Recommendations

Securing communications with the syslog server

Communications between the LDAP directory and the SN SSO Agent syslog server must be in UDP. Since this protocol does not guarantee confidentiality or integrity, we recommend that you secure these communications to prevent potential security risks.

This can be done by physically segmenting the network, setting up a VLAN, or using IPSec, SSH or SSL tunnels. Alternatively, a TLS syslog server relay can also be placed between the hosts concerned.

Even though SN SSO Agent can be installed on the same machine as the LDAP directory, we recommend that you install them on separate machines.

Service restrictions

If a first session is locked but not shut down, when a second session is opened, it will replace the previous session. A user who logs in again to the first session will remain identified with the privileges assigned to the second session.

Users are therefore advised to shut down their sessions instead of locking them in case another user logs in to the same workstation.