Agent for SharePoint doesn't seem to handle Session Assurance ticket
search cancel

Agent for SharePoint doesn't seem to handle Session Assurance ticket


Article ID: 4618


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


When I run Agent for SharePoint, the Session Assurance
feature doesn't work:

I replay a session by copying the SMSESSION cookie from
Chrome to Firefox Browser, I get authenticated without having
to login again in SharePoint applications.


Policy Server 12.52SP2Agent for SharePoint 12.52SP1CR04SPS 12.52SP1CR05


Device DNA Session Assurance is implemented in
SPS only at the moment.

As mentionned in the documentation :

The application that drives the DeviceDNA checks is hosted
on by the CA Access Gateway. This proxy server can perform
the standard functions, such as web proxy or SAML federation
functions or it can be a separate stand-alone instance that
is dedicated to servicing the Enhanced Session Assurance
transactions. The CA Access Gateway performance is also
dependent on a number of parameters such as, but not limited
to, authentication and authorization transactions per second,
the ratio of authentications to authorizations within the
environment, the length of user sessions, and the frequency
of revalidations.

The Agent for SharePoint handles more complex flow involving federation
and POST requests, and with SPS standalone, the integration of Session Assurance
with Agent for SharePoint goes out of support.


To get Session Assurance integrated in Agent for SharePoint, please open an
Idea on the Security page :

More, to help you increase session security, you might take a look at the SessionLinker
feature in the Agent for SharePoint :