Symantec Access Management

SiteMinder Idle Timeouts 

Sep 25, 2018 06:03 PM

Scenario
The security auditors have been combing through your CA SSO environment.  They have issued a finding that a sample of your realms have idle timeouts greater than the maximum value prescribed by corporate security guidelines.  You are now required to conduct a complete audit of all realm timeouts and develop a plan to reduce any timeouts that exceed guidelines.

 

Restriction
The sm_idle_timeouts script was developed using the SiteMinder Perl API to address this problem for legacy domains.  Application domains are out of scope because the Perl API cannot access XPS objects, but the coding logic in  sm_idle_timeouts could be used as a model for developing a similar tool using the Java API or, for CA SSO 12.6 or higher, the REST API.

 

Solution Overview

The sm_idle_timeouts tool set is comprised primarily of two files:

  • sm_idle_timeouts_v0.1.6_2018-09-25 – the latest version of the Perl script
  • Domains.txt – an input file used by the Perl script. This input file facilitates processing a large number of domains without having to enter them manually on the command line or during script execution.

Modifying dozens or hundreds of domains and an even greater number of realms via the WAMUI would be time consuming and potentially prone to error, so this script offers a far more efficient way to update the idle timeout for a large number of realms.

 

Please see the attached zip file for the perl script, additional documentation and supporting files.

 

The content of the Word document should probably be migrated to a template with suitable branding, etc.  Any pointers and recommendations are welcome.

Statistics
0 Favorited
10 Views
1 Files
0 Shares
3 Downloads
Attachment(s)
zip file
SM Idle Timeouts 2018-09-26.zip   52 KB   1 version
Uploaded - May 29, 2019

Related Entries and Links

No Related Resource entered.