The Session Service in Sun Java System Access Manager tracks a user’s interaction with web applications. For example, the Session Service maintains information about how long a user has been logged in to Access Manager, and enforces time-out limits when necessary. Additionally, the Session Service performs the following actions:
Generates session identifiers.
Maintains a master copy of session state information.
Implements time-dependent behavior of sessions.
Implements session life cycle events such as logout and session destruction.
Generates session life cycle event notifications.
Generates session property change notifications.
Implements session quota constraints.
Implements session failover.
Enables single sign-on (SSO) and cross-domain single sign-on (CDSSO) among applications external to Access Manager.
A user session is the interval between the moment a user logs in to Access Manager, and the moment the user logs out of Access Manager. In a typical user session, an employee attempts to access the corporate benefits administration application. The application is protected by Access Manager, and Access Manager prompts the user for a username and password. First, Access Manager authenticates, or verifies that the user is who he says he is. Following user authentication, Access Manager allows the user access to the application (providing the user has the appropriate permissions). For a more detailed explanation, see Basic User Session.
Oftentimes, in the same user session (without logging out of the corporate benefits application), the same employee attempts to access the corporate expense reporting application. Because the expense reporting application is also protected by Access Manager, the Session Service provides continued proof of the user’s authentication, and the employee is automatically allowed to access the expense reporting application. The employee has accessed more than one application in a single user session without having to re-authenticate. This functionality is called Single Sign-On (SSO). When SSO occurs among applications in more than one DNS domain, the functionality is called Cross-Domain Single Sign-On (CDSSO). For more detailed explanations, see Single Sign-On Session and Cross-Domain Single Sign-On Session, respectively.