Smauthreason 4 is never triggered

book

Article ID: 19097

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

When a user's session expired due to a session timeout being reached the user is correctly redirected to the login page. However, the redirect happens with SMAUTHREASON = 0 instead of the expected SMAUTHREASON = 4. Due to this it is not possible to configure the login page to display the corresponding response "Session expired" to the user.

Solution:

This behaviour is by design. The SMAUTHREASON is only set by the Siteminder Policy server. In the normal Siteminder web agent, the processing of the user session is done at the web agent layer only. The time out is calculated from the session cookie and the request will not be sent to the Policy server. And If the session expires, the session will be logged out. Since this request is not going to the Policy server, the smauthreason will not be set. After the session is logged out, a new request is send to the Policy server for processing, and since this is a new request SMAUTHREASON = 0 will be set in the response for the new request after it has been processed at the Policy server.

SMAUTHREASON 4 will be triggered only for the Web Agent SDK if persistent session is being used and when the session expires.

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component: