AnsweredAssumed Answered

Hi all , Could some one please explain me something on CA Single Sign on Environment

Question asked by unni4sankar on Dec 10, 2015
Latest reply on Dec 11, 2015 by Ujwol Shrestha

Hi all ,

 

Good day

 

I am having a doubt with Single Sign on environment ,

 

What :- Consider i am having 3 applications in Single Sign on , one is a.ca.com,b.ca.com and c.ca.com

 

So When user A logs in a.ca.com , he is authenticated and authorized for the application and he gets the a.ca.com cookie along with a's application session and SM session.

 

Ok So now A trying to access b.ca.com,and  he is having a.ca.com cookie and  SM session and which is valid[considering] , so the flow will be like web-agent will check the resource which is protected or not and if its protected as the user is having valid session , he will be given green flag so he is authenticated and authorized as he is having the valid session.

.

 

So my doubt is what if another malicious user grabs A's session and Cookie .ca.com from his Client machine some how and uses that for Logging into c.ca.com and steals his important data , ?

How will the policy server decides whether its the user A or some other user ?

Outcomes