SM_UNIVERSALID header unable to pass when loggedin via IWA on dev environment
search cancel

SM_UNIVERSALID header unable to pass when loggedin via IWA on dev environment


Article ID: 134423


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER


We're running a Web Agent and when a user get authenticated by Windows Authentication Scheme, then the header SM_UNIVERSALID doesn't get filled and passed to the application. We noticed this happens on unprotected resource after authentication.


How can we fix this ?


  Policy Server 12.52SP1CR05 2113 on SunOS;

  Web Agent 12.52SP1CR09 2614 on IIS 8.5 64bit on Windows 2012 R2 64bit;

  Web Agent Cookie Provider 12.52SP1CR02 766 64 bit on Apache 2.2.11 on SunOS;


In order to get the SM_UNIVERSALID header on unprotected application, you have to set the ACO parameter :


PreserveUniversalID = yes


1. This parameter has been added in Web Agent 12.52SP1CR08 and it  is documented here :


   New ACO Parameter preserveuniversalID


     From 12.52 SP1 CR08, you can configure the preserveuniversalid ACO

     parameter to set Universal ID to non-protected resources too when a valid SMSESSION cookie is available.

   So said, if you don't set it or if you run version before 12.52SP1CR08, you won't be able to get the SM_UNIVERSALID on unprotected resource.


   Historically, some Customers reported a security issue when the SM_UNIVERSALID is produced on unprotected page. That's the reason

   why this header has been removed from the processing of the unprotected resource.


   Since 12.52SP1CR08, you have the possibility to choose if you want the header on unprotected resource or not. By default (if not set), it is disable and the header will not show up on unprotected resource.


2. For a list of recently modified ACO parameter, rely on the release notes and documentation :


   Cumulative Releases


   List of Agent Configuration Parameters