Symantec Access Management

    Hello All,

   I have a situation where, we need to pass HTTP Header response as per the user selection, and this user selection is not attribute of LDAP.

Below Expected flow:

User Logs in www.webagent.xyz.com (protected by webagent) gets HTTP_USERNAME=Richard.Leto, all works fine.

Once logged in user will navigate and select www.sps.xyz.com (protected by SPS) there is a drop down to select his choice say Chase bank or BofA or Citibank and many more.

application is expecting HTTP_USERNAME and HTTP_BANKNAME (as per drop down selection)

Please let me know I was able to explain the requirement or not.

Any suggestions please.

I was thinking, if something is possible to add this header from URL?

Thank you.

SPS is agent just like when a user accesses:  www.webagent.xyz.com

When they navigate to www.sps.xyz.com you will also need to create a rules with responses for the custom headers required by the application

@stephen_mcquiggan   Thanks Steve, can you please provide an example of creating custom headers.

First step you should already have realm/rule for the SPS agent and resource you are protecting

You can tie the responses to the existing rule or create OnAccessAccept rule and tie response to it

From Responses tab create new response:  Attribute: WebAgent-HTTP_Header-Variable

See below diagram Header responses called MySM_USERNAME that will have the value of SM_USERNAME (Siteminder default header)

  NOTE Attribute Name can also be any Default SiteMinder header or LDAP attribute that is part of the user object

Once the responses is create it needs to be link to the rule on the policy - see below

possibly try this.

create separate policy for each bank with the header name you like and setup the response as below

WebAgent-HTTP-Header-Variable  BANKNAME=<% userattr="SM_USERPOLICIES" %>

this will give you the bank on each response when fired. ofcourse you will need separate rules.