Symantec Access Management

  • Private Community
 View Only

  • 1.  SiteMinder Default HTTP Headers

    Posted Nov 06, 2017 11:22 AM

    Hi ,

    In link https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP2-ENU/Bookshelf_Files/PDF/siteminder_wa_config_enu.pdf  page number 122, there is a sentence "The Agent sends these headers regardless of whether or not they are called from a Web application; however, you can disable some of these headers so that they do not use up header space." 

    Whether the header is sent only when a protected resource is called?

     

    Best Regards,

    Murali



  • 2.  Re: SiteMinder Default HTTP Headers
    Best Answer

    Posted Nov 06, 2017 05:46 PM

    Hi Murali,

     

    No, most of them are sent for both protected and unprotected resources.

     

    Few headers that I know which are sent only for protected resources are :

     

    • HTTP_SM_REALM

      Indicates the CA Single Sign-On realm in which the resource exists.

    • HTTP_SM_REALMOID

      Indicates the realm object ID that identifies the realm where the resource exists. This ID is may be used by third party applications to make calls to the Policy Server.

     

    Is there any specific headers that you are looking for ?

     

    Regards,

    Ujwol



  • 3.  Re: SiteMinder Default HTTP Headers

    Posted Nov 07, 2017 03:56 AM

    Hi Ujwol,

    Thanks for your reply.  If I understand correctly, the Headers are sent only when the session exists irrespective of being protected or unprotected.  

     

    Best Regards,

    Murali



  • 4.  Re: SiteMinder Default HTTP Headers

    Posted Nov 07, 2017 04:01 AM
    No not necessarily. For e.g even if there is no existing session if the user access unprotected resource , SSO send HTTP_SM_AUTH_TYPE header with the value Unprotected.


    However, headers related to session are sent only when the user session exists.