search cancel

Siteminder default headers.


Article ID: 53112


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



Can Siteminder default headers be configured as remote user variable? If yes then how and if no then is there any specific reason?


We can set the value of REMOTE_USER based on the value of variable defined in RemoteUserVar ACO parameter. But same is not recommended for default siteminder HTTP headers (rather existing HTTP headers). As per web-agent documentation, the procedure and care points for setting REMOTE_USER header:


By default, the SetRemoteUser parameter is set to no, which leaves REMOTE_USER blank.

  • To set REMOTE_USER to the SiteMinder logged-in user name, change the value of the SetRemoteUser parameter to yes.
  • To set REMOTE_USER to a different user name, set the RemoteUserVar parameter to the name of the response variable. For example, to return an HTTP-WebAgent-Header variable such as "user=ajohnson", set RemoteUserVar to the value user.
  • To revert to the default, which leaves REMOTE_USER blank, return the Set-RemoteUser parameter to no. To enable this feature, you must also create a Web Agent response and couple it to an OnAuthAccept rule. Select response attribute type WebAgent-HTTPHeader- Variable. Be aware that you cannot use the existing HTTP header; you must create a response and couple it to an OnAuthAccept rule.


Although we are able to set REMOTE_USER header based on the value of response variable value; but it's not recommended solution in customer scenario as customer is using existing default Siteminder HTTP header variable and web-agent guide refrains from doing this.


Component: SMPLC