|
|
|
A secure sockets layer (SSL) connection includes a unique identifier that is created when an SSL connection is initiated. The SPS can use this unique ID as a token to refer to the session information for a user which is maintained in the SPS in-memory session store. This scheme eliminates cookies as a mechanism for maintaining a user’s session.
A limitation of the SSL ID session scheme is that the initial contact with the SPS establishes an SSL session ID. If a user’s SSL session is interrupted, and a new SSL connection is established, the user must be re-authenticated and re-authorized, since the new SSL connection has a connection to a new server, even though it is a virtual server on the same system. This also means that forms used by HTML Forms Authentication Schemes must be served from the same host name as the protected resource.
The SSL ID section lists the session scheme using the SSL ID.
SSL ID session schemes can be supported without any custom work using the Java classes that are packaged with SPS.
Important! To use the SSL ID authentication scheme, you also have to enable a setting in the Apache Web server's httpd.conf file.
The SSL ID session scheme has the following format:
<SessionScheme name="ssl_id">
class="com.netegrity.proxy.session.SSLIdSessionScheme" accepts_smsession_cookies="false"
</SessionScheme>
The directives for the ssl_id are as follows:
Specifies the Java class that handles SSL ID session schemes.
Default: com.netegrity.proxy.session.SSLIdSessionScheme
Indicates if SMSESSION cookies are accepted. Specify one of the following values:
Indicates that SMSESSION cookies are accepted and used by the session scheme.
Indicates that SMSESSION cookies are not supported by the session scheme.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |