Symantec Access Management

  • Private Community

  • 1.  SSO between SDK & Webagent

    Posted Jan 17, 2019 08:04 AM

    Hi,

     

    This discussion is about how to enable SSO between applications one based on mobile and other is web based which would be embedded as http calls from native app. ie in native mobile app, these protected webpages would be called on a http Both are siteminder integrated at this point of time using cookie domain solution and with scope as 2. so, for ex: .abc.com. ie Native mobile app holding a SDK agent on MBaas Gateway & Web application holding webagent on top of webserver.

     

    CA document states, if you would webagent to trust the SDK agent, then make AcceptTPcookie to "Yes". If the user traverse from web app protected patterns to Native app protected patterns and vice versa. How the SMSESSION validation would happen? I understand when you go from Native app to protected webpages within app, AcceptTPcookie would be letting the webagent to trust the cookie set by mobile app. However, when you traverse from web application based protected page to Native app based protected pattern within the app how will the SMSESSION would be validated?

     

    Also, how would SMSESSION would be active when you traverse through these patterns?

     

    Regards,

    Ramya Vijayakumar.



  • 2.  Re: SSO between SDK & Webagent

    Posted May 02, 2019 06:50 AM

    Hi,

     

    I have same question to be asked. Can this be addressed please?

     

    Thanks,

    Rahila



  • 3.  Re: SSO between SDK & Webagent

    Broadcom Employee
    Posted May 02, 2019 07:48 AM

    SM SDK can decode a SMSESSION generated by normal webagent. 

     

    With AcceptTPCookie = YES normal webagent can decode SMSESSION generated by SM SDK. 

     

    So with that setup each can decode the other - I think that is what you were after here - fairly simple description that the two smsession cookes are cross comparable - is that correct? 

     

    The SM SDK also is lower level, so does not even do cookies, and you need to build that on top of the SM SDK, it's not hard - but you need to be a bit careful with spaces, quotes around cookie values, and urlencoding of the base64 characters "+" "/" and "=" . 

     

    There is also consideration of zones too, normally it is not an issue, since default zone is SM, but if you have other zones, then the XX prefix in the "zone" for XXSESSION cookies needs to be passed into some of the SMSDK functions. 

     

    Cheers - Mark