Idea ID: 2805998

Session Hijack/Timeout IP Whitelist

Status : New Idea
over 1 year ago

Recommending inclusion of a configurable whitelist (or option to disable feature) of ip changes to exempt from  the session hijack protections that delete saml tokens upon detecting changes to a client's ip address.

Since Sentinel 8.01-ish, Sentinel has implemented a session hijack protection feature that seems to logout user sessions if client ip addresses change.  For organizations with complex proxy environments, this can result in immediate and repeated session terminations to the extent that the product UI is unusable.  We have worked around this in the past (with involvement of NIQ support) by having our Sentinel urls whitelisted from utilizing our organization's internal proxies, but this is less than ideal.

Labels:

session management