Symantec Access Management

Hi Everyone,

I have implemented Session Assurance protected realm and am able to login and aquire session info and get access to the resource.

After 5 minuted (the devicedna refresh interval) I get kicked out to login page (login.fcc)

The web page has a JS which POSTs to the server every 2 minutes.

On the third POST, after 6 minutes, I get ValidateReject and redirected to login page.

As per the bookshelf, Session Assurance does not support POST operations, but is it by design that I get kicked out to login page?

What do I miss here?

P.S.

When I disabled the JS and tried to GET a protected page in the same realm after 6 minutes, I got redirected to uiapp, got the DeviceDNA collected and returned to the original page, as expected.

Environment Details:

Policy Server:

OS - Win2012 R2

SMPS - 12.52 SP2

Session Store:

CA Directory r12 sp 17

SPS:

OS: Win 2012 R2

SMSPS: 12.51 sp8

Hi,

That doesn't look right.

Do you see any explanation to why the user was kicked out from the web agent trace logs & ps trace logs ?

Regards,

Ujwol

Hi,

Along with checking the Agent and PS logs & traces, you can also review the current limitations on Session Assurance at the following location:

How to Configure Enhanced Session Assurance with DeviceDNA™ - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentat…

It could be the script making the POSTs is a Web 2.0 app (like Ajax), and therefore explain this behaviour, as the 5 minutes are the DeviceDNA refresh interval. Anyway, if the POSTs are not supported, and you do not have the same behaviour with a GET in such time, you could also test making that script to do GETs instead POSTs just to verify this is not the reason.

Best regards,

Albert F.