Popleys
When Persistent Session is enabled on the REALM (Policy Domain) CA SSO automatically creates the session id and other data in the table ss_sessionspec5. This is OOB behavior that was in existence for years.
We introduced a new feature (a few SSO version ago) called Persist Authentication Variables in Session Store. This feature uses ss_sessionvar5 table. If this feature is not used then we'll not see anything within ss_sessionvar5. You can see Persist Authentication Variables "Checkbox" in the following areas within CA SSO.
- Custom schemes.
- SAML authentication schemes.
- SAML SP --> IDP Partnership.
- OpenID authentication scheme.
- X.509 certificate schemes.
- JWT Authentication Scheme.
Here is an example from X509 Authentication Scheme. What this would do is, whenever X509 auth for a user (SessionID is generated) succeeds, it would pick additional info from Certificate (as Certificate is lost after auth is complete) and save that info into multiple variables (IssuerDN, IssuedTo etc etc) in the Session Store. This is the info within ss_sessionvar5