SMSESSION value visible in traces for "auto-authorize" Web Agent URL's
search cancel

SMSESSION value visible in traces for "auto-authorize" Web Agent URL's

book

Article ID: 240163

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

 

When running a Web Agent as a cookie provider, when a request goes to
the SmMakeCookie.ccc, then the URL gets printed in the Web Agent
traces, as well as the SMSESSION cookie data as:

    [03/23/2022][11:35:10][985469][4101998336]
    [000000000000000000000000bc5b180a-f097d-623b05ee-f47f8700-40f25a14bf10]
    [CSmHttpPlugin::ProcessResource][Autoauthorizing URL : 
    'https://myserver.example.com/SmMakeCookie.ccc?
     SMSESSION=-SM-ahw5AP13p%2fWn9R6VJTWdOpObkKhClbsyoBPBf [...] &PERSIST=0 &TARGET=-SM-HTTPS%3A%2F%2Fmyserver.example.com%2FmyApp' , Method: 'GET' ]

 

Environment

 

  Web Agent 12.52SP1CR11 on Apache 2.4 on RedHat 7;

 

Resolution

 

Upgrade the Web Agent to 12.8 to benefit from the feature to mask the SMSESSION information from the traces.

 

Powered by Wolken Software