Symantec Access Management

  • Private Community
 View Only

  • 1.  How to view and capture/use "smauthreason" header for authentication failure.

    Posted Mar 22, 2016 12:58 PM

    Hi,

    our application team wants to capture siteminder header "smauthreason" to use that header for application side authentication failure response code, as of  CA documentation  all default  headers will be passed to webserver and application but we couldn't find them in browser debugging mode , is there any way to view them in browser or any tools available to capture them ??

     

    Our main Idea to capture smauth reason header :

    1) To set authentication failure response message to user whenever user enters invalid credentials .

    2) need suggestions on how we can use headers to use in authentication failure responses at back end application side

     

    thanks and regards

    venkat



  • 2.  Re: How to view and capture/use "smauthreason" header for authentication failure.
    Best Answer

    Broadcom Employee
    Posted Mar 22, 2016 02:54 PM

    You can see all SiteMinder generated headers in the header capture tool/page. I dont think you can see them in the browser debug tool. You need to use a (ASP, JSP, etc) header dump page to see them. These are all server side headers so you cant see them in Fiddler or any type of browser tool. Here are the header that I see from a successful authentication (captured with JSP header dump tool):

     

    sm_transactionid0000000000000000000000008df5a8c0-1af6-56f1924b-cad2d700-4a98383e8dfc
    sm_sdomain.sp.demo
    sm_realmSP : Target page protection Realm1
    sm_realmoid06-000b6fbc-33ff-116c-af93-f584c0a8901c
    sm_authtypeSAML Assertion
    sm_authreason0
    sm_sessiondrift-1
    sm_authdiroid0e-00053cc3-f3af-13e2-9dff-f58cc0a8901c
    sm_authdirnamesp1dir1
    sm_authdirserverustore1.com
    sm_authdirnamespaceLDAP:
    sm_useruid=idpuser,ou=people,o=empire
    sm_userdnuid=idpuser,ou=people,o=empire
    sm_serversessionid6C4o8b9omA+NF1eE+ty6nNeX6EU=
    sm_serversessionspeczwXx9UwUfihlUIlKUcMJMJeefGj0uvBSbo7nWohGBtfBh
    sm_timetoexpire3600
    sm_serveridentityspec


  • 3.  Re: How to view and capture/use "smauthreason" header for authentication failure.

    Posted Jan 05, 2017 11:25 PM

    The sm_authreason header is available ONLY post authentication. It is not available after OnAuthReject.