This section contains the following topics:
Agent SDK Updated to Support SSO Zones (168974)
Failure of the createSession() Method in the SmSessionServer Class (171759)
Impossible to Modify the Description of an Object Using the SDK (170888)
Symptom:
Web agents accepted session cookies with no SSO zone name. This omission gave a session cookie from an old agent full access to all zones, regardless of configuration. This was a security defect in the SSO Zone implementation.
Solution:
Beginning in CA SiteMinder® r12.0 SP3, The CreateSSOToken interface now supports inserting the SM_AGENTAPI_ATTR_SSOZONE attribute into the session token. The DecodeSSOToken reads the SSOZONE attribute from the provided token and places its value in the attribute list.
The JAVA Agent APi SDK, includes the new attribute type ATTR_SSOZONE in the AttributeList class.
It the token has no SSOZONE attribute, the default value is "SM."
Star issue:
Copyright © 2013 CA.
All rights reserved.
|
|