Explanation of Single Sign On (SSO) URL

Document ID : KB000012664
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

 CA tools (spectrum, ehealth, servicedesk) are integrated with EIAM for single-sign-on(SSO). When you login to tools through SSO (eiam),  we get a URL that is formed as follows: 

Example1:http://IPAddress/web/frames/reportsListRptsFrame?EEMSESSION=UserSession%3BVersion-1.0%3Ba5d0de4572c0fafd99108564dd6168d2-580288ab-c7fe6e0-8038 

 

Question:

Please explain the last part of URL, which is "UserSession%3BVersion-1.0%3B36001ABF768BC041AE8004BB16830DEF-580288ab-c7fe6e0-89ac."

For example, which one is session id,etc. ?

Answer:

The string is actually the UUID generated for the session. 

Below code does that: - 

String artifactId = "UserSession;Version-1.0;"; 
artifactId += System::generateUUID(); 

So, it is not an encoded string and doesn’t have any sensitive information. 

3B36001ABF768BC041AE8004BB16830DEF-580288ab-c7fe6e0-89ac

3B36001ABF768BC041AE8004BB16830DEF: Session ID 
580288ab-c7fe6e0-89ac: UUID 

Why UUID is added? 

It is to ensure more security to the URL by not just keeping the session ID and instead append the UUID to make it more unique. 

Additional Information:

What is UUID?
The intent of UUIDs is to enable distributed systems to uniquely identify information without significant central coordination. In this context, the word unique should be taken to mean "practically unique" rather than "guaranteed unique". Since the identifiers have a finite size, it is possible for two differing items to share the same identifier. This is a form of hash collision. The identifier size and generation process need to be selected so as to make this sufficiently improbable in practice. Anyone can create a UUID and use it to identify something with reasonable confidence that the same identifier will never be unintentionally created by anyone to identify something else. Information labeled with UUIDs can therefore be later combined into a single database without needing to resolve identifier (ID) conflicts.