search cancel

Is a cookie provider necessary between the Web Agents on a reverse proxy server and backend web servers?

book

Article ID: 42060

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Introduction: 

We have a reverse proxy server and some backend web servers. Web Agent has been installed on each server and the cookie domains are different between the reverse proxy server for extranet access and backend web servers in intranet.

Question: 

Do we need a cookie provider for the cross-domain single sign-on between them?

Answer: 

No, you don’t need it.

The SMSESSION cookie received by the reverse proxy server is passed to the backend web servers as a part of HTTP request header variables. Backend web servers can receive SMSESSION cookies from the reverse proxy server without cookie provider.

Additional Information:

SMSESSION cookies are processed again on the backend web servers. If you would like to reduce the CPU load, please consider to use the ProxyAgent and ProxyTrust parameters in Agent Configuration Objects.

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component: