Layer7 Access Management

Expand all | Collapse all

HTTP Response headers in Siteminder.

Jump to Best Answer
  • 1.  HTTP Response headers in Siteminder.

    Posted 12-13-2016 08:08 AM

    I've defined few HTTP Header responses in my siteminder environment according to the attributes predefined in application.
    But while running application i'm unable to see the response headers.

    I tried using Fiddler to test, but i could only get SMIDENTITY & SMSESSION data in headers.!

    Furthermore i tried dumping all the HTTP headers using the code found at : Pedro's Neglected Tech Blog: Quick and Easy HTTP Header Dump ASP.Net Page - No Compilation Needed! .

     

    But i could only get the default values of siteminder i.e username is in default value SM_USER and other fields respectively.

    Any suggestions where flow maybe wrong.?



  • 2.  Re: HTTP Response headers in Siteminder.

    Posted 12-13-2016 08:27 AM

    Hello,

     

    You should be able to see HTTP headers in the ASP page only, you will not see them in Fiddler.

    For your response, make sure that you create a Response Attribute : WebAgent-HTTP-Header-Variable type.

    Make sure that your response is bound to a policy that will be triggered during Authorization.

    You can check them by looking at the PS traces or in the Webagent traces during the authorization process.

     

    Hope it helps,

    Julien.



  • 3.  Re: HTTP Response headers in Siteminder.

    Posted 12-14-2016 01:09 AM

    Thanks for the tip but yes i'm sure that

    • I've created a Response Attribute : WebAgent-HTTP-Header-Variable type.
    • Response is bound to a policy that will be triggered during Authorization and is for the same domain.

    Looking at the PS traces i have the logs as:-

    [Connection CA SiteMinder DSN: Checking connection is successful.][][][][11:18:06][Inactivate connection.][][][]
    {Connection CA SiteMinder DSN: Changing object state 'Active' to state 'Available'.][][][]
    [Successful check status of server or connection][][][]
    [Cleanup the object cache.][][][]

    • The Webagent trace logs shows:-

    [7132][2428][000080fe00000000cf2a59043300bd95-1bdc-585032db-097c-00e35af1][ProcessRequest][Challenge Manager returned SmExit, end new request.]
    [7132][4772][][CSmIIS70Module::Shutdown][IIS 7.0 Native Module shutting down.]
    [7132][4772][][Shutdown][High Level Agent shutting down.]
    [7132][4772][][Resource Manager][Shutdown.]

    [7132][4772][][Session Manager][Shutdown.]



  • 4.  Re: HTTP Response headers in Siteminder.

    Posted 12-13-2016 03:01 PM

    Make sure you have ACO properly configured, e.g.

    DisableAuthSrcVars=No

    DisableSessionVars=No

    DisableUserNameVars=No

    DisableUserVars=No.

    Once you meet application requirement,  then decide turn any one of them off as needed.

     

    BTW, "SM_USER HTTP header is returned with empty value" vs. "SM_USER is not returned at all" are two different problems. Web agent trace and policy server trace log can show what is set or not, once header dump page is accessed.

     

    Thanks,

    Hongxu



  • 5.  Re: HTTP Response headers in Siteminder.

    Posted 12-14-2016 01:15 AM

    Hi there,

     

    I verified my ACO configuration

    i.e. 

    • DisableAuthSrcVars=No
    • DisableSessionVars=No
    • DisableUserNameVars=No
    • DisableUserVars=No.

     

    SM_USER is returned but it is in the default parameters not as customized by application..

    Thanks,

    Hridyesh

     



  • 6.  Re: HTTP Response headers in Siteminder.

    Posted 12-13-2016 04:59 PM

    The most important point is , these are SERVER side headers not CLIENT side, so you won't able to view them using the Fidddler.

     

    You will need to user server side script such as ASP/JSP to be able to dump these headers :

    Scott Forsyth's Blog - Viewing all Server Variables for a Site 

    Print out HTTP Request Headers : HTTP Header « JSP « Java Tutorial 



  • 7.  Re: HTTP Response headers in Siteminder.

    Posted 12-14-2016 01:54 AM

    Hey Ujwol,

     

    I've tried out the code given for C#  :- 

     

    <% @ Page Language="C#" %>
    <%
    foreach (string var in Request.ServerVariables)
    {
      Response.Write(var + " " + Request[var] + "<br>");
    }
    %>


    But it is same as the last one i tried. I'm getting the username in default HTTP header SM_USER not in the custom given by application.

    Thanks,

    Hridyesh



  • 8.  Re: HTTP Response headers in Siteminder.

    Posted 12-14-2016 04:29 AM

    What rule have you associated the response with?

    Try linking it with OnAuthAccept or OnAccessAccept  action.


    Also the enable all data/component in PS trace profiler. You should see the Policy being triggered, Response being set.



  • 9.  Re: HTTP Response headers in Siteminder.

    Posted 12-14-2016 08:47 AM

    Thanks Ujwol but it didn't work as expected.

    I had to re-create rules and responses altogether. Now it is passing the appropriate response to the application.

