Siteminder : How to limit one session per user at one time

book

Article ID: 222932

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

When running a Policy Server, how to limit sessions amount per user at
time ?

 

Resolution

 

At first glance, the following KD reflects similar needs, but for a
day period (1).

The Global Delievery Modules list proposes 2 possible solutions for
this sake. The first is to limit the amount of time a user can be
logged in at a given time as per the KD above (2). The second one allows
you to manage on the fly the several Sessions a given user might have
at a given time (3).

You'll find those modules for download here (4). Documentation is
included in the packages.

 

Additional Information

 

(1)

    Policy Server : how to limit user authorized sessions amount by day

       [...] Policy Server doesn't provide that feature. There's a
       Global Delievery module available, which get a little closer to
       that needs, but there's no mention in it to restrict the amount
       of login by day (1)(2).

    https://knowledge.broadcom.com/external/article?articleId=207857

(2)

    Limit Concurrent Login for CA Single Sign-On

      The original (a/k/a LCL) allowed only one active session per
      account. The most recent account to have logged-in
      (authenticated) was allowed to continue to access the site and
      all older sessions were barred from accessing the site.

      [...]

      Many (f/k/a SiteMinder) customers have requested the ability to
      limit the number of times that a single user can be "logged
      into" the system. This is a nebulous concept, given the
      definitions of "logged in" and "logged out", when you consider
      the nature of Web sessions.

(3)

  
    User Session Monitor for CA Single Sign-On 

      For administrators, it gives the capability to view users'
      current active sessions from different Internet IPs and also
      gives the capability of remotely terminating the session if
      administrator wants to do so for a selected IP address or for a
      selected user DN.

(4)

    CA Single Sign-On

      Limit Concurrent Login for CA Single Sign-On
      User Session Monitor for CA Single Sign-On

    https://support.broadcom.com/external/content/release-announcements/CA-Global-Delivery-Packaged-Work-Product-Download-Index/4800#SSO