Ways To Store Session Data
search cancel

Ways To Store Session Data


Article ID: 50335


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We're trying to implement the way to store session data as explained
in KB article
option #2.

Specifically, we want to store some value to the session store in the
custom authentication scheme and read it from session store in the
active expression.

The problem is that any session-related call in the authentication
scheme fails (including getSession(), getStatus() and setVariable()

The same calls work fine in the active expression.

In the logs we see:

  [3768/3380][Mon Dec 13 2010 15:13:26][SmAuthUser.cpp:285][ERROR]
  CSmSessionServer::GetSession() - Provider::GetSession()
  failed. Error code : 2

  [3768/3380][Mon Dec 13 2010 15:13:26][SmSSInDBStore.cpp:972][INFO]
  CSmSSInDBStore::DoGetStatus() - failed with code - 1001

  [3768/3380][Mon Dec 13 2010 15:13:26][SmAuthUser.cpp:285][ERROR]
  CSmSessionServer::GetStatus() - Provider::GetStatus() failed. Error
  code : 2

  [3768/3380][Mon Dec 13 2010 15:13:26][SmAuthUser.cpp:285][ERROR]
  CSmSessionServer::SetVariable() - Provider::SetVariable()
  failed. Error code: 2

Looks like the session still does not exist during the scheme

Why do we see such behavior ?


  - User context is already established in the authentication scheme.
  - Session IDs are the same in both places (scheme and expression).




Policy Server all versions




During Authentication phase:

First, the User Session ID is generated and stored in the memory
only. Then the Response list (Authentication Responses)is processed,
That's why the GetStatus () function call during the processing of the
response list returns false. Because the persistent session has not
been created yet and stored in the DB. Only session ID has been
created and that too is still in the memory.

After processing the responses, we create the persistent session and
store it in the database.

As no session is stored into the database during the processing of
response, therefore session variables also cannot be created or stored
during the this time in a Response.

During Authorization phase:

As persistent session has already been created and stored into the
database.  That's the reason getStatus () returns true at the
Authorization time. We can create / store the session variables at
this time as session is available in the DB.

This behavior of the Policy Server to process the response list before
creating the persistent session in the database is as per design.