search cancel

Is a cookie provider necessary between the Web Agents on a reverse proxy server and backend web servers?


Article ID: 42060


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



We have a reverse proxy server and some backend web servers. Web Agent has been installed on each server and the cookie domains are different between the reverse proxy server for extranet access and backend web servers in intranet.


Do we need a cookie provider for the cross-domain single sign-on between them?


No, you don’t need it.

The SMSESSION cookie received by the reverse proxy server is passed to the backend web servers as a part of HTTP request header variables. Backend web servers can receive SMSESSION cookies from the reverse proxy server without cookie provider.

Additional Information:

SMSESSION cookies are processed again on the backend web servers. If you would like to reduce the CPU load, please consider to use the ProxyAgent and ProxyTrust parameters in Agent Configuration Objects.


Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus