The Session Service in Sun Java System Access Manager tracks a user’s interaction with web applications. For example, the session service maintains information about how long a user has been logged in to Access Manager, and enforces time-out limits when necessary.
Session Service performs the following actions:
Generates session identifiers.
Maintains a master copy of session state information.
Implements time-dependent behavior of sessions.
Implements session life cycle events such as logout and session destruction.
Generates session life cycle event notifications.
Generates session property change notifications.
Implements session quota constraints.
Implements session failover.
Enables single sign-on (SSO) and cross-domain single sign-on (CDSSO) among applications external to Access Manager.
A user session is the interval between the moment a user logs in to Access Manager, and the moment the user logs out of Access Manager. In a typical user session, an employee attempts to access the corporate benefits administration application. The application is protected by Access Manager, and Access Manager prompts the user for a username and password. First, Access Manager authenticates, or verifies that the user is who he says he is. Access Manager then allows the user access to the application.
In the same user session (without logging out of the health benefits application), the same employee attempts to access the corporate expense reporting application. The expense reporting application is also protected by Access Manager. In this second transaction, the Access Manager session service provides continued proof of the user’s authentication, and the employee is automatically allowed to access the expense reporting application. The employee has accessed more than one service in a single user session without having to re-authenticate. This functionality is called Single Sign-On (SSO). When SSO occurs among applications in more than one DNS domain, the functionality is called Cross-Domain Single Sign-On (CDSSO).