AnsweredAssumed Answered

parallel SSO?

Question asked by fincl01 Employee on Jun 29, 2016
Latest reply on Jun 29, 2016 by Stephen_McQuiggan

Hi, at one of my customer we have an old Siteminder infrastrutcure composed by a CA Secure proxy server, a Policy Server, and a Policy Store on Ca Directory. The user store is an enterprise LDAP and is the same for both environments. All the application are accessed behind the SPS

We have installed a fresh infrastructure, with a new SPS, a new Policy Server and a new Policy Store, all the components are on new servers.The User store is the same of the old environment.

The new policy store has been cloned from the old one. It means that we phisically copied the data folder from dxserver in the old environment, and of course we used the same encryption key both for the old and the new policy server.

The two environments are working perfectly fine, but what surprised me is that we have SSO between them, even if they do NOT share keystore and policy store, they only have same cookie domain (dcc.it)

Once the user is authenticated and autorized to an application in the old environment (https://app1.old.dcc.it)it can move to the the new one environment (https://app1.new.dcc.it)  without  entering credentials (the new Policy Server just log a ValidateAccept) , so it is able to validate the session in some way.

Same if the user access first to the new environment and then move to the old.

This is the expected behaviour or is it due to policy store cloned between the two environment?

Outcomes