|
|
|
To provide an additional level of security at the consumer site, the consumer can require that users have an active session at the producer, or producer site. This ensures that the user is currently authenticated and active at the producer. If the producer session ends, the user is prompted to authenticate and start a new session the next time the user accesses resources at the producer or consumer.
During an active portal session, the user logs in at the producer, and the producer keeps track of the session, storing session information with the session server. After a producer session is established, the producer’s maximum and idle timeout settings, configured in the Policy Server, determine the session duration.
Though the producer dictates the session duration, the consumer receives the session information from the producer in the SAML assertion and sets a local cookie containing this information so it can maintain an independent session from the producer.
It is possible for the session to expire at the consumer but remain active at the producer. If the session expires at the consumer, the consumer automatically redirects the user’s browser back to the producer site to update the user’s session information.
To enable an active portal session, you must enable the RequireActivePortalSession element. With this element enabled, the SAML Affiliate Agent collects the session information returned by the producer in the assertion, and uses this information to issue local user profile and session cookies.
The session information in the assertion includes:
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |