ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Web Agent :: SMIDENTITY Cookie

book

Article ID: 49773

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

I am running Web Agent as Reverse Proxy.

In order to limit the size of the request going to a backend server, I have configured the Web Agent with the following:

DisableAuthSrcVars to yes 
DisableSessionVars to yes 
DisableUserVars to yes

But, I still see the SMIDENTITY cookie sent to the backend Application Server. Is it possible to make this cookie not sent to the backend server?

Solution:

You still see the SMIDENTITY sent to the backend server because the SMIDENTITY is a cookie.

The difference between HTTP header variables and HTTP cookie variables are that the HTTP header variables are maintained by the Server, and the HTTP cookie variable, even produced first by the Server, are sent by the browser.

Considering this, as you have seen in your architecture, the SMIDENTITY cookie cannot be blocked as per setting:

DisableAuthSrcVars to yes 
DisableSessionVars to yes 
DisableUserVars to yes

which are maintained by the Server.

The only way not to get it passed to the backend Application Server, is to disable it as per tech note:
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC457849.

There is no way to keep it enabled, and to block it then to be passed to the backend server.

Environment

Release:
Component: SMAPC
Powered by Wolken Software