The Site Minder web agent configuration object includes a parameter called: IgnoreExt which basically allows for a list of file extensions to be ignored by the web agent.
There is no security risk associated with using the IgnoreExt parameter for the .js files.
The reason being is that the web agent already is protecting the IME and its protected alias. Therefore a call to an internal .js file is already protected by the fact it's included in a protected realm.
Release: CAPUEL99000-12.5-Identity Manager-Blended upgrade to Identity &-Access Mgmt Ente