Previous Topic: Access Roles in SiteMinder

Next Topic: How to Enable Access Roles in SiteMinder

SiteMinder-Generated Response Attributes

Identity Manager passes entitlement information to applications through SiteMinder Web Agent responses. These responses contain HTTP header variables in response attributes, which can be used by the application to determine a user’s access privileges. Responses are included in SiteMinder policies, which determine how users interact with a protected resource.

SiteMinder administrators can configure a response that includes two types of response attributes to pass information to an application:

The application ID limits the requested set of roles and tasks to a specific application. For example, if you create the following response attribute:

SM_USER_APPLICATION_ROLES:Finance_application

SiteMinder returns the roles that have tasks in the Finance application to the Web Agent, which then passes the information to the Finance application.

Note: The application id you supply should match an application id you supplied when you used Create Access Task in Identity Manager. If you have not yet created the task, the application ID can be any name that you choose, but it cannot contain any spaces or non-alphanumeric characters.

You can specify multiple application IDs in a comma-delimited list to return the set of roles and tasks from multiple applications in a single response attribute. For example, to return the list of roles that a user has in the Finance and Purchasing applications specify the following:

SM_USER_APPLICATION_ROLES:Finance, Purchasing