Only one administrative session can be active at a time. The single administrative session prevents simultaneous editing of federation objects if an administrator tries to establish a new session. When any new login attempt is made after an administrative session is established, you receive a warning message.
The warning message tells the administrator that a session exists. If the administrator proceeds to log in using the same credentials, the system invalidates the existing session and any unsaved data is lost. After the first session becomes invalid, the administrator of the first session is logged out. If the administrator tries any configuration activity, the system redirects the administrator to the login dialog.
The next section describes what happens when one administrator attempts to log in using the same credentials as an already established administrator session.
The following scenarios result in an administrative session conflict:
Attempted Log in with Same Credentials
An administrator logs in to CA SiteMinder® Federation Standalone. A second administrator or the same administrator tries to log in using the same credentials as the first log in but from another browser session.
CA SiteMinder® Federation Standalone presents the warning dialog but the second user decides to log in, CA SiteMinder® Federation Standalone invalidates the first session. If the administrator of the first session tries to modify an object, CA SiteMinder® Federation Standalone alerts the administrator that a new session has invalidated the existing session and CA SiteMinder® Federation Standalone logs out the first administrator.
The second user can choose not to log in
Browser Session Closes but Administrator Not Logged out
An administrator logs in to CA SiteMinder® Federation Standalone. The administrator closes the browser session without logging out or the browser session closes unexpectedly and the administrator is not given a chance to log out. Another administrator logs in using the same credentials as the first administrator but from another browser session.
CA SiteMinder® Federation Standalone presents the warning dialog but the second user decides to log in, invalidating the first session.
If the administrator of the first session tries to resume the browser session and modify an object, CA SiteMinder® Federation Standalone alerts the administrator that a new session has invalidated his existing session. The first session was invalidated when the browser closed.
Note: Not all browsers permit a user to resume an unexpectedly closed browser session. For those browsers, CA SiteMinder® Federation Standalone does not present an alert that the existing session is invalid.
Administration is Disabled
An administrator logs in to CA SiteMinder® Federation Standalone. From the System Settings, the administrator disables administration. Another administrator tries to log in using the same credentials as the first administrator. CA SiteMinder® Federation Standalone presents the warning dialog but the second user decides to log in. CA SiteMinder® Federation Standalone invalidates the first session.
The first administrator, who did not log out or close the browser, tries to re-enable administration. CA SiteMinder® Federation Standalone displays a message telling the first administrator the session is invalid and logs the administrator out.
The UI Settings group box lets you disable and re-enable CA SiteMinder® Federation Standalone administration on the local host.
The ability to disable administration of the UI is useful if two CA SiteMinder® Federation Standalone systems are set up to support failover. Administration of CA SiteMinder® Federation Standalone can only take place on the primary CA SiteMinder® Federation Standalone system. The configuration can then be exported to the secondary CA SiteMinder® Federation Standalone system.
Use the disable UI feature to disable administration on the secondary system so administration can only take place on the primary system.
Follow these steps:
Disabling administration prevents any administrative actions.
Important! The change takes effect immediately after you confirm the action.
After you disable administration, an Administration Disabled dialog displays and all other parts of the UI become unavailable. Subsequent login attempts only display a warning message and a button to re-enable administration.
To re-enable administration
Click Enable Administration in the Administration Disabled dialog.
All parts of the UI become active again.
|
Copyright © 2014 CA.
All rights reserved.
|
|