Layer7 Access Management

Expand all | Collapse all

Session sharing between two applications

Jump to Best Answer
  • 1.  Session sharing between two applications

    Posted 12-15-2016 06:32 AM

    Hi, 

    We have two application with same domain name but ACO's are different. 

    EX URLs:

    application 1: https://application1.company.com/bnd/

    application 2: https://application2.company.com/advance/home.aspx

     

    Application 1 and application 2 are deployed on different webservers and ACO's are different. Already two applications are configured using SiteMinder for authentication and authorization. 

     

    We would like to perform session sharing between two applications. If user logged into one application 1 the user shouldn't ask for credentials if he hits the application 2 URL in the same browser. 

     

    What steps we need to perform achieve this? Please advise. 

     

    Thanks in advance. 



  • 2.  Re: Session sharing between two applications

    Posted 12-15-2016 06:47 AM

    Hello,

     

    If your 2 application are using the same policy server, are in the same cookie domain (.company.com), in the same cookie zone and using the same protection level, you should have SSO. You should also use the same user directory name in the domain /realm definition.

     

    Depending on your configuration you would have to trust SSO zone, use auth/validation mapping.

     

    Check all your constraints and depending on them, you will be able to design your policies to enable SSO between your applications.

     

    Hope it helps,

    Julien.



  • 3.  Re: Session sharing between two applications

    Posted 12-16-2016 01:35 AM

    Hi Julien, 

     

    Thanks for your valuable reply. 

     

    Have few queries on this. Applications are in same domain but policy servers are different. Also application uses different user directories. 

    So, Is that not possible to configure SSO between these two applications?

    Please advise

     

    Thanks, 

    Karthick Sugumaran



  • 4.  Re: Session sharing between two applications

    Posted 12-16-2016 01:43 AM

    Hi Karthick,

     

    Both the policy servers are using same key store?

     

    if the agents are having same set of keys then you can achieve single sing on by implementing Auth-Validation Identity Mapping.

    Please refer below link for Validation Identity Mapping.

    https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/HTML/idocs/1796110.html#o1802840

     

    Thanks,

    Sharan



  • 5.  Re: Session sharing between two applications

    Posted 12-16-2016 09:26 AM

    Are both policy servers using same keystore and "policy store" OR different i.e. each policy server is pointing to a different keystore-policystore. According the solution differs.



  • 6.  Re: Session sharing between two applications

    Posted 12-16-2016 10:12 AM

    Hi Sharana, 

     

    Policy servers are not using same Key store. So, Is there any possibilities to implement SSO? 

     

    Thanks, 

    Karthick Sugumaran



  • 7.  Re: Session sharing between two applications

    Posted 12-16-2016 10:31 AM

    Hello,

     

    If you have disparate key store, you should use the same static agent in both environments.

     

    Regards,

    Julien



  • 8.  Re: Session sharing between two applications
    Best Answer

    Posted 12-19-2016 08:08 AM

    Hi Karthick,

     

    Multiple Key Store Single Sign–on Requirements
    1. Disable dynamic Agent key generation for all Policy Servers.
    2. Be sure that a CA SiteMinder administrator has the necessary Administrative UI permissions to specify the same static Agent key and the same session ticket in the both key stores.
    3. Be sure that the same static Agent key and the same session ticket are configured in both key stores.

    Once both the key stores have same set of keys then implement Auth-Validation Identity Mapping.
    Please refer below link for Validation Identity Mapping.
    https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/HTML/idocs/1796110.html#o1802840

     

    Thanks,

    Sharan