Symantec Access Management

 View Only
  • 1.  Session cache issue

    Posted Sep 12, 2019 10:48 PM
    Hi Team,

    Could you please help us to resolve the below issue?

    User A logs into App A and Clicks another App B and logs out.
    Now user B logs into App A in the same login page in same browser and pasted that App B link in a new tab. Expected result is to route that link to login page but it directly took into App page and throwing some app error.
    Also User B doesn't have access to App B.

    I checked in the fiddler and I could see that SMsession is logged off when I click logout but still the app page is coming if we paste the url in the same browser...

    Could you please help me in resolving this issue?


  • 2.  RE: Session cache issue

    Broadcom Employee
    Posted Sep 20, 2019 07:56 PM

    Hi Karthik,

    Unless I'm not understanding the test correctly, that actually sounds like it could be the expected result.  The reason user B is not prompted to log in when requesting App B is this:

    "Now user B logs into App A"

    That sounds to me like user B established a session before requesting App B, and thus got an error for not being authorized by the application itself.  I'm not sure whether you expected User B to fail Siteminder authorization when requesting App B.  If so, examine the agent trace log to see how the agent handled User B's request for App B.  After the IsProtected call is made, you'll see the IsAuthorized call will identify the user and then the IsAuthorized call will execute.

    Regards,
    Pete  




  • 3.  RE: Session cache issue
    Best Answer

    Broadcom Employee
    Posted Sep 22, 2019 05:15 PM
    Karthik, Please take a look at the Comprehensive Log Out feature; e.g. for R12.8. Hope this helps.
    https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/web-agent-configuration/comprehensive-log-out
    - Best wishes. Vijay