search cancel

Web Agent - HTTP Strict Transport Security on Login.fcc page

book

Article ID: 254465

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder)

Issue/Introduction

Is the security policy mechanism "HTTP Strict Transport Security" supported by SiteMinder on login.fcc pages.

Environment

WebAgent for IIS

Cause

The web server contains multiple modules ( similar to a queue). The user request once it reaches the web server is processed by every module in the queue. 

For example, consider that the web server has the following modules

1)    Siteminder module
2)    HTTP cache module
3)    URL rewrite module 
4)    set header module

Every module in the queue will process the request and leaves it to the next module. The SiteMinder module is the first one to process. So finally when it reaches the set header module,  the header will be set. 

When a protected resource is accessed Siteminder will not leave the request to the next modules in the queue until the user is authenticated. So when the protected resource is accessed SiteMinder module will redirect the user to login.fcc page and end the request there itself instead of handing over the baton to the next module. So you can set set header module above all. 

Resolution

Here are the steps on how to add HSTS header to login.fcc pages on the IIS server. Please follow the below url to add your header on to IIS server

https://learn.microsoft.com/en-us/iis/configuration/system.webserver/httpprotocol/customheaders/

1.Select Start, select Administrative Tools, and then select Internet Information Services (IIS) Manager.

2.In the connections pane, expand the node for the server, and then expand Sites.

3.Select the web site where you want to add the custom HTTP response header.

4.In the web site pane, double-click HTTP Response Headers in the IIS section.

5.In the actions pane, select Add.

6.In the Name box, type the custom HTTP header name.

7.In the Value box, type the custom HTTP header value.

8.Select OK.