1. How SMSESSION cookie is created ?
Answer :
https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2016/05/05/tech-tip-ca-single-sign-on-web-agent-smsession-cookie
To understand how and who creates the SMSESSION cookie, we need to understand the user login flow. It goes something like below in the simplistic scenario:
- The Agent collects the user’s credentials.
- The Agent sends the Login() request to the Policy Server passing the received credentials. The Policy Server verifies the credentials and creates a Session Spec that represents the newly created user session. Policy server encrypts the Session Spec using Session Ticket Key (Persistent Key). The encrypted Session Spec is then sent back to the Agent together with the Session ID and other session related parameters (idle timeout, expiration timeout, etc.).
- The Agent embeds the Session ID and the Session Spec in an encrypted SMSESSION cookie that is sent back to the user’s browser. This encryption is done using Agent Keys.
- The Agents also saves the Session ID and the Session Spec in its User Session Cache.
- Any time when an authenticated user accesses the Web site, the browser submits the SMSESSION cookie together with a HTTP request.
- When the Agent receives the SMSESSION cookie, it decrypts the SMSESSION cookie using Agent Keys, extracts the Session ID and the Session Spec it checks them against the values stored in the User Session Cache. If the Agent cache doesn’t contain corresponding entry, the Agent uses the Validate() call to pass the Session ID and the Session Spec to the Policy Server for validation.
- Once Policy server receives the validation request from Web Agent, it decrypts the Session Spec using Session Ticket Key (Persistent Key) and then performs validation.
- If the validation succeeds, the Policy Server returns the updated Session Spec to the Agent. The Session ID is not modified in the course of validation.
2. How to change name of the SMSESSION cookie?
Answer: To change the name , you will need to set ACO “SSOZoneName”
For e.g if SSOZoneName=Z1, then cookie name would be “Z1Session” cookie