Environment
NetIQ Access Manager 4.3
Situation
Session Assurance Request parameters offer the option to check IP address and 'Request Header set'. The help screen for the request header set indicates that we look at the 'User-agent, Accept-Language, Accept-encoding and so Forth' http headers. WHen testing this, it appears that we only look at the User-agent as any change int he Accept-* headers do not trigger a session assurance error.
Resolution
fixed in 4.3.1.
4.3.1 Fetches accept, accept-charset, accept-encoding and accept- language from the request headers of the incoming request.