     

    Thanks,

    Hridyesh



  • 10.  Re: HTTP Response headers in Siteminder.

    Posted 12-14-2016 02:17 PM

    So what changes did you do while creating rule/response second time?



  • 11.  Re: HTTP Response headers in Siteminder.

    Posted 12-15-2016 01:29 AM

    Nothing special but i stopped policy server after creating the rules and responses then restarted it after few minutes.(around 10 minutes ).
    Also restarted the IIS

    This worked for me.



  • 12.  Re: HTTP Response headers in Siteminder.
    Best Answer

    Posted 12-15-2016 01:54 AM

    so it must be the caching issue.



  • 13.  Re: HTTP Response headers in Siteminder.

    Posted 12-15-2016 06:32 AM

    Idk for what reason the custom user variable stops publishing the response for the attribute value randomly then automatically starts publishing it after sometime.
    Any idea how to remove this persistent issue.?



  • 14.  Re: HTTP Response headers in Siteminder.

    Posted 12-15-2016 10:28 AM

    Hi Ujwol,

     

    Even I am facing same issue. I am able to see the header in webagent logs but application team says they are not receiving at their end.

     

    I can see all default headers are enabled in ACO and response is mapped to allow access policy.

     

    DisableAuthSrcVars=No

    DisableSessionVars=No

    DisableUserNameVars=No

     

     

    WebAgent Logs:

    [12/06/2016][18:09:13][2304][3508487936][CSmHttpPlugin.cpp:2643][CSmHttpPlugin::ProcessResponses][0000000000000000000000000c0cca0a-0900-5846fec9-d11f4700-45101bb2a6c0][*10.145.67.224][][TestApp_webagent][/App/][test123][Processing Authorization responses.]
    [12/06/2016][18:09:13][2304][3508487936][CSmHttpPlugin.cpp:2650][CSmHttpPlugin::ProcessResponses][0000000000000000000000000c0cca0a-0900-5846fec9-d11f4700-45101bb2a6c0][*10.145.67.224][][TestApp_webagent][/App/][test123][Removing HTTP cache request headers.]
    [12/06/2016][18:09:13][2304][3508487936][CSmHttpPlugin.cpp:2731][CSmHttpPlugin::ProcessResponses][0000000000000000000000000c0cca0a-0900-5846fec9-d11f4700-45101bb2a6c0][*10.145.67.224][][TestApp_webagent][/App/][test123][Setting custom HTTP header variable: 'HTTP_SSOID=test123' from Policy Server]

     

     

    Application Logs:

