DecodeSSOToken without Roundtrip to Policy server
search cancel

DecodeSSOToken without Roundtrip to Policy server


Article ID: 8836


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We are working on optimizing custom agent that utilizes C SDK. 

Is there an option to get the AgentKey and use it to decode SM_SESSION cookie without roundtrip to Policy server?


R12.52 - R12.7 API SDK


Sm_AgentApi_DecodeSSOToken() This API automatically calls Sm_AgentApi_DoManagement() API to check for any update in the Agent Keys if the Agent Keys that it has is stale. 

The Agent Keys goes stale every 30 seconds. This duration is not configurable on the Agent side. 


So unfortunately, there is nothing we can do to prevent C SDK agent API to prevent checking the Agent Key while making the Sm_AgentApi_DecodeSSOToken() API call.


SMSESSION cookie is supposed to be updated every time to record the "last access time". This is required to enforce idle/max session time outs. 


So its not really possible to cache all available SMSESSIONS. They keep on changing all the time.