We're running a CA Access Gateway (SPS), and when a user successfully login inthe SPS, then the backend server application return error message :
Your Not a Authorised User, Please Contact System Admin
User log in by Windows Authentication Scheme. The SM_USER header hasthe value with the domain with it as :
We have configured a response to produce the header HTTP_SM_USER forwhich the user hasn't the DOMAIN prefixed
But we cannot modify the application code to look at HTTP_SM_USERvariable that has the user id without the preceeding Domain name. Theapplication can only read the default header SM_USER.
How can we get the SM_USER value without the DOMAIN\ as prefix ?
Policy server 12.7SP0CR00 on windows 2012;Access Gateway Server 12.7SP0CR00 on Windows 2012;
You can :
1 - Use a CA Access Gateway (SPS) post filter.
You might work around this out of the box behavior by setting a filteron the CA Access Gateway (SPS) to modify the Header name and its value :
setHeader(java.lang.String name, java.lang.String value)
Sets a header with the specified name and value. If a header withthe same name exists it will be overwritten.
Parameters:name - a String specifying the header namevalue - a String specifying the header value
2 - Use the GD SmOverrideAuth module to modify the value of theSM_USER value.
The out of the box SM_USER value may be also overriden by using the GDmodule "SmOverrideAuth" as described here :
Remove <domain>\ from user name when using IWA
There is another option. If you really need the value stored in theSiteMinder SMSESSION cookie modifed to be just the loginID, withoutthe domain prefix, there is a CA Services, Global DeploymentPre-built PWP (aka module) called SmOverrideAuth that will meet thisrequirement. It actually allows you to set SM_USER to the value ofany attribute in the user's record, although normally the loginID isused. Note however that this is a separately priced item, it is notpart of core SiteMinder. You can contact Sid Mautte(Sid.MautteIII@ca.com) if you would like to find out more about this module, or you can contact your CA Sales Representative and ask themto open a Service Request for SmOverrideAuth.
CA Global Delivery Packaged Work Product Download Index
Override Authentication Login for CA Single Sign-On
KB : KB000117269