Is it secure to use the IgnoreExt parameter on the protecting Site Minder web agent with regard to the .js files of Identity Manager?


Article ID: 48852


Updated On:


CA Directory CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting



The Site Minder web agent configuration object includes a parameter called: IgnoreExt which basically allows for a list of file extensions to be ignored by the web agent.


There is no security risk associated with using the IgnoreExt parameter for the .js files.

The reason being is that the web agent already is protecting the IME and its protected alias. Therefore a call to an internal .js file is already protected by the fact it's included in a protected realm.


Release: CAPUEL99000-12.5-Identity Manager-Blended upgrade to Identity &-Access Mgmt Ente