Use of SM_SSO_ZONE_NAME with ASA Agent on WebLogic


Article ID: 14613


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


I'm running ASA Agent for WebLogic. I'm aware that the ACO Parameters
SSOZoneName and SSOTrustedZone aren't supported for this Agent. But
from my reading, it seems I could modify the SMSESSION cookie prefix
using the "SM_SSO_ZONE_NAME" JVM parameters. But how can I set this
one on WebLogic ?


ASA Agent 12.0 for WebLogic


The SM_SSO_ZONE_NAME can be changed by setting a Java System Property
in the WebLogic startup script. The value of the property is prefixed
to Session to form the cookie name. To change the SM_SSO_ZONE_NAME
you will need to Delete the provider then restore it after rebooting

1. Log in to the WebLogic Console;
2. On the left panel, click on Security Realms, then select the realm;
3. Click on Providers tab, then click on SMIdentityAsserter;
4. Go to Provider Specific and record User Name Mapper Attribute
   string, and SMIdentity Asserter Config File name, for use when you
   restore the provider;
5. Go back to Providers tab, select SMIdentityAsserter, then click
   "Delete" and save it;
6. Shutdown WebLogic server and edit the WebLogic start script. Add
7. Now start WebLogic and login to the Console;
8. On the left panel, click on Security Realms, then select the realm;
9. Click on Providers tab, click new;
   a. In the Name, give SMIdentityAsserter;
   b. In Type drop down list, choose SiteMinderIdentityAsserter. Then
      click OK;
   c. In Common tab, click on >> button, then both XYSESSION and X.509
      would be moved to the right list;
   d. Click on Provider Specific tab, fill User Name Mapper Attribute
      string and SMIdentity Asserter Config File with previously recorded