When I run Agent for SharePoint, the Session Assurancefeature doesn't work:I replay a session by copying the SMSESSION cookie fromChrome to Firefox Browser, I get authenticated without havingto login again in SharePoint applications.
Device DNA Session Assurance is implemented inSPS only at the moment.As mentionned in the documentation :The application that drives the DeviceDNA checks is hostedon by the CA Access Gateway. This proxy server can performthe standard functions, such as web proxy or SAML federationfunctions or it can be a separate stand-alone instance thatis dedicated to servicing the Enhanced Session Assurancetransactions. The CA Access Gateway performance is alsodependent on a number of parameters such as, but not limitedto, authentication and authorization transactions per second,the ratio of authentications to authorizations within theenvironment, the length of user sessions, and the frequencyof revalidations.https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/policy-server-configuration/enhanced-session-assurance-with-devicednaThe Agent for SharePoint handles more complex flow involving federationand POST requests, and with SPS standalone, the integration of Session Assurancewith Agent for SharePoint goes out of support.For your reference, here are some limitation of the Session Assurance :DeviceDNA doesn't support POST requests :https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/policy-server-configuration/enhanced-session-assurance-with-devicedna/how-to-configure-enhanced-session-assurance-with-devicedna#HowtoConfigureEnhancedSessionAssurancewithDeviceDNA%E2%84%A2-LimitationsofEnhancedSessionAssurancewithDeviceDNA%E2%84%A2Agent for SharePoint uses auto POST requests :https://docops.ca.com/ca-single-sign-on-agent-for-sharepoint/12-52-sp1/en/reference/saml-autopost-frequencyAs such, the Agent for SharePoint needs to be enhanced to handle properly Session Assurance.
To get Session Assurance integrated in Agent for SharePoint, please open anIdea on the Security page :https://communities.ca.com/message/241729406More, to help you increase session security, you might take a look at the SessionLinkerfeature in the Agent for SharePoint :https://docops.ca.com/ca-single-sign-on-agent-for-sharepoint/12-52-sp1/en/configuring/use-the-session-linker
Was this information helpful?