When running Web Agent, when an Ajax application makes a HTTP call to
/rocfm/fm/commonService resource, the Web Agent redirect the request
to the Credential Collector :
[10/07/2021][10:41:44][12679][473929472][CSmLowLevelAgent.cpp:510]
[IsResourceProtected][0000000000000000000000007a100d0a-3187-615ec0d8-1c3f9700-afd937c93a27]
[*10.0.0.1][][myWebAgent][/myApp/mypage/page][] [Resource is protected from cache.]
[10/07/2021][10:41:44][22207][526378752][CSmHttpCredCore.cpp:1997]
[CSmHttpCredCore::DoFormsChallenge][0000000000000000000000007a100d0a-56bf-615ec0d8-1f5fe700-afb431db7b6a]
[*10.0.0.1][][myWebAgent][/myApp/mypage/page][]
[Redirecting to credential collector
'https://myserver.mydomain.com/siteminderagent/login.fcc?
TYPE=33554432&REALMOID=06-0005c689-312d-1ea8-b4c7-4a120a320000
&GUID=&SMAUTHREASON=0&METHOD=POST
&SMAGENTNAME=$SM$VGvDwGiX8cQ48Geay6UI7uJs76QlNT0bZnLfeUeLRGZgyfeNN2y2m%2bBWB3CnIcmy
&TARGET=$SM$https%3A%2F%2Fmyserver.mydomain.com%2FmyApp%2Fmypage%2Fpage'.]
Can an expression like /rocfm/in.* be used and defined in
overlooksessionurls and is there any solution to update dynamic Ajax
pattern ?
At first glance, if the Ajax application sends the request to
/myApp/mypage/page without sending a SMSESSION cookie along, this
issue is as expected.
OverlookSessionForUrls doesn't support wildcards (1).
To handle Ajax resource, the ACO parameter WebAppClientResponse for
which the resource value can include a wildcard (2).
(1)
Webagent OverlookSessionForUrls ACO and wildcards usage
A multi value parameter is accepted but this parameter does not
accept wildcard. A complete URL should be defined.
https://knowledge.broadcom.com/external/article?articleId=49214
(2)
Web Application Client Response Introduced
Use the WebAppClientResponse ACO parameter to implement the
functionality of the web application client, while maintaining
SiteMinder security.
Resource
Specifies the protected URI to which the web application client is
making requests. If the URI of a request matches this value,
SiteMinder identifies the request as originating from the web
application client. The resource can contain a wildcard (*) for
prefix and suffix matching.
Default: No value: if this value is omitted, all resources that the
Web Agent is protecting apply to the parameter.
Value: Regular expressions are not supported.
Example: Resource=/web20/dir/*
Example: Resource=/web20/dir/*.xml
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/session-protection/apply-siteminder-behavior-to-a-web-application-client.html