Home Forums CA Single Sign-On [RESOLVED] Question about SMSAMLDATA using Partnership Federation Reply To: [RESOLVED] Question about SMSAMLDATA using Partnership Federation

#887

ujwols
Keymaster

Before answering your question, a bit of background info – SMSAMLDATA cookie is created if HTTP Header Redirect mode is configured in the partnership. It is used to store the HTTP headers in encrypted format. This cookie is encrypted using Agent Keys.
The web agent on the SP side decrypts this SMSAMLDATA cookie using agent keys, read all HTTP headers contained within it and set these headers so the target application gets an access to it.

Q1. What is SMSAMLDAT variable ?? it seems to be product bug…
Ujwol => Yes, to my knowledge there is NO “SMSAMLDAT” cookie. This almost certainly looks like a bug.

In addition, after logoff by “logoffuri”, SMSAMLDATA variable has been overwritten, set different value.

Set-Cookie: SMSAMLDATA=Kk8AgMKuv/4jACa0V4aDmPW5RSYctJ6xObjKIA6uBGDhDJGxqIekX59RK0w97ig6bOQhq3UNt4pc7gpjjJHgTMwsuUBl6xrKxCLeAcKz5q4iktU1cTTKb131tOV5xblyjZh0diEGpE5kleUeiWLfoeZPYbL6QYSYijd/jD41h92h8nQ2h+20BHb/SqRHJzBq7BO/BYFwcSTH1wd5xe+rNXPSFq0ap1YtlT76nAJ6sSL+xyrWKqJt/KA2G9PvAMrRfby19dAeRA0hLirnKE5Hxgvs0QwGiTjfZtianMEoS8OFMNw8xk7CfRYPjEdsCktyHF/iD+z0yE4j2M+ne3aSeUxcM3FYGUEIheOgTRw8fflgDQri/gsIa2gnBeJjPekbK5s1pBU+cXvW1S3TRzCGlxMVnrCl76sdQJK/2m+nS16pc3uZBUMJcyY7CBJPiqpo;

Set-Cookie: SMSAMLDATA=WV6WP/EeLtCGfH2YOpCplvo6zOQzECTdKJZ8dFjDxlCf6ZFOQ8hNSFhU0Kk3VpB2dvOMoutstr00LzSsIIRJM8h2/HJ5/qq3CD+vznKGM0Vx5ta9/AmUxBBcquM8HByYxwzMsunjFcYBa8B5+uOjOw8CqON26pCjGwLK5PeMMQMIig/+TpE5XPX2bK7V/S1HqBwVN7+yoJHeUMP32Ih2NrbXFDZiXZ1HH9rg9lpJo28zMtD3ZCFhm683XUPNiI/y0VZhx06/1jBn9ufbDUtnXy7HEHX76RDYQbqAztVykDe4yNTDnCkvH9sZGoc0TQcw/NS7j2YykIPCR/JmKiYQm9hpdmlclAa9Uzn2hMAsvUr7YaJzbnwk4HuZvHK1kkPUlqA+PIkOuDuSe8zqmtKwRjPa3RGfYgxrFnC2XxInO/A+2T5b2a0EGQfGzIodL0JG;

Q2. This overwrite working is product design?? If this is product design…why is it overwritten?
Ujwol =>As SMSAMLDATA is encrypted using Agent Keys, just like SMSESSION cookie, if they need to be refreshed, they will be re-encyrpted using the latest set of agent Keys. However, after the logoff I do believe, it is required for the SMSAMLDATA cookie to be cleared. So this potentially looks like bug as well.

  • This reply was modified 7 months, 3 weeks ago by  ujwols.