NAM IDP User Session – View Session Details or Terminate User Session(s)

NAM IDP User Session – View Session Details or Terminate User Session(s)

1. Introduction / Use cases


NetIQ Access Manager creates user session after validating user’s credentials and terminates /removes user session only when the user manually logs out, or if the user’s session timeout expires due to inactivity.

An organization may have a requirement to find out the number of active sessions and number of unique user’s session. This solution will enable NAM administrator to detect active user sessions, session details (for example session ID, last login time, Remote IP, IDP Roles etc.) and terminate user session(s).

2. Solution Steps


2.1 Copy files


Download SessionJSP.zip file and extract it.

  • Copy sessionDetails.jsp, killSession.jsp and getUserSession.jsp into IDP server’s “/opt/novell/nids/lib/webapp/jsp” location.

  • Copy delallsession.png and del.png file into “/opt/novell/nids/lib/webapp/custom_images” location. You may need to create custom_images directory (if it is not available) under webapp.


2.2 Access IDP Session Details Page


Access NIDP Portal Page: https://<SSO domain>/nidp/portal

Login into NIDP portal using valid credentials. Once your session is established with IDP, try to access URL: https://<SSO doamin>/nidp/jsp/getUserSession.jsp

2.3 Session Details and Kill Session(s)


User Session page should display list all active user’s sessions.



Click on the Session ID link to view session details (Last Login time, User’s IP, IDP Role etc.):



The user might have multiple session if the user has logged in from a different browser. You may choose to kill a single session or Kill all sessions for a user.

Kill a single session:

To kill/remove a single session, click on the cross button located with the session ID.





Kill all sessions for a User:

To kill/remove all sessions for a user, click on the Kill All button.



Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
Is there a way to secure the pages so that only administrator can access? The current one allow all authenticated users to access them.
Thanks
Hello,
I have modified the getUserSession.jsp and added a list of allowedAdminUser. Just put your admin user's name on the list (for example admin1, admin2 etc. ) and deploy the latest getUserSession.jsp file in IDP server.

https://www.netiq.com/communities/cool-solutions/wp-content/uploads/sites/2/2018/06/getUserSession.jsp_.txt

Please let me know if this fulfills your requirement.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2018-03-07 22:16
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.