search cancel

Difference between Realm and RealmOID


Article ID: 211130


Updated On:


CA Single Sign On Agents (SiteMinder) SITEMINDER



When running a Web Agent, and protecting applications, one might see
the parameters "REALMOID" or "REALM" which show different value, and
which get set in the URI of the request like :$SM$5VYFXkCsUxr25G8lni1eZq3bN7JYP2PSADDsaDWDFdferf42sd2fesWZlXAGWox7cAgsS4WRuWmDYrtS2%2bTXZ5nk3kBR%2b&TARGET=$SM$





REALMOID is the numeric part of the XID from the Policy Store realm
which is accessed :

If you run the following command on the Policy Server :

  XPSExport pstore.xml -xb -npass

and you search in pstore.xml for the number
"06-6eddcc7e-a445-5e5e-b836-6b76aeb998b3", you should fine something
like this :

  [...] Xid="CA.SM::[email protected]" [...]

and you will see the full configuration of the given realm. You will
see the same number if you run XPSExplorer and display the realm.




Out of the box, REALM Name is used for Basic Authentication Scheme and
Cert Authentication Scheme or Cert + Forms Authentication Scheme
only. You probably be using "Cert or Forms Authentication
Scheme". This behavior is not configurable outside the fact to change
the Authentication Scheme type.

Whenever a credential pop comes up, the REALM Name, as well as time at
that point, is displayed.

Note that the REALM Name is URL encoded and URL encoding is allowed in
URL by internet standards.