Difference between Realm and RealmOID in Web Agent
search cancel

Difference between Realm and RealmOID in Web Agent


Article ID: 211130


Updated On:


CA Single Sign On Agents (SiteMinder) SITEMINDER



When running a Web Agent, and protecting applications, one might see the parameters "REALMOID" or "REALM" which show different values, and which get set in the URI of the request like:

https://_host.example._com/siteminder/mylogin.fcc?TYPE=33554433&REALMOID=06-6eddcc7e-a445-5e5e-b836-6b76aeb998b3&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$5VY [...omitted for brevity...] R%2b&TARGET=$SM$https%3A%2F%2F_webserver.example._com%2FmyPage.html


https://_webagent.example._com/siteminderagent/login.fcc?TYPE=16777344&REALM=$SM$MyApp-1.0%20%5B10%3A34%3A09%3A139831250261873%5D&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$Ej [...omitted for brevity...] sbrW&TARGET=$SM$https%3A%2F%2F_otherserver.example._com%2F




REALMOID is the numeric part of the XID from the Policy Store realm which is accessed:

When running the following command on the Policy Server:

XPSExport pstore.xml -xb -npass

and searching in pstore.xml for the number


something like this will be found:

[...] Xid="CA.SM::Realm@06-6eddcc7e-a445-5e5e-b836-6b76aeb998b3" [...]

and it will show the full configuration of the given realm. The same number can be seen when running XPSExplorer and displaying the realm (1). 




Out of the box, REALM Name is used for Basic Authentication Scheme and Cert Authentication Scheme or Cert + Forms Authentication Scheme only.

Whenever a credential pop comes up, the REALM Name, as well as the time at that point, is displayed.

Note that the REALM Name is URL encoded and URL encoding is allowed in URL by internet standards.


Additional Information



    Trace Message Data Fields