CA Service Management

  • Private Community

  • 1.  Open new window without entering password

    Posted Nov 22, 2017 01:06 PM

    Hello 

    We are having one requirement that if user has already opened URL of CA Service Desk then he should not be required to enter password again in new window or new tab of same browser.

     

    Is there any method we can achieve or is it a some ITIL compliant feature that same password entered in another screen can not be used.

    If second  then we need some document to submit to the customer that this is feps or ITIL security constraint that new window has to enter password to login in CA Service Desk.

     

    Thanks

    Mayur



  • 2.  Re: Open new window without entering password

    Broadcom Employee
    Posted Nov 22, 2017 01:38 PM

    Mayur.........

     

    Are you referring to another SDM login/session in another Web browser window/tab?



  • 3.  Re: Open new window without entering password

    Posted Nov 22, 2017 01:46 PM

    Paul,

     

    I am talking about same session can be opened in new tab of same browser.

     

    Thanks

    Mayur Malhotra



  • 4.  Re: Open new window without entering password
    Best Answer

    Broadcom Employee
    Posted Nov 22, 2017 03:33 PM

    Hello Mayur,

     

    To confirm what you are seeing:

     

    1. Customer would login to SDM on a given browser and enter credentials.
    2. Customer is compelled to open a new tab on the same browser, then access the same SDM URL to open a second instance of SDM on that second tab.
    3. Expectation is that when the new tab is created and SDM accessed, no login prompt should be presented and end user would go in straightaway.

     

    Assuming that is the case, this is not possible as each tab created for Service Desk constitutes its own session and login to be required.  It is also a security violation since to allow for what you are describing, a given session would need to be allowed to be shared across multiple tabs, which can lead to an exploitable means to interfere and hijack an end user's session via browser spoofing.

     

    The best solution I can think of that could be used to facilitate for a new browser tab not needing to enter credentials is to activate Single Sign On or Passthru Authentication.



  • 5.  Re: Open new window without entering password

    Posted Nov 24, 2017 09:32 AM

    The 'session per tab' feature is possible because SDM does not use cookies to keep the session, but the SID url parameters. However, sometime in the 14.1 timeline, a new option has been introduced in the SDM which makes cookie based session available:

    Encrypt Session IDs to Address Vulnerability Issues - CA Service Management - 14.1 - CA Technologies Documentation 

     

    mayur.malhotra.1 try using this new options and see if you can open new tabs without authentication, after the 1st login.