How to enable Persistent Cookies in Federation? Siteminder is IDP and we have third-party as SP.
Can we implement that for session persistence?
Just to be clear Persistent Cookies OR Persistent Session (in Session Store) ? They both are different and controlled by different settings. Hence using the correct terminology is vital.
User Sessions - CA Single Sign-On - 12.7 - CA Technologies Documentation
Persistent Cookies refer to ACO Parameter PersistentCookies.
Persistent Session we start of by making the Realm (Policy Domain) protecting AuthenticationURL (in Partnership) e.g. /affwebservices/redirectjsp/* ; as persistent.
For your reading and review.
Federation Features Requiring the Session Store - CA Single Sign-On - 12.7 - CA Technologies Documentation [Also review the comments section on this page].
Storing User Session, Assertion, and Expiry Data - CA Single Sign-On - 12.7 - CA Technologies Documentation
Lastly, could you elaborate more on the term "Session Persistence". It'd help us direct you better, if you provide the use case that we are trying to achieve.
HubertDennis....Thanks for the explanation..
To further explain, I have 2 federations setup...in one of them I need to enable persistent cookie for that particular federation..
So in this case, If I set persistent cookies at ACO level, would not it impact the other federation also?
Is there any way to enable persistent cookie for a particular federation?
From a browser perspective, it is going to send all cookies to the server which match the domain (Persistent and non Persistent). Thus I believe when you SSO across the federation partnerships, those partnership should be able to see the SMSession.
I don't know the use case which is prompting you to set SMSession as Persistent Cookie for a federation partnership. I have never seen anyone needing to make SMSession Persistent Cookie. I hope you understand the risks of making SMSession Persistent Cookie.
What I'm not sure is would there be a conflict between a Persistent SMSession Cookie and nonPersistent SMSession Cookie, when either CA SSO component (where PersistentCookie=YES VS NO) issues a SET Cookie to browser.
Since you have the setup test it and investigate the following.
This would give a better picture of what is transpiring in the entire flow.
Hubert, Is there not a possibility of setting persistent cookie for a selected Federation only?
If I make changes at ACO level...then it would impact my other Federations which are available in that agent...right?
Correct and yes there is no option to make persistent cookie for only selected federation. As the setting is at ACO level it is system wide for that particular federation end point.
Yes Ujwol...We can not make persistent cookie for selected federation.
But my real concern is if I enable persistent cookie at ACO Level, will it impact other federations that are configured as part of same agent?
Yes, it will.