33.10.3 Checking Session Assurance Configuration Details

You can check the configuration details in the debug log files. In the catalina.out, you can check whether Session Assurance is initialized, what parameters are enabled, and the time-frequency. The log file captures first request and further evaluation after login exceeds time interval.

If an error occurs while initializing Session Assurance, it gets disabled.

Example Log Snippets

Information about whether Session Assurance is enabled:

<amLogEntry> 2016-09-06T19:19:34Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.initializeFPConfiguration
Thread: RMI TCP Connection(1)-127.0.0.1
Session assurance enabled true 
</amLogEntry>

Information about whether Session Assurance initialized

<amLogEntry> 2016-09-06T19:19:34Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.initializeExcludeListSetting
Thread: RMI TCP Connection(1)-127.0.0.1
Session Assurance : User Agent Exclude list [NMA_Auth] </amLogEntry>

Session Assurance IDC cookie grace period is 20 seconds

<amLogEntry> 2016-09-06T19:19:34Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.getNidpConfigPropertyInt
Thread: RMI TCP Connection(1)-127.0.0.1
Property read from edirectory configuration store --------> Property:SESSION ASSURANCE IDC COOKIE GRACEPERIOD Value: 20 
</amLogEntry>

Session Assurance interval is 1.0 minute

<amLogEntry> 2016-09-06T19:19:34Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.initializeFPConfiguration
Thread: RMI TCP Connection(1)-127.0.0.1
Session assurance interval 1.0minutes 
</amLogEntry> 

Parameters being evaluated in the fingerprint are Client IP, User-agent, Hardware Parameters, Operating System, Screen Resolution and TimeZone Offset.

Session assurance plan <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FingerprintConfiguration Enabled="true" ID="IDP" TriggerTimer="1" MatchLevel="100">
    <PropertyParams PropertyName="clientIP" PropertyRequired="true"/>
    <PropertyParams PropertyName="colorDepth" PropertyRequired="true"/>
    <PropertyParams PropertyName="cpuArchitecture_cpuArchitecture" PropertyRequired="true"/>
    <PropertyParams PropertyName="deviceTouchPoints" PropertyRequired="true"/>
    <PropertyParams PropertyName="deviceType" PropertyRequired="true"/>
    <PropertyParams PropertyName="operatingSystem_osName" PropertyRequired="true"/>
    <PropertyParams PropertyName="operatingSystem_osVersion" PropertyRequired="true"/>
    <PropertyParams PropertyName="user-agent" PropertyRequired="true"/>
    <PropertyParams PropertyName="screenResolution_availableScreenResolution" PropertyRequired="true"/>
    <PropertyParams PropertyName="screenResolution_screenResolution" PropertyRequired="true"/>
    <PropertyParams PropertyName="timezoneOffset" PropertyRequired="true"/>
</FingerprintConfiguration>
 </amLogEntry>

List of server-side parameters: Client IP and User Agent

<amLogEntry> 2016-09-06T19:19:34Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.initializeFPConfiguration
Thread: RMI TCP Connection(1)-127.0.0.1
Server Side Fingerprint Attributes [clientIP, user-agent] </amLogEntry>

List of client-side parameters: Hardware Parameters, Operating System Parameters, Screen Resolution, Time Zone Offset

<amLogEntry> 2016-09-06T19:19:34Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.initializeFPConfiguration
Thread: RMI TCP Connection(1)-127.0.0.1
Client Side Fingerprint Attributes [colorDepth, cpuArchitecture_cpuArchitecture, deviceTouchPoints, deviceType, operatingSystem_osName, operatingSystem_osVersion, screenResolution_availableScreenResolution, screenResolution_screenResolution, timezoneOffset] </amLogEntry>

Information about whether exclude has been configured for any resource

<amLogEntry> 2016-09-06T19:19:34Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.getNidpConfigPropertyString
Thread: RMI TCP Connection(1)-127.0.0.1
Property read from edirectory configuration store --------> Property:SESSION ASSURANCE USER AGENT REGEX EXCLUDE LIST Value: Android 4\. </amLogEntry>

<amLogEntry> 2016-09-06T19:19:34Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.initializeExcludeListSetting
Thread: RMI TCP Connection(1)-127.0.0.1
Session Assurance : User Agent Regex Exclude list [Android 4\.] </amLogEntry>