Home Forums CA Single Sign-On [RESOLVED] Question about SMSAMLDATA using Partnership Federation

This topic contains 1 reply, has 2 voices, and was last updated by  ujwols 7 months, 3 weeks ago.

  • Author
    Posts
  • #883

    kipman
    Participant

    In using SAML Federation and response HTTP header variable, and create SMSAMLDATA variable.
    After created SMSAMLDATA variable, and logoff by “logoffuri”, WebAgent Set-Cookie buggy variable “SMSAMLDAT” (not SMSAMLDATA).

    Set-Cookie: SMSAMLDAT=””; Domain=.test.co.jp; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

    Q1. What is SMSAMLDAT variable ?? it seems to be product bug…

    In addition, after logoff by “logoffuri”, SMSAMLDATA variable has been overwritten, set different value.

    Set-Cookie: SMSAMLDATA=Kk8AgMKuv/4jACa0V4aDmPW5RSYctJ6xObjKIA6uBGDhDJGxqIekX59RK0w97ig6bOQhq3UNt4pc7gpjjJHgTMwsuUBl6xrKxCLeAcKz5q4iktU1cTTKb131tOV5xblyjZh0diEGpE5kleUeiWLfoeZPYbL6QYSYijd/jD41h92h8nQ2h+20BHb/SqRHJzBq7BO/BYFwcSTH1wd5xe+rNXPSFq0ap1YtlT76nAJ6sSL+xyrWKqJt/KA2G9PvAMrRfby19dAeRA0hLirnKE5Hxgvs0QwGiTjfZtianMEoS8OFMNw8xk7CfRYPjEdsCktyHF/iD+z0yE4j2M+ne3aSeUxcM3FYGUEIheOgTRw8fflgDQri/gsIa2gnBeJjPekbK5s1pBU+cXvW1S3TRzCGlxMVnrCl76sdQJK/2m+nS16pc3uZBUMJcyY7CBJPiqpo;

    Set-Cookie: SMSAMLDATA=WV6WP/EeLtCGfH2YOpCplvo6zOQzECTdKJZ8dFjDxlCf6ZFOQ8hNSFhU0Kk3VpB2dvOMoutstr00LzSsIIRJM8h2/HJ5/qq3CD+vznKGM0Vx5ta9/AmUxBBcquM8HByYxwzMsunjFcYBa8B5+uOjOw8CqON26pCjGwLK5PeMMQMIig/+TpE5XPX2bK7V/S1HqBwVN7+yoJHeUMP32Ih2NrbXFDZiXZ1HH9rg9lpJo28zMtD3ZCFhm683XUPNiI/y0VZhx06/1jBn9ufbDUtnXy7HEHX76RDYQbqAztVykDe4yNTDnCkvH9sZGoc0TQcw/NS7j2YykIPCR/JmKiYQm9hpdmlclAa9Uzn2hMAsvUr7YaJzbnwk4HuZvHK1kkPUlqA+PIkOuDuSe8zqmtKwRjPa3RGfYgxrFnC2XxInO/A+2T5b2a0EGQfGzIodL0JG;

    Q2. This overwrite working is product design?? If this is product design…why it is overwritten ?

    • This topic was modified 7 months, 3 weeks ago by  kipman.
    • This topic was modified 7 months, 2 weeks ago by  ujwols.
  • #887

    ujwols
    Keymaster

    Before answering your question, a bit of background info – SMSAMLDATA cookie is created if HTTP Header Redirect mode is configured in the partnership. It is used to store the HTTP headers in encrypted format. This cookie is encrypted using Agent Keys.
    The web agent on the SP side decrypts this SMSAMLDATA cookie using agent keys, read all HTTP headers contained within it and set these headers so the target application gets an access to it.

    Q1. What is SMSAMLDAT variable ?? it seems to be product bug…
    Ujwol => Yes, to my knowledge there is NO “SMSAMLDAT” cookie. This almost certainly looks like a bug.

    In addition, after logoff by “logoffuri”, SMSAMLDATA variable has been overwritten, set different value.

    Set-Cookie: SMSAMLDATA=Kk8AgMKuv/4jACa0V4aDmPW5RSYctJ6xObjKIA6uBGDhDJGxqIekX59RK0w97ig6bOQhq3UNt4pc7gpjjJHgTMwsuUBl6xrKxCLeAcKz5q4iktU1cTTKb131tOV5xblyjZh0diEGpE5kleUeiWLfoeZPYbL6QYSYijd/jD41h92h8nQ2h+20BHb/SqRHJzBq7BO/BYFwcSTH1wd5xe+rNXPSFq0ap1YtlT76nAJ6sSL+xyrWKqJt/KA2G9PvAMrRfby19dAeRA0hLirnKE5Hxgvs0QwGiTjfZtianMEoS8OFMNw8xk7CfRYPjEdsCktyHF/iD+z0yE4j2M+ne3aSeUxcM3FYGUEIheOgTRw8fflgDQri/gsIa2gnBeJjPekbK5s1pBU+cXvW1S3TRzCGlxMVnrCl76sdQJK/2m+nS16pc3uZBUMJcyY7CBJPiqpo;

    Set-Cookie: SMSAMLDATA=WV6WP/EeLtCGfH2YOpCplvo6zOQzECTdKJZ8dFjDxlCf6ZFOQ8hNSFhU0Kk3VpB2dvOMoutstr00LzSsIIRJM8h2/HJ5/qq3CD+vznKGM0Vx5ta9/AmUxBBcquM8HByYxwzMsunjFcYBa8B5+uOjOw8CqON26pCjGwLK5PeMMQMIig/+TpE5XPX2bK7V/S1HqBwVN7+yoJHeUMP32Ih2NrbXFDZiXZ1HH9rg9lpJo28zMtD3ZCFhm683XUPNiI/y0VZhx06/1jBn9ufbDUtnXy7HEHX76RDYQbqAztVykDe4yNTDnCkvH9sZGoc0TQcw/NS7j2YykIPCR/JmKiYQm9hpdmlclAa9Uzn2hMAsvUr7YaJzbnwk4HuZvHK1kkPUlqA+PIkOuDuSe8zqmtKwRjPa3RGfYgxrFnC2XxInO/A+2T5b2a0EGQfGzIodL0JG;

    Q2. This overwrite working is product design?? If this is product design…why is it overwritten?
    Ujwol =>As SMSAMLDATA is encrypted using Agent Keys, just like SMSESSION cookie, if they need to be refreshed, they will be re-encyrpted using the latest set of agent Keys. However, after the logoff I do believe, it is required for the SMSAMLDATA cookie to be cleared. So this potentially looks like bug as well.

    • This reply was modified 7 months, 3 weeks ago by  ujwols.

You must be logged in to reply to this topic.