Error: Invalid session ip in Policy Server
search cancel

Error: Invalid session ip in Policy Server


Article ID: 36892


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER



Why does the Policy Server prints the message

   "Invalid session ip" 

in an isAuthorized call?




The Authorization process validates the session data from the SessionSpec, which contains the Client IP. The Policy Server always compares the Client IP from the SessionSpec with the one given by Attribute 208.

In Web Agent, this IP validation can be overridden by setting the ACO parameter TransientIPCheck="NO".

In SDK code, pass the Client IP starting with a "* " as "*" in the code function to get the same result.