Web Agent Guides › Web Agent Configuration Guide › Web Application Protection › SiteMinder Default HTTP Headers › Published Custom Modules Information › Set the HTTP Header Encoding Spec

Set the HTTP Header Encoding Spec

The HTTPHeaderEncodingSpec setting affects the encoding of all HTTP header values and all custom HTTP-COOKIE responses.

Use this parameter to support Web applications expecting localized text in specific encodings. Since cookies pass back and forth between the browser and portal through the HTTP protocol, you should use the RFC-2047 HTTPWrapSpec if your chosen encoding puts characters that HTTP traffic considers illegal into the cookies.

For example, some Shift-JIS characters will cause undesirable results if not further encoded by RFC-2047.

For Kanji characters, you can use SECP932, which is a superset of SHIFT-JIS. Though SHIFT-JIS can be used for most Kanji encoding and decoding, CP932 covers an even larger character set.

When HTTPWrapSpec is used, first the data is encoded according to the HTTPHeaderEncodingSpec, then the data is further encoded following the RFC-2047 specification.

The syntax for the parameter is:

encoding_spec, wrapping_spec

The encoding_spec is a text string that represents one of the following encoding types: UTF-8, Shift-JIS, EUC-J, or ISO-2022 JP. Specify the encoding type you want the Agent to use.

The wrapping_spec is the wrapping specification, which must be RFC-2047. Although this variable is optional, we strongly recommend that you include the wrapping specification because the encoding type you choose may generate byte codes that are not compatible with the HTTP protocol.

This is especially true if you use custom HTTP Cookie responses that contain double-byte encoded data. For example, some Shift-JIS characters cause undesirable results if they are not further encoded by RFC-2047. The wrapping also tells the receiving application the type and nature of the encoding so the application can better interpret the encoded text. For example, you may set the parameter to Shift-JIS,RFC-2047.

When RFC-2047 is used, the Agent first encodes the data based on the chosen encoding specification and then further encodes the data following the RFC-2047 specification.

Note: If you leave the HTTPHeaderEncodingSpec setting blank, the default is UTF-8 with no wrapping.

Disable Conformance to RFC 2047

By default, the Web Agent conforms to RFC 2047. However, you can disable this conformance by setting the ConformToRFC2047 parameter to no.

If this parameter does not exist or is set to yes, the Web Agent conforms to RFC 2047.

Use Lower Case HTTP in Headers (for Oracle iPlanet, Apache, and Domino web servers)

If you have server applications that are case-sensitive, you can specify the case of the Agent’s HTTP headers. The Web Agent defaults to lower case headers.

For example, Oracle iPlanet web servers, by default, provide the HTTP header variables in lower-case, such as http_sm_user.

Note: IIS Web Agents do not benefit from this feature, because IIS forces all headers to an upper case format.

To use lower case headers, set the LowerCaseHTTP parameter to yes. If you require upper-case header variables, set LowerCaseHTTP to no.

More information:

Record the Transaction ID in Oracle iPlanet Web Server Logs

Enable Legacy Variables for HTTP Headers

You can specify which naming convention the Web Agent uses for HTTP headers with the following parameter:

LegacyVariables

Specifies if the Web Agent uses underscores in HTTP header names. With some web servers (such as the Sun Java System), using the underscore character in the HTTP headers causes problems with some applications.

When this parameter is set to no, the HTTP headers will not have underscores, as shown in the following example:

SMHeaderName

When this parameter is set to yes, the HTTP headers will use underscores, as shown in the following example:

SM_HeaderName

Default: (traditional agents) Yes

Default: (framework agents) No

To enable legacy variables and have the Web Agent use underscores in the HTTP header names, set value of the LegacyVariables parameter to yes.

Disable Default HTTP Header Variables

Many system platforms have an HTTP header limit of 4096 bytes. To avoid exceeding this limit and to allow space for custom response variables, you can disable some of SiteMinder’s default HTTP header variables.

The default variables are grouped into the following categories:

Note: You cannot disable individual variables. You can only disable a category of several variables.

• Authentication source variables
  • SM_AUTHDIRNAME
  • SM_AUTHDIRSERVER
  • SM_AUTHDIRNAMESPACE
  • SM_AUTHDIROID
• User Session variables
  • SM_SERVERSESSIONID
  • SM_SERVERSESSIONSPEC
  • SM_SERVERIDENTITYSPEC
  • SM_SESSIONDRIFT
  • SM_TIMETOEXPIRE
• User Name variables
  • SM_USER
  • SM_USERDN
  • SM_DOMINOCN

To disable the default use of HTTP header variables do any of the following tasks:

• To disable authentication source variables, set the value of the DisableAuthSrcVars parameter to yes.
• To disable user session variables, set the value of the DisableSessionVars parameter to yes.

  Default: No

• To disable user name variables, set the value of the DisableUserNameVars parameter to yes.

  Note: If you are using CA Identity Manager, or any application that might use the variables in this category, ensure the value of this parameter is set to no (enabled).