How does the ACO parameter customipheader works?
What is the expected behavior among these 4 configurations of that parameter:
By default, the Web Agent obtains the requesting client's IP address from the Web Server variable REMOTE_ADDR (Remote Address) that the Web Server sets for a particular request. The Web Agent stores the client's IP address as the value in the SMSESSION cookie.
The Web Agent only accepts 1 single value motivated by security concerns.
CustomIPHeader accepts a single value because security attacks are possible if SiteMinder would allow multiple values:
Sample of an attack: