Symantec Access Management

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

Send 401 http code instead of 302 (redirect to login) for specific url (ajax calls)

  • 1.  Send 401 http code instead of 302 (redirect to login) for specific url (ajax calls)

    Posted Oct 30, 2023 05:53 AM

    Hi all,

    We use Siteminder to ensure SSO between several applications through openid connect. However, one of these applications makes a series of AJAX calls and when the session or token expires, these AJAX calls are redirected to login (http code 302).

    I would like to configure the SSO policies so that for them it is 401. But none of the methods used worked. Has anyone tried something like this before?

    I found an older thread here that mentions this "SiteMinder doesn't provide any such option. It simply redirects user to the login page, after timeout upon user action"  , but it is 2 years old (https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?GroupId=2197&MessageKey=4475fb99-dd3a-40b6-91b5-8768922fdb71&CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295

    )

    Regards,

    Bogdan Barbu



  • 2.  RE: Send 401 http code instead of 302 (redirect to login) for specific url (ajax calls)

    Broadcom Employee
    Posted Oct 30, 2023 10:07 AM

    Hi Bogdan,

    I believe the WebAppClientResponse Agent Configuration Object parameter may do what you need. 

    You can read about it here:
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/session-protection/apply-siteminder-behavior-to-a-web-application-client.html

    Regards,
    Pete


    Original Message