ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

SM_USER header value in IWA authentication scheme.


Article ID: 40906


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



When implementing IWA authentication and it seems that SM_USER is in the format of DOMAIN\UID. What is the solution to set the SM_USER to just UID? 



Policy server version: Any version that supports IWA authentication

Policy server OS: Windows 2008 R2, 

Webagent version: Any version

Webagenr Version: Windows 2008 R2



The header can be overwritten from a custom header response on

the get/post/etc named "SM_USER". Please follow the below steps:

- This would be a "SiteMinder Web Agent Response"

- The attribute will be "Web Agent HTTP Header Variable"

- The kind would be "User Attribute"

- The variable name would be "SM_USER"

- The attribute name is whatever you want to give, example: samaccountname


If you wish to change the value in the cookie we would need to either use a

custom module or open an enhancement request.


Component: SMIIS