AcceptTpCookie

yes or no

Configures the SiteMinder TAI to assert identities from third-party SiteMinder session cookies generated using the SiteMinder SDK. For details, see "Enabling Single Sign-On" in the Agent API chapter of:

• CA SiteMinder Programming Guide for C
• CA SiteMinder Programming Guide for Java

Default is NO.

Note: If you configure the SiteMinder TAI to accept third-party SiteMinder session cookies, also configure the SiteMinder Login Module to accept them so that it can assert WebSphere propagation tokens in situations when WebSphere must reestablish Subjects created by the SiteMinder TAI.

ChallengeForCredentials

yes or no

Specifies whether the SiteMinder TAI should challenge for credentials.

Default is NO.

AssertionAuthResource

String

If you are configuring the TAI to not challenge requests for credentials, this value must match the value specified for the resource filter in the realm that you create for non-challenged requests. For example:

assertionauthresource=/sitemindertai

CookieDomain

String

Name of the cookie domain. For example:

cookiedomain="ca.com"

No default value.

See also the cookiedomainscope parameter.

CookieDomainScope

Number

If specified, further defines the cookie domain for assertion of SiteMinder session cookies by the SiteMinder TAI. The scope determines the number of sections, separated by periods, that make up the domain name. A domain always begins with a period (.) character. For example:

cookiedomainscope="2"

Default is 0, which takes the domain name specified in the cookiedomain parameter.

EncryptAgentName

yes or no

Specifies whether the agent name should be encrypted when redirecting to the SiteMinder Web Agent for SiteMinder TAI credential collection.

Default is NO.

FccCompatMode

yes or no

Specifies whether to handle backward compatibility of forms credential collection, which the SiteMinder TAI does not support. You must therefore set this parameter to NO for both the SiteMinder TAI and the Web Agent:

fcccompatmode="NO"

PersistentCookies

yes or no

Specifies whether the agent allows single sign-on for multiple browser sessions. When this is enabled, users who authenticate during one browser session will retain single sign-on capabilities for subsequent browser sessions.

Default is NO.

PrevalidateCookie

(TAI)

yes or no

Specifies whether the SiteMinder TAI (when configured not to challenge requests for credentials) validates that the SiteMinder session ticket is valid (not corrupt, expired, can be decrypted, and so on). If the session ticket is good, the SiteMinder TAI then processes the request. If the session ticket is not valid, The SiteMinder TAI returns FALSE and does not process the request. For example:

PrevalidateCookie=YES

This parameter is ignored if ChallengeForCredentials=YES or if there is no SiteMinder session ticket in a request.

Default is NO.

ServerErrorFile

String

Specifies a page to redirect a request to if a processing error is encountered. This can either be an HTTP or local file system resource. For example:

servererrorfile="http://server.ca.com:88/errorpage.html"

If this setting is not configured, a default message is output to the response when the TAI encounters an error. The default message is "SiteMinder Agent encountered an error while handling request. Please ask the administrator to look for messages in the server's agent log to check for the cause."