search cancel

DecodeSSOToken without Roundtrip to Policy server

book

Article ID: 8836

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We are working on optimizing custom agent that utilizes C SDK. 

Is there an option to get the AgentKey and use it to decode SM_SESSION cookie without roundtrip to Policy server?

Environment

R12.52 - R12.7 API SDK

Cause

Sm_AgentApi_DecodeSSOToken() This API automatically calls Sm_AgentApi_DoManagement() API to check for any update in the Agent Keys if the Agent Keys that it has is stale. 

The Agent Keys goes stale every 30 seconds. This duration is not configurable on the Agent side. 

 

So unfortunately, there is nothing we can do to prevent C SDK agent API to prevent checking the Agent Key while making the Sm_AgentApi_DecodeSSOToken() API call.

Resolution

SMSESSION cookie is supposed to be updated every time to record the "last access time". This is required to enforce idle/max session time outs. 

 

So its not really possible to cache all available SMSESSIONS. They keep on changing all the time.