Is it secure to use the IgnoreExt parameter on the protecting Site Minder web agent with regard to the .js files of Identity Suite?
search cancel

Is it secure to use the IgnoreExt parameter on the protecting Site Minder web agent with regard to the .js files of Identity Suite?

book

Article ID: 48852

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Suite CA Identity Portal CA Identity Governance

Issue/Introduction

The Site Minder web agent configuration object includes a parameter called: IgnoreExt which basically allows for a list of file extensions to be ignored by the web agent.

 

Environment

All Identity Suite

Resolution

There is no security risk associated with using the IgnoreExt parameter for the .js files.

The reason being is that the web agent already is protecting the IME and its protected alias. Therefore a call to an internal .js file is already protected by the fact it's included in a protected realm.

Identity Portal - SiteMinder Configurations

SiteMinder - Ignore Unprotected Resources

Powered by Wolken Software