Layer7 Access Management

Expand all | Collapse all

CA siteMinder

Jump to Best Answer
  • 1.  CA siteMinder

    Posted 02-01-2017 10:50 AM

    Hi Everyone,

     

    I have a problem with SiteMInder  and your help is really needed.

    I have an application which is protected by CA SiteMinder.

    The problem is: when a user click on " logout", he is still logged in this application. I am really thinking about a problem in the level of the cookies management. Have you any advice please or an idea about this problem ? 

    Thanks for your ideas  and help.



  • 2.  Re: CA siteMinder

    Posted 02-01-2017 11:02 AM


  • 3.  Re: CA siteMinder

    Posted 02-01-2017 11:04 AM


  • 4.  Re: CA siteMinder

    Posted 02-01-2017 11:08 AM

    Thanks a lot Ujwol.

    I saw this in my previous researches but the problem is when I search for SMSESSION cookies, it was on " logged off" mode.



  • 5.  Re: CA siteMinder

    Posted 02-01-2017 03:12 PM

    Canyou capture the fiddler trace and share for review?



  • 6.  Re: CA siteMinder

    Posted 02-02-2017 10:53 AM

    Log off

    this is captured when I disconnect.

    I am quite sure that I have the same problem as in this publication https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec529319.html  

    Do I need to modify the configuration of the web agent to no caching mode ? 

    Have you a guide please on the different steps to change it ( the file's name) ?

    Thanks a lot 



  • 7.  Re: CA siteMinder

    Posted 02-02-2017 05:46 PM

    Hi 

     

    If you had the same issue as that article, you would not see the set-cookie response - as in that issue the content of the logout.html page is never sent to the webserver it is retrieved from the local client cache - and so the webserver never has the chance to send the set-cookie.

     

    So if your seeing a set-cookie for LOGGEDOFF then you are past that issue!


    But that set-cookie should replace your existing SMSESSION cookie - it can fail to do this if the domain= sections are different than the original set-cookie domain for SMSESSION.

     

    And on your next request to the protected resource it should send the SMSESSION=LOGGEDOFF to the server. 

     

    But if you are still able to access the resource, then it will be cached or if it send the older value for SMSESSION then the set-cookie command to LOGGEDOFF didnt work. 

     

    But the latter steps in the fidder should show what is happening.

     

    Cheers - Mark



  • 8.  Re: CA siteMinder

    Posted 02-03-2017 10:41 AM

    Hi Mark,

     

    Exactly, the domain parameter is not the same as in the SMSESSION login cookie.

    In other environment, I don't have this problem and I have the same value of domains in Login and Logout cookies.



  • 9.  Re: CA siteMinder
    Best Answer

    Posted 02-02-2017 06:07 PM

    Please provide the full fiddler trace. If you can't provide it here, open a support case and upload it to the case for review.

    This is definitely something very simple to fix.



  • 10.  Re: CA siteMinder

    Posted 02-03-2017 08:12 AM

    Thanks a lot for both of you.

    I will raise a CA ticket with the fiddler trace.