Siteminder default headers.

book

Article ID: 53112

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description

Can Siteminder default headers be configured as remote user variable? If yes then how and if no then is there any specific reason?

Solution

We can set the value of REMOTE_USER based on the value of variable defined in RemoteUserVar ACO parameter. But same is not recommended for default siteminder HTTP headers (rather existing HTTP headers). As per web-agent documentation, the procedure and care points for setting REMOTE_USER header:

----------------------------

By default, the SetRemoteUser parameter is set to no, which leaves REMOTE_USER blank.

  • To set REMOTE_USER to the SiteMinder logged-in user name, change the value of the SetRemoteUser parameter to yes.
  • To set REMOTE_USER to a different user name, set the RemoteUserVar parameter to the name of the response variable. For example, to return an HTTP-WebAgent-Header variable such as "user=ajohnson", set RemoteUserVar to the value user.
  • To revert to the default, which leaves REMOTE_USER blank, return the Set-RemoteUser parameter to no. To enable this feature, you must also create a Web Agent response and couple it to an OnAuthAccept rule. Select response attribute type WebAgent-HTTPHeader- Variable. Be aware that you cannot use the existing HTTP header; you must create a response and couple it to an OnAuthAccept rule.

----------------------------

Although we are able to set REMOTE_USER header based on the value of response variable value; but it's not recommended solution in customer scenario as customer is using existing default Siteminder HTTP header variable and web-agent guide refrains from doing this.

Environment

Release:
Component: SMPLC