Layer7 Access Management

Expand all | Collapse all

When using AJAX, how do you define the WebAppClientResponse ACO parameter to handle session timeout with FORM security ?

Jump to Best Answer
  • 1.  When using AJAX, how do you define the WebAppClientResponse ACO parameter to handle session timeout with FORM security ?

    Posted 03-07-2016 10:38 AM

    I have read this document here :Apply CA SiteMinder® Behavior to a Web Application Client - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentatio…

    And I've also looked at the AJAX web agent sample, but it's not clear to me how to define a web application client response to handle the following scenario:

     

    When using siteminder FORM authentication, how do you handle Siteminder session timeout for an AJAX request without losing your whole page ?  On session timeout, the "default" form security siteminder HTML page will contain a FORM that will redirect to the Siteminder login page, and after you enter your SM credentials, automatically fires the POST/GET request that got interrupted.  That's fine and dandy except for AJAX requests obviously.

     

    I don't understand how the WebAppClientResponse ACO parameter  helps in this case.  The AJAX sample says to create an HTML page with SiteminderReason and SiteminderRedirectURL attributes.  What would this SiteminderRedirectURL be? and how would that help recover the AJAX POST/GET request that got interrupted by the siteminder session timeout ???



  • 2.  Re: When using AJAX, how do you define the WebAppClientResponse ACO parameter to handle session timeout with FORM security ?

    Posted 03-07-2016 01:33 PM

    Ok I think I understand this now :

     

    The following placeholder values must appear in the body:

     

    SiteminderReason=$$Reason$$

    SiteminderRedirectURL=$$URL$$

     

    Example: Suppose that a web application client request triggers an idle timeout. CA Single Sign-On replaces the placeholder values with IdleTimeoutURL and the URL specified in the value of the IdleTimeoutURL parameter.

     

    But, my question still stands.  How does the WebAppClientResponse ACO parameter help with the AJAX request that got interrupted by the siteminder session timeout ???  Sure you can customize the response, but the redirection URL will still make you lose your current page.  I don't see how you can smoothly return the AJAX response to the page you were on before you are redirected to the login page.



  • 3.  Re: When using AJAX, how do you define the WebAppClientResponse ACO parameter to handle session timeout with FORM security ?

    Posted 02-28-2018 01:47 PM

    Any responses to this question? I am facing a similar issue with AJAX calls and SiteMinder.



  • 4.  Re: When using AJAX, how do you define the WebAppClientResponse ACO parameter to handle session timeout with FORM security ?
    Best Answer

    Posted 02-28-2018 07:07 PM


  • 5.  Re: When using AJAX, how do you define the WebAppClientResponse ACO parameter to handle session timeout with FORM security ?

    Posted 03-02-2018 07:36 PM

    Thanks. I will take a look.

     

    Jaime Britton | Deloitte Consulting

    PA Department of Human Services, Insurance, and Aging

    Mobile #: (717) 215-1565

    www.dhs.state.pa.us<http://www.dhs.state.pa.us/>