Policy Server reporting "Invalid session ip"

book

Article ID: 36892

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Question :

I'd like to understand why the Policy Server print
the message "Invalid session ip" in an isAuthorized call.

Answer :

The Authorization process validates the session data from
the SessionSpec, which contains the Client IP.
The Policy Server always compare the Client IP from the
SessionSpec with the one given by the Attribute 208;

In Web Agent, we override this IP validation by setting the
ACO parameter TransientIPCheck="NO".

In SDK code, you need to pass the Client IP starting with a
"* " as for example "*127.0.0.1" in the code function;

Environment

Release:
Component: SMPLC