Ways To Store Session Data

book

Article ID: 50335

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We're trying to implement the way to store session data as explained
in KB article
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=51232,
option #2.

Specifically, we want to store some value to the session store in the
custom authentication scheme and read it from session store in the
active expression.

The problem is that any session-related call in the authentication
scheme fails (including getSession(), getStatus() and setVariable()
functions).

The same calls work fine in the active expression.

In the logs we see:

  [3768/3380][Mon Dec 13 2010 15:13:26][SmAuthUser.cpp:285][ERROR]
  CSmSessionServer::GetSession() - Provider::GetSession()
  failed. Error code : 2

  [3768/3380][Mon Dec 13 2010 15:13:26][SmSSInDBStore.cpp:972][INFO]
  CSmSSInDBStore::DoGetStatus() - failed with code - 1001

  [3768/3380][Mon Dec 13 2010 15:13:26][SmAuthUser.cpp:285][ERROR]
  CSmSessionServer::GetStatus() - Provider::GetStatus() failed. Error
  code : 2

  [3768/3380][Mon Dec 13 2010 15:13:26][SmAuthUser.cpp:285][ERROR]
  CSmSessionServer::SetVariable() - Provider::SetVariable()
  failed. Error code: 2

Looks like the session still does not exist during the scheme
invocation.

Why do we see such behavior ?

Notes:

  - User context is already established in the authentication scheme.
  - Session IDs are the same in both places (scheme and expression).

 

Environment

 

Policy Server all versions

 

Resolution

 

During Authentication phase:

First, the User Session ID is generated and stored in the memory
only. Then the Response list (Authentication Responses)is processed,
That's why the GetStatus () function call during the processing of the
response list returns false. Because the persistent session has not
been created yet and stored in the DB. Only session ID has been
created and that too is still in the memory.

After processing the responses, we create the persistent session and
store it in the database.

As no session is stored into the database during the processing of
response, therefore session variables also cannot be created or stored
during the this time in a Response.

During Authorization phase:

As persistent session has already been created and stored into the
database.  That's the reason getStatus () returns true at the
Authorization time. We can create / store the session variables at
this time as session is available in the DB.

This behavior of the Policy Server to process the response list before
creating the persistent session in the database is as per design.