Layer7 Access Management

Expand all | Collapse all

Session Assurance - POST method gets kicked to login page

  • 1.  Session Assurance - POST method gets kicked to login page

    Posted 04-17-2016 12:44 PM

    Hi Everyone,

     

    I have implemented Session Assurance protected realm and am able to login and aquire session info and get access to the resource.

    After 5 minuted (the devicedna refresh interval) I get kicked out to login page (login.fcc)

    The web page has a JS which POSTs to the server every 2 minutes.

    On the third POST, after 6 minutes, I get ValidateReject and redirected to login page.

     

    As per the bookshelf, Session Assurance does not support POST operations, but is it by design that I get kicked out to login page?

    What do I miss here?

     

    P.S.

    When I disabled the JS and tried to GET a protected page in the same realm after 6 minutes, I got redirected to uiapp, got the DeviceDNA collected and returned to the original page, as expected.

     

    Environment Details:

    Policy Server:

    OS - Win2012 R2

    SMPS - 12.52 SP2

     

    Session Store:

    CA Directory r12 sp 17

     

    SPS:

    OS: Win 2012 R2

    SMSPS: 12.51 sp8



  • 2.  Re: Session Assurance - POST method gets kicked to login page

    Posted 04-19-2016 10:01 PM

    Hi,

     

    That doesn't look right.

    Do you see any explanation to why the user was kicked out from the web agent trace logs & ps trace logs ?

     

    Regards,

    Ujwol



  • 3.  Re: Session Assurance - POST method gets kicked to login page

    Posted 04-27-2016 08:40 AM

    Hi,

     

    Along with checking the Agent and PS logs & traces, you can also review the current limitations on Session Assurance at the following location:

    How to Configure Enhanced Session Assurance with DeviceDNA™ - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentat…

     

    It could be the script making the POSTs is a Web 2.0 app (like Ajax), and therefore explain this behaviour, as the 5 minutes are the DeviceDNA refresh interval. Anyway, if the POSTs are not supported, and you do not have the same behaviour with a GET in such time, you could also test making that script to do GETs instead POSTs just to verify this is not the reason.

     

    Best regards,

     

    Albert F.