search cancel

Error: Invalid session ip in Policy Server

book

Article ID: 36892

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

 

Why does the Policy Server prints the message

   "Invalid session ip" 

in an isAuthorized call?

 

Resolution

 

The Authorization process validates the session data from the SessionSpec, which contains the Client IP. The Policy Server always compares the Client IP from the SessionSpec with the one given by Attribute 208.

In Web Agent, this IP validation can be overridden by setting the ACO parameter TransientIPCheck="NO".

In SDK code, pass the Client IP starting with a "* " as "*127.0.0.1" in the code function to get the same result.