Idea ID 2805998
Recommending inclusion of a configurable whitelist (or option to disable feature) of ip changes to exempt from the session hijack protections that delete saml tokens upon detecting changes to a client's ip address.
Since Sentinel 8.01-ish, Sentinel has implemented a session hijack protection feature that seems to logout user sessions if client ip addresses change. For organizations with complex proxy environments, this can result in immediate and repeated session terminations to the extent that the product UI is unusable. We have worked around this in the past (with involvement of NIQ support) by having our Sentinel urls whitelisted from utilizing our organization's internal proxies, but this is less than ideal.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.