Symantec Access Management

  • 1.  Where is the Session Assurance fingerprint?

    Posted Sep 20, 2017 01:31 PM

    Is it stored in the session store? If not, where is it?

     

    What information is stored in the fingerprint? Can I access fingerprint information?


    Does anyone have experience with load balancing Access Gateway/Session Assurance. The configuration of load balancing will depend on where the fingerprint information is stored.



  • 2.  Re: Where is the Session Assurance fingerprint?
    Best Answer

    Posted Sep 24, 2017 10:22 PM

    Is it stored in the session store? If not, where is it?

    Ujwol => The machine fingerprint is stored in the expiry table (ss_expirydata5) in session store. 

     

    What information is stored in the fingerprint? Can I access fingerprint information?

    Ujwol => 

    It is not possible to retrieve/review the fingerprint information from expiry table as its encrypted.

     

    MFP and DeviceDNA contains following information :

    Collect Device ID and DeviceDNA - CA Advanced Authentication - 8.2.1 - CA Technologies Documentation .

    Machine FingerPrint (MFP)

    Machine FingerPrint (also referred to as Device fingerprinting or PC fingerprinting in industry terms) represents the browser information and device identification attributes (such as operating system, installed software applications, screen display settings, multimedia components, and other attributes) that are gathered from the end user’s system and are analyzed to generate a risk profile of a device in real time. Some of the attributes that are collected from the end user\xE2\x80\x99s device include:

    • Browser information (such as name, UserAgent, major version, minor version, JavaScript version, HTTP headers)
    • Operating system name and version
    • Screen settings (such as height, width, color depth)
    • System information (such as time zone, language, system locale)

    For every transaction performed by the end user, CA Risk Authentication matches the corresponding MFP stored in its database with the incoming information. If this match percentage (%) is equal to or more than the value specified for the Device-MFP Match rule in Administration Console, then it is considered "safe".

    DeviceDNA

    DeviceDNA is a device identification and analytics technique that uses both Machine FingerPrint (MFP) and Device ID for more accurate information analyses. For accuracy, more information is collected than in case of MFP. For example:

    • Additional system information (such as platform, CPU, MEP, system fonts, camera, and speaker information)
    • Additional browser information (such as vendor, VendorSubID, BuildID)
    • Additional screen settings (such as buffer depth, pixel depth, DeviceXDPI, DeviceYDPI)
    • Plug-in information (such as QuickTime, Flash, Microsoft Windows Media Player, ShockWave, Internet Explorer plug-ins)
    • Network information (such as connection type)


    Does anyone have experience with load balancing Access Gateway/Session Assurance. The configuration of load balancing will depend on where the fingerprint information is stored.

    Ujwol => I see that you have opened a new thread for this one .. Let's discuss this over there :

    Session Assurance Load Balancing and Health Check 



  • 3.  Re: Where is the Session Assurance fingerprint?

    Posted May 16, 2019 10:22 AM

    Hi Ujwol,

     

    I would like to know where data (DB tables in session store) will be written if:

    1) we enable only session assurance

    2) we enable both persistent session and session assurance in realm

     

    Thanks

    Vijay