Symantec Access Management

 View Only
  • 1.  CA Siteminder - Invalidate SMSESSION for user

    Posted Aug 16, 2018 07:03 AM

    Currently, SiteMinder does not have an option or a feature using which Administrator/system can invalidate a session of an active user who is already logged in. There should be some mechanism available so that admin can stop the user immediately by invalidating the cookie. I have a business requirement wherein, if an user is already logged in from one device and tries to access second device with same user credentials, system should be able to invalidate the previous session.



  • 2.  Re: CA Siteminder - Invalidate SMSESSION for user

    Posted Aug 16, 2018 07:17 AM

    Hi Deb,

     

    Limit Concurrent Login for CA Single Sign-On

     

    What It Does

     

    Customers of CA Single Sign-On may need the ability to limit the number of times that a single user can be “logged into” the system. This prevents a single user from authenticating and accessing their site from two or more different browser instances simultaneously. Since web sessions are connectionless, the session is not necessarily maintained between the browser and web server at all times. This makes it extremely difficult to determine when a session ends and thus to track or limit multiple simultaneous sessions by the same user. The Limit Concurrent Login for CA Single Sign-On Packaged Work Product fulfills this requirement.

     

    https://www.ca.com/content/dam/ca/us/files/service-offering/limit-concurrent-login-for-ca-single-sign-on-overview.pdf 

     

    This is a Global Delivery Module and you need to engage your CA Account Manager to obtain this.

     

    Regards,

    Leo Joseph.



  • 3.  Re: CA Siteminder - Invalidate SMSESSION for user

    Posted Aug 30, 2018 06:18 AM

    Thanks Leo for the response!! Hope you are doing well...

    Do this Global module supports Federation model? As far as I can understand, in this module, session id gets stored in user directories and same is used for validating during user session login. However, in case of Federation, there are 2 user directories, one at IDP and other SP. So even if this module is applied at one side (ours Siteminder is SP), the session will still be valid in other side. We are at SP side.

    Can you please suggest whether business use case can be achieved in our type of Federation environment/Architecture??

     

    Regards!!