User validation forces the user to reenter credentials for certain sensitive tasks. The goal of this feature is to prevent a different person from using an unattended browser to gain access to information. A user can open a browser session and can leave the browser unattended, or can forget to close all browser sessions. The session is now open for an unauthorized user to gain access to resources and perform tasks on those resources.
User validation confirms that the system validates that the end user matches the logged-in session. The system is not simply verifying that the client is valid.
User validation can be configured for user or administrative tasks, such as changing passwords. The feature provides an audit record for each verification, and it preserves the existing user session and session store contents.
If the session level of the user is equal or greater than the protection level of the resource, the user is not rechallenged.
You can ask the hosting administrator to configure user validation for your sensitive resources and tasks.
|
Copyright © 2014 CA.
All rights reserved.
|
|