Symantec Access Management

  • Private Community
 View Only

  • 1.  Reset HTTP_SM_USER for Validation Identity Mapping

    Posted Dec 04, 2017 04:32 AM

    I'm using  feature and, as expected, the HTTP_Header variables are changed based on the destination User Store, HTTP_SM_UNIVERSALID included, but HTTP_SM_USER and REMOTE_USER (I need both) are not updated (they preserve the original value of the first login).

     

    Following an example:

     

    <first login against AD_example.com user-store with a user with username = grusconi>

    REMOTE_USER = grusconi
    HTTP_SM_UNIVERSALID = grusconi
    HTTP_SM_AUTHDIRNAME = AD_dummy.com
    HTTP_SM_USER = grusconi

    <then switch to a domain with user-store ApacheDS_example.com where the related validated mapped user has username = 0000001>

    REMOTE_USER = grusconi
    HTTP_SM_UNIVERSALID = 0000001
    HTTP_SM_AUTHDIRNAME = ApacheDS_example.com
    HTTP_SM_USER = grusconi

    <...I would like HTTP_SM_USER  and REMOTE_USER  have always the same value of HTTP_SM_UNIVERSALID>

     

    Gabriele



  • 2.  Re: Reset HTTP_SM_USER for Validation Identity Mapping

    Posted Dec 04, 2017 04:40 AM

    You can create custom response to override the values:


    https://support.ca.com/us/knowledge-base-articles.tec1500602.html



  • 3.  Re: Reset HTTP_SM_USER for Validation Identity Mapping

    Posted Dec 04, 2017 05:06 AM

    Hi Ujwol,

    thanks it works for SM_USER but it doesn't for REMOTE_USER; any help for that?



  • 4.  Re: Reset HTTP_SM_USER for Validation Identity Mapping
    Best Answer



  • 5.  Re: Reset HTTP_SM_USER for Validation Identity Mapping

    Posted Dec 04, 2017 05:25 AM 
    Yes, I have already set in the ACO parameter SetRemoteUser = yes

     

    otherwise the REMOTE_USER header variable would not be set.

    The issue is that it is not updated and SiteMinder response configuration allows me to set HTTP_REMOTE_USER and not the real REMOTE_USER variable.

    <result>
    REMOTE_USER = grusconi 
    HTTP_REMOTE_USER = 0000001
    HTTP_SM_USER = 0000001 


  • 6.  Re: Reset HTTP_SM_USER for Validation Identity Mapping

    Posted Dec 04, 2017 05:27 AM

    SetRemoteUser & RemoteUserVar are two different ACO.

    I was asking to set the later one.



  • 7.  Re: Reset HTTP_SM_USER for Validation Identity Mapping

    Posted Dec 04, 2017 05:32 AM

    Hi Ujwol,

    you are absolutely right, my apologies and thanks for the solution provided.



  • 8.  Re: Reset HTTP_SM_USER for Validation Identity Mapping

    Posted Dec 04, 2017 09:39 AM

    Just a added note, for REMOTE_USER we should not create a RESPONSE called REMOTE_USER in WAM UI Response. It should work purely based of the ACO Parameter SetRemoteUser & RemoteUserVar.



  • 9.  Re: Reset HTTP_SM_USER for Validation Identity Mapping

    Posted Dec 04, 2017 02:36 PM

    Yep, I think customer understands that. That was just an attempt to override its value.