by enabling the Session Store.

However, if you enable the Session Store, Maximum Timeout Enabled must be enabled for management of sessions stored in the session store.

In this case, a problem occurs and the inquiries are as follows.


1. As in the example, when the Maximum Timeout Enabled value of the Portal system is set to 2 hours, for example

At this time, among the systems linked to the Portal, there are systems that take the Maximum Timeout Enabled value indefinitely.

In this case, the SMSESSION value in the Portal expires after 2 hours, and the session expires in other systems that take the Maximum Timeout Enabled value indefinitely.

-> In this case, is there any way to manage the session separately?


2. Is it possible to separately manage session token values ​​and Smsession values ​​stored in the Session Store?

-> In this case, please check if there is a direction that can be managed separately because the authorization is not maintained and the logout is performed for the system where the Maximum Timeout Enabled is not set in the policy setting.

In addition, the Maximum Timeout Enabled is managed separately for each system in realm in the Siteminder policy. When the main Portal is set to Maximum Timeout Enabled to 2 hours, check if it is logged out of other systems that were connected after 2 hours. 

Environment

Release : 12.6

Component : SITEMINDER -WEB AGENT FOR APACHE

Resolution

This can be resolved by using the slo separately and processing it separately.