Symantec Access Management

  • Private Community

  • 1.  webagent

    Posted Jun 08, 2017 08:43 AM

    Hi There,

    How could i see in the webagent log or policy server logs the same smsession value issued to the browser after user authenticated from siteminder?

    Apparently I could not see the smsession in the log which is issued in the browser infact i have seen sessionspec

     

    Regards

    s



  • 2.  Re: webagent

    Posted Jun 08, 2017 10:05 AM

    Hi,

     

    You can find only SessionSpec and SessionID details in webagenttrace and policy server trace logs. And the SMSESSION cookie which is set in the browser will have multiple things involved and which is set by the web agent.

    Please refer below KB's for more details on SMSESSION.

    https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.TEC3959046.html
    https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.TEC544436.html

     

    Thanks,
    Sharan



  • 3.  Re: webagent
    Best Answer

    Posted Jun 09, 2017 01:50 AM

    For security reasons, we have disabled logging the exact SMSESSION in any log.

    This was previously available in the earlier version of CA SSO



  • 4.  Re: webagent

    Posted Jun 09, 2017 07:47 AM

    I am wondering about why can't I see it now because I have seen in the version of SM6.x.Any ways clarified.Thanks.

    Lets assume a user request a page for every 10 or 20 seconds after authentication,then every time the smession value will get updated in the browser?

     

    Regards

    S



  • 5.  Re: webagent

    Posted Jun 09, 2017 07:49 AM

    It depends on SessionGracePeriod. If refreshed within grace period it won't update.



  • 6.  Re: webagent

    Posted Jun 09, 2017 08:05 AM

    Thanks.

    Every time the user request the resource,the browser sends the smsession to the webagent, but if you look in the Brower via fiddler/httpfox there will be many smessions accumulated during that user session.If again a new resource is requested by user, which smsssion the browser gonna send? Ideally browser should send the latest smsession but however there are many smsessions in browser, how does browser knows which one had to send?



  • 7.  Re: webagent

    Posted Jun 09, 2017 08:10 AM

    There can only be one smsession cookie for any particular cookie domain at anytime. If you have more than one, you will need to fix that first. It's not expected.



  • 8.  Re: webagent

    Posted Jun 09, 2017 08:10 AM

    Hi,

     

    SMSESSION cookie will be set to the domain (.ca.com), So if the request is having the matching domain like "xyz.ca.com" then browser will send SMSESSION cookie along with the request otherwise it wont send.

     

    Thanks,
    Sharan



  • 9.  Re: webagent

    Posted Jun 09, 2017 07:51 AM

    No, It wont get updated in the browser