    headerName : accept headerValue=image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
    headerName : cookie headerValue=JSESSIONID=C9F80508F57E24A374B49C10A7C35F3F.node1; s_pers=%20gpv_p8%3DEP%253ANwsEv%7C1480698273392%3B%20s_prevPage%3DEP%253ANwsEv%7C1480700013294%3B; ADSMSESSION=zq60H9akK/Z6iGaGg/Eran05/j2ffxhIhZBW+E2DBbd8UNUGkoqcb2ebljJd+jdF/cpsYkqOsC5/MwtytOBPR7NvZtB1CwA6GtnnY0vK8tXU4llMTQoDjODKVq47Q3myywshnRJm/KsYS7H9mVxqJzn7dutMDVmMxI1rzSKDsRq3IwdOqAkAP0KTqhEm6qONVtPTfJVKSg5e8cazzD1fX80gI+MH2W2o0W3hNdz0o4CSolR0A2t7/jr2+nbAGmteHkklS1FiG7PElJ5nDnNbs71D81ZPHYJ/APcfugw/4kuc7j+Db6hSNkg5XQYJpCaebr3tjaZTA+YamMZeDTBxpAf76MXetkU0CZPMhYnCWWr1lulnrKBLq0ci7G4CJoVPH7SnEjL9q5F704fACrSwnRuDQTcBLoZDotVxod19UWjfsOD0wijy67ZE+pLTEIlOdUpg0te+KeK5dVDkU3psyZYOM5pRSUr5PonD/XOE9a65jCYt71oWDB2qsvaZDtBosH+TFsYaPumuFW2rErJPS3pogXusljuPx9Lih7IjGbbf+K3Tuiey8hzPMFU0iUu651xpfzw3eVdV3PvRJRs8+igZNbjV3AmpPAOCilj4D4dHf/O/Cr5aeifx3V8kd7I2FxqTRoJAgcihBw1wqF7qGKBn648TXDy+iopBJJ/g9Sy2UxrqEcjiL09lXGId9bA0sooOCYK+MNKKfWzHI6qg90+qrTCC1OzDW7MYkGNAySAaayloU1x8SSpR6DgCu+9clHN0YcUvtjcOCYvbgbYAfji9koxNaNNPbyJeRKTzoJjioC75VxH2544AOmZgv69dbIJyyCv/LaUXksDWOAoz95484mOLf3HrawCg/7sObPHqS3d3SckTCR5Siy7B3Eu+V0yZ3snNVJMFIr+c4WW8TKWFyLgyV8gp8hPgZwoWGsw8V8FrKxuVDPPABrSz01bWy9Col1+cFo2F6Gcpcs1It/x+lmt6fr7C3nshUEwo3BO8OV5LiCUSxIONswixieYOYEkfdIVzE/vb9vTfGox3l/hd+AekSloa1iIcbqlG/IwHD+VrjpEOJ3y0yiRkjFo2gM5182RUZoks6fsmYmRAIuwqTFi2iQe1MUwgzPCT/GWmY286IOD+g51wDLcDE3at1c8TAIAjMUrWvbLedHNIQgCToGtIZ7y7; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; SMSESSION=QPO4I61zwdjv7pveBhCtNxTfEDK/TUj/Md9MVP0WSdAR1BioFb48jiBOZ2eZ+qd5/UlArucVbDRUTfFGvgQwnILE80GcjeXveJa5p0gkVsErqShhtZmFQ2IXB2TBp1KbhWJUik5WHetKSU+RpM7n7Tcl7kES8n4b492lzXnOVfMKob+O1yjmFrircXznAQP/A+m8/HWr06A3qcxVUToq5Nya3qCJZerSGzuYdEeXaMWulKubyaAcAnjrg/cE7LtWahErTdYQivsUe6mYD34uagNZf6FIsnfgHL+uQ+Gz0nIMSDNcJ1QcOL3vG2l83FrqQ6hXfmaa9ZVZY8DQlLKUjEY5noakfhii4MGBJ6H5HBnk0z1KQHYxB6+4vrnF5JL1EKUUVHJSgKLGSi8je7o/wsrdmTaRZviw21fa+c8RcCfBsMKOObRIQ9Z3jb+/RYVgwjS2bgZdJiDfCSijHofV/1KIXqwgqlkVBN0Yl4PRH/Ll67IYh8EZgbKymkUapEJlYSgZgNrFiJ4c/BbQGJBaHwjFvZqTzztq2VHR7hfPsX0kcNtF3NNZSZFHCIRUveRnQElDyoXHidK+qV71qDlheaIX3KDYKp5kV58xUfCD3RH5mYtZ4L5m3kw7iTSXQ9LW7TItyVKmnaMOXErX9fMhCJ1Qv+xJu2EQVhm60G+MExs2YK9lifiOxyv8nrpJ0Gd4+A8Qg3BaspIfaScf99YsSgyImhKwkDIRAiKNNjAmcOggytif1Pg0WBJdfKTzrKxuBL196BXAVq+zl/jszWHBngy7qH3QLHm1C/4jViS71vLBkjYhHrAoGvUK5EaU1FEjCFNgP0PuoHNqzClj6c2shZ8ecCckvRC7ECkITxsxiRi62y4XgikybL0atlZ3wAQ2KOAHydV8Y9Kik/RcmaB/Hwk0dLxkXvnjXbvoNkrIXQYk+mRwMLj2yTo7WaWKn8pA0MRAFUrlfCOyR/5jVlmE4sD7Wb/Gzi41Kw+Zb35ehv+LsBJHfpZj/jP9XQsK8m35CuW3eVZlaiYuy1UEy5BUm50dVQDp3kLEWyXX4TQZs+bLyGknZo9xxGHeVfXUF7RGrBlOBDkiUEEiUIWzdynSR8Nw96ZHZRby5bL0h76oUD3jjLwGGNsRfDew3UmOzshea2oY0hGWrBTrIeykP8niM223lXW1xVXSgIWF3poa6qOCPHz4xmUuqcR7/Odxvc/pgN+K252zEIvTmq28FL+zwRei/qgStgtgZxwJitsftZdMfv54NqlBKuzJ1sbgvaKH
    headerName : Accept-Language headerValue=en-US
    headerName : user-agent headerValue=Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
    headerName : host headerValue=app.dev.abc.com
    headerName : Accept-Encoding headerValue=gzip, deflate
    headerName : DNT headerValue=1
    headerName : connection headerValue=Keep-Alive
    headerName : Cache-Control headerValue=no-cache
    headerName : SM_TRANSACTIONID headerValue=0000000000000000000000000c0cca0a-7055-5841a97f-a9a700-58343850c42
    headerName : SM_AUTHTYPE headerValue=Auto
    headerName : SM_SDOMAIN headerValue=.abc.com
    headerName : content-length headerValue=0
    Updated SecurityContextHolder to contain null Authentication
    Authentication request failed: org.acegisecurity.BadCredentialsException: The expected username was not recieved in the header.
    Failed to login: The expected username was not recieved in the header.



  • 15.  Re: HTTP Response headers in Siteminder.

    Posted 12-15-2016 02:51 PM

    Is the application not receiving headers consistently?

    What is your web/app server?



  • 16.  Re: HTTP Response headers in Siteminder.

    Posted 12-16-2016 12:53 AM

    The application is hosted in IIS Server with Siteminder agent for IIS .

    It receives the HTTP headers and header dump code shows the attribute with the values.But it randomly stops displaying the value of the attribute and keeps on publishing the header attribute name 

    I tried to print the value of user login from session and the application has the value of user logged in.