Policy Server reporting "Invalid session ip"


Article ID: 36892


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



We'd like to understand why the Policy Server prints the message

   "Invalid session ip" 

in an isAuthorized call ?




The Authorization process validates the session data from the
SessionSpec, which contains the Client IP. The Policy Server always
compare the Client IP from the SessionSpec with the one given by the
Attribute 208.

In Web Agent, we override this IP validation by setting the
ACO parameter TransientIPCheck="NO".

In SDK code, you need to pass the Client IP starting with a "* " as
for example "*" in the code function.