Products
Solutions
Support & Services
Company
How To Buy
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Register
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
Communities
All Communities
Enterprise Software
Mainframe Software
Symantec Enterprise
Blogs
All Blogs
Enterprise Software
Mainframe Software
Symantec Enterprise
Events
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Water Cooler
Education
Groups
Enterprise Software
Mainframe Software
Symantec Enterprise
Symantec Access Management
Private Community
View Only
Community Home
Threads
Library
Events
Members
Back to discussions
Expand all
|
Collapse all
sort by most recent
sort by thread
CA Single Sign-ON
Jump to
Best Answer
marta benedetti
Oct 08, 2019 09:20 AM
Hi, With CA Single Sing-On we manage sessions from different applications. For each realm the configuration ...
Joseph Rahme
Oct 09, 2019 10:13 AM
Best Answer
The only time that Siteminder Will set the session to LOGGEDOFF is either it is Idle , Expired or ...
James Atchley
Oct 09, 2019 10:16 AM
1.
CA Single Sign-ON
0
Recommend
marta benedetti
Posted Oct 08, 2019 09:20 AM
Reply
Reply Privately
Options Dropdown
Hi,
With CA Single Sing-On we manage sessions from different applications.
For each realm the configuration is:
idle timeout =1 hour
maximum timeout = 12 hours.
I have this issue:
The customer complains that the session expires earlier than expected
As evidence the SMSESSION cookie is set to LOGGEDOFF
I'd like to track user activity in order to be sure that the problem is the idle timeout, do you know if there is an easy way to do so?
I've found this article but maybe is too heavy for the system
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-sp1/configuring/web-agent-configuration/user-protection-and-tracking/user-identity-and-activity-tracking-and-url-monitoring.html
Thank you,
Marta
2.
RE: CA Single Sign-ON
Best Answer
0
Recommend
Broadcom Employee
Joseph Rahme
Posted Oct 09, 2019 10:13 AM
Reply
Reply Privately
Options Dropdown
The only time that Siteminder Will set the session to
LOGGEDOFF is either it is Idle , Expired or someone loggedoff the application.
First you need to understand from the user reporting the issue the actions being performed , what applications , is he idling the system , is he accessing multiple applications ? is he logging off from one application ... so you need to understand from them what is their scenario when they see the issue.
Couple of suggestions :
- User tracking enabled with
UseSessionForAnonymous set to yes can help if you have anonymous Protected Realms . The agent will be forced to validate the SMSESSION and generate a new Cookie which will reset the Idle
- Check if you have the http only cookie flag selected , if that is the case , depends on what kind of application is being used , the SMSESISON may not be submitted with Requests (and if user accessing non protected resources)
- You need to track the user by Session ID , The session ID will remain the same as long as it is valid . Collect the Agent trace and access log from policy server to determine the Session ID of the user and you can track any subsequent request of the user by looking up the session and see what is happening .
- Also check if the User is accessing Various applications in Different time zone as that can lead to such behavior .
Regards
Joe
Original Message
Original Message:
Sent: 10-08-2019 09:20 AM
From: marta benedetti
Subject: CA Single Sign-ON
Hi,
With CA Single Sing-On we manage sessions from different applications.
For each realm the configuration is:
idle timeout =1 hour
maximum timeout = 12 hours.
I have this issue:
The customer complains that the session expires earlier than expected
As evidence the SMSESSION cookie is set to LOGGEDOFF
I'd like to track user activity in order to be sure that the problem is the idle timeout, do you know if there is an easy way to do so?
I've found this article but maybe is too heavy for the system
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-sp1/configuring/web-agent-configuration/user-protection-and-tracking/user-identity-and-activity-tracking-and-url-monitoring.html
Thank you,
Marta
3.
RE: CA Single Sign-ON
0
Recommend
Broadcom Employee
James Atchley
Posted Oct 09, 2019 10:16 AM
Edited by James Atchley Oct 09, 2019 10:17 AM
Reply
Reply Privately
Options Dropdown
×
New Best Answer
This thread already has a best answer. Would you like to mark this message as the new best answer?
Skip Navigation Links
Footer
Copyright 2023. All rights reserved.
Powered by Higher Logic