CA Device DNA Informative Questions

Document ID : KB000116647
Last Modified Date : 01/10/2018
Show Technical Document Details
Question:
** Question 1 --> when using Session Assurance Device DNA with Federation Partnership, does the Certificate Signature comes into play with session Assurance flow at all? 
are we using the Signature to sign anything for session Assurance ? 

** Question 2 --> can payload collected by script be replayed in anyway ? is the payload used by Session assurance to generate the hash ? is it possible for someone to get the payload and generate the hash ? 

** Question 3 --> can the java script running through Session assurance be executed in background ? 

** Question 4 --> Today when Session gets rejected by Session Assurance Example below , we display a 403 Forbidden error within the redirect.sac. Is there a way to customize this message ? 
 
 
Environment:
12.6
12.7
12.8
Answer:
** Question 1 --> when using Session Assurance Device DNA with Federation Partnership, does the Certificate Signature comes into play with session Assurance flow at all? 
are we using the Signature to sign anything for session Assurance ? 
Answer --> we do not use  Certificate configured in the partnership for any Session assurance tasks

** Question 2 --> can payload collected by script be replayed in anyway ? is the payload used by Session assurance to generate the hash ? is it possible for someone to get the payload and generate the hash ? 
Answer --> session assurance is bound to HTTP request context. So even replayed it will not work.  

** Question 3 --> can the java script running through Session assurance be executed in background ? 
Answer --> No the java script cannot be exectuted in backaground. It is executed as part of transaction. 

** Question 4 --> Today when Session gets rejected by Session Assurance Example below , we display a 403 Forbidden error within the redirect.sac. Is there a way to customize this message ? 
Answer --> There is no such feature within session assurance to change the redirection. Recommendation is to use custom error (https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/web-agent-configuration/web-application-protection/custom-error-handling-for-applications)