Layer7 Access Management

Tech Tip : CA Single Sign-On : How works the IP Session validation at the Policy Server level ?

  • 1.  Tech Tip : CA Single Sign-On : How works the IP Session validation at the Policy Server level ?

    Posted 09-27-2016 10:24 AM

    Question:

     

    I would like to understand why the Policy Server prints the message "Invalid session ip" in an isAuthorized call.

     

    Answer:

     

    - The Authorization process validates the session data from the SessionSpec, which contains the Client IP.
      The Policy Server always compare the Client IP from the SessionSpec with the one given by the Attribute 208 from the Web Agent request;

     

    - In Web Agent, you can override this IP validation by setting the ACO parameter TransientIPCheck="NO". This will add a
      "* " as for example "*127.0.0.1" at the IP Address in Attribute 208;

     

      In SDK code, you need to pass the Client IP starting with a "* " as for example "*127.0.0.1" in the code function;

     

    KB : TEC1588007