HTTP SM_USER header presence and scenario in Policy Server - Web Agent
search cancel

HTTP SM_USER header presence and scenario in Policy Server - Web Agent


Article ID: 234811


Updated On:


SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)



When running a Policy Server, when does it produce the SM_USER value ?

  - What are all scenarios to get the SM_USER header value ?
  - Does the http header SM_USER being set in Authentication failure
    scenarios or only success use cases ?
- Does SM_USER get set for the SM Authreason values 20, 22 and
    24 ?




The SM_USER will be produced on all requests as soon as the user name
is known by the Policy Server as per documentation (1).

About SM Authreason values 20, 22 and 24, which represent

  ImmedPWChangeRequired = 20
  BadPWChange = 22
  ExcessiveFailedLoginAttempts = 24

the Password Services page will use another variable. SM_USER header
being sent to the target page, this header won't be available for the
Password Services page. Instead, the out of the box Password Services
page uses the variable "username" :

  smpwservices.fcc :



Additional Information



     Generated User Attributes

    The following list contains user attributes that Siteminder
      generates automatically. These attributes can be specified as
      response attributes for Web Agent responses and are available to
      named expressions.


      The web agent places the username in an SM_USER http header variable
      for all requests. The web agent does not set the value of the
    SM_USER header variable when one of the following items are true:

       - A user does not provide a user name, such as with
certificate–based authentication.
       - A user name is not known.