AnsweredAssumed Answered

CA SSO session cookie updates reverts custom zone to SM ?

Question asked by CBertagnolli Champion on Jan 25, 2018
Latest reply on Jan 30, 2018 by graju

Ok, so the way the SiteMinder SSO Zones are implemented seems really weird.

 

From what it looks like the only time a zone is set by the API GW is during the "authenticate" call and otherwise it overwrites to SM. But if a user already has a session cookie and you perform a cookie update to maintain the idle timeout values...it overwrites the zone to default SM.

 

How exactly can I maintain session state of a user session cookie if I can only define a SSO zone on the Authenticate and while passing in a credential like username+pass or certificate...???

 

Example:

  • Require HTTP Cookie (name=MYZONESESSION)
  • Request: Authenticate Against CA Single Sign-on
    • Use Last Credentials selected
    • Use SSO Token from Context Variable: cookie.MYZONESESSION
  • Request: Authorize via CA Single Sign-on
  • Request: Update Cookie(s) if name equals MYZONESESSION
    • Name=MYZONESESSION
    • Value=${siteminder.smcontext.ssotoken}

 

Behavior:

  • User accesses a Web Agent in MYZONE and logs in
  • User is happy and goes to API GW Application
  • API GW verifies session
  • API GW rewrites cookie with updated value in SM zone now
  • User goes over to MYZONE Web Agent
  • User is requested to log in again because of zone mismatch
    •  MYZONESESSION cookie - mismatched SSOZone 'SM'.]

 

Am I missing something really simple/obvious here?? 

Outcomes