Layer 7 Access Management

Tech Tip : CA Single Sign-On : Mixed Sessions wih IIS : IISCacheDisable not working

  • 1.  Tech Tip : CA Single Sign-On : Mixed Sessions wih IIS : IISCacheDisable not working

    Posted 06-05-2018 09:53 AM

    Question:


    In production environment we noticed that we are able to mix session
    while using NTLM/Kerberos authentication. We were able to reproduce
    in a lower environment.

    Following the following tech note we could use the IISCacheDisable ACO
    but is not effective.

     

    https://comm.support.ca.com/kb/iis-7-and-iis-75-output-cache-session-swapping/kb000019250

     

    We have a workaround by using the Default application pool in classic
    mode insead of integrated.

     

    1. Can you let us know if we can use the IISCacheDisable alone and why
    i is not effective in our environment ?

     

    2. Is there any constraint of using the IIS application pool in
    Classic mode ? The WebAgent is the only component running on IIS.

     

    Environment:

     

    Webagent 12.52SP1CR04 on IIS 8.5 - Windows 2012 R2
    Policy Server 12.52SP1CR04 on Redhat Linux 6

    Answer:


    1. Implement the "IISCacheDisable" ACO

    2. Consider disabling 'Enable Cache' and 'Enable Kernel Cache' in IIS
    at the Web Site level.

    3. If there are load balancers or other network devices which have
    'Response Caching' disable it.

     

    KB : KB000099524