This document will provide step by step guide to configure Enhanced Session Assurance with DeviceDNA™ functionality.
- CA Access Gateway (formerly CA Secure Proxy Server ) : R12.52SP1 and above
- Policy Server : R12.52SP1 and above
- Ensure "CA RiskMinder" ( Advanced Authentication ) service is up and running on the Policy Server.
Check Service Console.
The log should say:
"CA RiskMinder Service READY"
- Ensure that you have installed and configured Session Store.
CA Access Gateway Server (formerly CA Secure Proxy Server)
- Ensure that you have configured CA Access Gateway server to use SSL (Only front end Apache is sufficient)
- Ensure that you can telnet from CA Access Gateway server to Policy server on port 7680
- Ensure that JCE ( Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files ) patch is applied on the JRE used by CA Access Gateway server.
- Ensure "CA Advanced Authentication Flow Application" ( Advanced Authentication ) service is up and running on the CA Single Sign-On CA Access Gateway Server.
This could be verified by accessing following URL :
You should get a page similar to below. (Ignore the error, as it is just indicating that the required parameter is not being passed)
- Create Enhanced Session Assurance end points
From Administrative UI, click Policies-->Global-->Session Assurance Endpoints.
- Add Session Assurance End Point to your realm
Note : For Session Assurance to work it is NOT necessary to enable Persistent Session on the realm.
- Ensure that the ACO used by your CA Access Gateway server has ".sac" extension included in the IgnoreExt ACO parameter
- Ensure that ACO used by your CA Access Gateway has the SACExt parameter set to ".sac" as below :
Sample working fiddler trace is attached - SessionAssurance_Working.saz
- As the FLOW App on the CA Access Gateway is a local app deployed as web app on the Tomcat server, you do not need to configure any proxy rules in the Proxyrules.xml pertaining to the session assurance.
- How to configure SSL on CA Access Gateway
Configuring SSL for CA SiteMinder® SPS
- CA Single Sign-On Bookshelf intro on Session Assurance Configuration