NOTICE: Significant community changes coming soon
The header menu and the home page on our community will be changing soon. Get more information HERE.

Session Hijack/Timeout IP Whitelist

Idea ID 2805998

Session Hijack/Timeout IP Whitelist

Recommending inclusion of a configurable whitelist (or option to disable feature) of ip changes to exempt from  the session hijack protections that delete saml tokens upon detecting changes to a client's ip address.

Since Sentinel 8.01-ish, Sentinel has implemented a session hijack protection feature that seems to logout user sessions if client ip addresses change.  For organizations with complex proxy environments, this can result in immediate and repeated session terminations to the extent that the product UI is unusable.  We have worked around this in the past (with involvement of NIQ support) by having our Sentinel urls whitelisted from utilizing our organization's internal proxies, but this is less than ideal.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.