Home Forums CA Single Sign-On [RESOLVED] How PS validates the SMSESSION cookie which is created by another PS?

Tagged: 

This topic contains 6 replies, has 2 voices, and was last updated by  Dhilip 9 months, 1 week ago.

  • Author
    Posts
  • #477

    Dhilip
    Participant

    Hi Ujwol,

    Assume that I have two policy servers A and B. While I am trying to access the application for the first time, Policy server A comes into picture and SMSESSION cookie is getting created. Now, if the next request goes to the Policy Server B, how does Policy Serve B validates the SMSESSION? I am aware that webagent will make validate call with SESSIONID and SESSIONSPEC, but what policy server B will do (after decrypting SESSIONSPEC)? When the session will be considered valid? What are the validations which will be performed by Policy serer B?

    Regards,
    Dhilip

    • This topic was modified 9 months, 2 weeks ago by  ujwols.
  • #478

    ujwols
    Keymaster

    Hi Dhilip,

    It doesn’t matter which policy server validates the session.
    Here are few validation that it does during this :

    1. Ensures that both Session ID and Specs are NOT empty.
    2. Decrypts Session Specs.
    3. Checks if session is persistent or not.
    4. If persistent session, check if the session exist in the session store.
    5. Checks if the Session ID match
    6. Checks if the Client IP address match.
    7. Validates Max and Idle Time out
    8. Vaidates if the User Name match.

    Does that clarify your question ?

    Regards,
    Ujwol

  • #490

    Dhilip
    Participant

    Hi Ujwol,

    Yes, thanks for your response. Just want to know about one more scenario. In case, if the session is non persistent, what are the validations which will be performed? I hope max and idle timeout validation will happen. Will any other additional validation be performed?

    Regards,
    Dhilip

  • #491

    ujwols
    Keymaster

    For non persistent session all of the above validation happens except 4.

  • #539

    Dhilip
    Participant

    Hi Ujwol,

    Could you please elaborate your previous answer? If it is a persistent session, the values in Session ticket can be compared with the one which in the session store. But, for non persistent session, which values will be used for comparison?
    Thanks.

    Regards,
    Dhilip

    • #556

      ujwols
      Keymaster

      Hi Dhilip,

      For non persistent session, policy server doesn’t perform this check.
      As this is not stored anywhere.

      Regards,
      Ujwol

  • #557

    Dhilip
    Participant

    Hi Ujwol,

    Thanks for the confirmation.
    Have a nice day!

    Regards,
    Dhilip

You must be logged in to reply to this topic.