When I run Agent for SharePoint, the Session Assurancefeature doesn't work:
I replay a session by copying the SMSESSION cookie fromChrome to Firefox Browser, I get authenticated without havingto login again in SharePoint applications. Environment:Policy Server 12.52SP2 Agent for SharePoint 12.52SP1CR04 SPS 12.52SP1CR05
Device DNA Session Assurance is implemented inSPS only at the moment.
As mentionned in the documentation :
The application that drives the DeviceDNA checks is hostedon by the CA Access Gateway. This proxy server can performthe standard functions, such as web proxy or SAML federationfunctions or it can be a separate stand-alone instance thatis dedicated to servicing the Enhanced Session Assurancetransactions. The CA Access Gateway performance is alsodependent on a number of parameters such as, but not limitedto, authentication and authorization transactions per second,the ratio of authentications to authorizations within theenvironment, the length of user sessions, and the frequencyof revalidations.
The Agent for SharePoint handles more complex flow involving federationand POST requests, and with SPS standalone, the integration of Session Assurancewith Agent for SharePoint goes out of support.
For your reference, here are some limitation of the Session Assurance :
DeviceDNA doesn't support POST requests :
Agent for SharePoint uses auto POST requests :
As such, the Agent for SharePoint needs to be enhanced to handle properly Session Assurance.
To get Session Assurance integrated in Agent for SharePoint, please open anIdea on the Security page :
More, to help you increase session security, you might take a look at the SessionLinkerfeature in the Agent for SharePoint :
KB : TEC1460869