Blog Viewer

Tech Tip : CA Single Sign-On ::What information is stored in the SMSESSION Cookie

By Ujwol posted 08-16-2016 02:54 AM

  

Question:

What information is stored in the SMSESSION Cookie ?

Environment:

Policy Server Version : ANY

Web Agent Version : ANY

Answer:

SMSESSION Contains following :

  • ATTR_USERDN. The user's distinguished name.
  • ATTR_SESSIONSPEC. The session specification returned from the login call.
  • ATTR_SESSIONID. The session ID returned from the login call.
  • ATTR_USERNAME. The user's name.
  • ATTR_CLIENTIP. The IP address of the machine where the user initiated a request for a protected resource.
  • ATTR_DEVICENAME. The name of the agent that is decoding the token.
  • ATTR_IDLESESSIONTIMEOUT. Maximum idle time for a session.
  • ATTR_MAXSESSIONTIMEOUT. Maximum time a session can be active.
  • ATTR_STARTSESSIONTIME. The time the session started after a successful login.
  • ATTR_LASTSESSIONTIME. The time the current session was last accessed.

 

SESSIONSPEC can only be decrypted by Policy server. It contains following information :

  • SessionVersion
  • SessionStartTime
  • SessionLastTime
  • SessionMaxTimeout
  • SessionIdleTimeout
  • SessionLevel
  • SessionId
  • SessionIp
  • SessionDn
  • SessionDirOid
  • SessionDirName
  • SessionUnivId
  • SessionType
  • SessionAnonymous
  • SessionImpersonatorName
  • SessionLoginName
  • SessionPersistent
  • SessionDrift
  • SessionImpersonatorDirName
  • SessionAuthContext

Additional Information:

N/A

2 comments
0 views

Comments

04-01-2018 01:40 AM

Hi Ujwol,

 

Thanks for sharing this useful article!

 

May I know which parameter of SESSIONSPEC will be used to store user credentials as I could see the following lines in CA document.

 

<<

Session tickets contain credentials and other information relating to a session (including user credentials). Agents embed session tickets in CA Single Sign-On cookies.

>>

 

Thanks.

 

Regards,

Dhilip

 

08-16-2016 03:00 AM