Why was my session terminated for security reasons? (IP address discrepancy)

	English	
Deutsch Español Français (France) Italiano 日本語 한국어 Polski Português (Brasil) Русский 简体中文

Support Note KB0394017

Symptom

Why am I being logged out of the Ariba system with the following security warning error message:

Ariba had to terminate your current session for security reasons because we have identified a discrepancy in your current IP address from the IP address used in previous requests. Please return to the Ariba Login page and log in again to reset your session credentials.

Resolution

There are two possible solutions:

Solution 1: Obtain a static IP Address for the machine that connects to Ariba

Additionally, because access into Ariba involves entrance into a secure site, you may need to ensure that the Uniform Resource Locator (URL) is added to your browser's list of trusted sites. Failure to do so may result in a "Session Timed Out or Terminated" message.

To add Ariba to a list of trusted sites in Microsoft Internet Explorer:

From an open browser window, select Tools from the menu bar at the top of the screen.
Choose Internet Options.
Access the Security tab.
Click the green Trusted Sites icon.
Click on the Sites.

Ensure that the box beside Require server verification (https:) is unchecked.

Enter *.ariba.com in the Add this web site field.
Click Add.
Click OK.

Solution 2: Submit a Case to Ariba support to change the Remote Host Checking Settings

Ariba has introduced settings that allow each customer to control the Remote Host Checking Settings for their sites. There are two means in which this can be configured:

SAP Support can define a set of IP addresses that are considered safe, or trusted. When trusted IP addresses are defined, if Ariba detects a significant change in a user's IP address, it first checks the list of trusted IP addresses. If the address is on the list, the user's session continues to work.
SAP Support can Disable Remote Host Checking for the customer realm.

If you wish to have this configuration changed for your sites, please contact SAP Support and provide the preferred setting changes requested.

This feature acts as a security check to protect against hacking and fraud, and remains standard acr

oss the Ariba on-demand solutions.

This issue is most frequently caused by non-optimal network configuration at your location, including configuring multiple load-balancing internet proxy servers with very different IP addresses. You may wish to consult your IT organization about your network setup.

This can occur when traveling from your office to work at home, switching networks, or logging into your Virtual Private Network (VPN). Ariba checks the Internet Protocol (IP) address of a user upon every action they attempt to make in Ariba (clicking a button, opening a document, approving a document, etc.). If the IP address does not match the previous IP address, then, the system ejects the user for security reasons. Most frequently, this occurs due to a user switching networks or from a dynamic IP address (balance-loaded Internet).

Many companies use proxy or network address translation (NAT) servers, which talk between user's browsers and Internet sites, such as Ariba. For these companies, Ariba can only see the IP address of the proxy or NAT server, not the IP address of the user's machine.

Some of these companies use load-balanced proxy or NAT servers, such that some requests go through one proxy, and others go through another. This presents Ariba with the IP address of the first proxy server on the first request, and, then, the second proxy server on the second request.

Ariba considers an IP address different from another (in the context of session management) if the first two octets do not match. For example, 10.10.10.101 and 10.10.11.178 do not cause a session timeout, whereas 10.10.10.101 and 10.11.11.135 do cause a session timeout. In other words, the first two sets of numbers within the IP address must stay the same, or Ariba times out the session.

See Also

This feature acts as a security check to protect against hacking and fraud. Thus, it remains standard across the Ariba on-demand solutions.

This issue is most frequently caused by non-optimal network configuration at your location, including configuring multiple load-balancing internet proxy servers with very different IP addresses. You may wish to consult your IT organization about your network setup.
This can occur when traveling from your office to work at home, switching networks, or logging into your Virtual Private Network (VPN). Ariba checks the Internet Protocol (IP) address of a user upon every action they attempt to make in Ariba (clicking a button, opening a document, approving a document, etc.). If the IP address does not match the previous IP address, then, the system ejects the user for security reasons. Most frequently, this occurs due to a user switching network or from a dynamic IP address (balance-loaded Internet).
Many companies use a proxy or network address translation (NAT) servers, which communicate between the user's browsers and Internet sites, such as Ariba. For these companies, Ariba can only see the IP address of the proxy or NAT server and not the IP address of the user's machine.
Some of these companies use load-balanced proxy or NAT servers, such that some requests go through one proxy, and others go through another. This presents Ariba with the IP address of the first proxy server on the first request, and, then, the second proxy server on the second request.
Ariba considers an IP address different from another (in the context of session management) if the first two octets do not match. For example, 10.10.10.101 and 10.10.11.178 do not cause a session timeout, whereas 10.10.10.101 and 10.11.11.135 do cause a session timeout. In other words, the first two sets of numbers within the IP address must stay the same, or Ariba times out the session

Applies To

Catalog Management
Core Procurement > Core Administration > Core Administration Dashboards
Core Procurement > Core Administration > Core Administration User Management
Invoicing
SAP Business Network for Procurement & Supply Chain
SAP Business Network for Procurement & Supply Chain > Discovery & Sourcing/Contract Punchout Scenario
Spend Visibility
Strategic Contracts
Strategic Sourcing
Supplier Information & Performance Management