Scenario Guide › Scenario Overview › Using CA SiteMinder to Support the Single Sign-On › How to Use Single Sign-On (SSO) with CA SiteMinder › (Optional) SSO HTTP Response Headers

(Optional) SSO HTTP Response Headers

HTTP response headers are components of those HTTP message header fields that define the HTTP transaction operating parameters. The CA GovernanceMinder server maintains a configuration file (eurekify.cfg) that contains the CA GovernanceMinder Portal user accounts. You configure the CA SiteMinder response policy to return the user information that corresponds to the UserID field in this configuration file as follows:

• The UserID field can contain the user name, for example:

  Javier.Torres
  

  In this example, the CA SiteMinder response policy returns the user name as an HTTP header variable. You can use the standard, predefined sm_user CA SiteMinder WebAgent-HTTP header variable attribute.

• The UserID field can contain the domain and username, for example:

  GMusersDb\Javier.Torres
  

  In this example, the CA SiteMinder response policy returns both the domain and the username as HTTP header variables. Define a custom attribute, in one of the following ways:

  • Use the standard sm_user attribute for the username, and define a custom attribute for the domain.
  • Define a custom attribute that contains the entire domain\username value.

CA GovernanceMinder uses the following system properties to parse the returned HTTP header for returned attributes. These values must match the attribute labels that CA SiteMinder inserts in the HTTP header:

sage.security.siteminder.username.attribute

Defines the attribute label in the returned HTTP header that contains the username or the value of the UserID field. The field defined in this property must be present in the HTTP header.

Default: sm_user

Note: This attribute is case-sensitive. Restart the system if you change the default setting.

sage.security.siteminder.domain.attribute

Defines the label of the attribute in the returned HTTP header that contains the user domain.

Default: rcm_domain.

Example: Domain and User Name in Separate Attributes

Consider the following UserID field in the CA GovernanceMinder user configuration file:

RCMusersDb\Javier.Torres

The returned HTTP header can specify this user using two attributes, with the following values:

sm_user="Javier.Torres" rcm_domain="RCMusersDb"

sm_user is a standard CA SiteMinder attribute, but you define the rcm_domain attribute for the return policy.

To parse this header, both of the following CA GovernanceMinder system properties must be set to the default values:

• sage.security.CA SiteMinder.username.attribute=sm_user
• sage.security.CA SiteMinder.domain.attribute=rcm_domain

Example: Domain and Username in One Attribute

Consider the following UserID field in the CA GovernanceMinder user configuration file:

RCMusersDb\Javier.Torres

The returned HTTP header can specify this user using one attribute, with the following value:

rcm_userIDstring="RCMusersDb"

This attribute is not standard, and you define it for the return policy.

To parse this header, you only set the following CA GovernanceMinder system property:

• sage.security.CA SiteMinder.username.attribute=rcm_userIDstring

Note: Not all environments include the domain name in the UserID field, but the username is always present. For this reason, CA GovernanceMinder always uses the .username. system property to parse the HTTP header, but the .domain. system property is optional.