|
|
|
When a user accesses an consumer resource during a shared session, authoritative session state for the user is maintained in the session server, provided that the realm where the user logged in at the producer is configured for persistent sessions.
Note: Successful federated communication requires that realms at the producer be configured for persistent sessions.
If the user does not log in at the producer prior to visiting the consumer, they are directed to the AuthenticationURL at the producer, which should always be part of a realm configured for a persistent session. If a realm is not set up for a persistent session, session information is stored in a session cookie instead of the session server.
Note: For protecting the Authentication URL, see the SiteMinder Federation Security Services Guide
In addition to the session server, the producer and consumer continue to issue and use session cookies to maintain local state. This avoids checking with the session server every time a user accesses a resource; however, the session information between the consumer cookies and the session server needs to be synchronized.
The sync interval defines the frequency, while the user is active at the consumer, at which the SAML Affiliate Agent contacts the producer to validate session status. This setting, configured at the producer, synchronizes the information in the session server and the information in the consumer cookies.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |