AcceptTpCookie

yes or no

Configures the SiteMinder IA to assert identities from third-party SiteMinder session cookies generated using the SiteMinder SDK. For details, see "Enabling Single Sign-On" in the Agent API chapter of:

• CA SiteMinder Programming Guide for C
• CA SiteMinder Programming Guide for Java

Default is NO.

Note: If you configure the SiteMinder IA to accept third-party SiteMinder session cookies, also configure the SiteMinder Login Module to accept them so that it can assert WebSphere propagation tokens in situations when WebSphere must reestablish Subjects created by the SiteMinder IA.

ChallengeForCredentials

yes or no

Specifies whether the SiteMinder IA challenges for credentials.

Default is NO.

AssertionAuthResource

String

If you are configuring the IA to not challenge requests for credentials, this value must match the value specified for the resource filter in the realm that you create for non-challenged requests. For example:

assertionauthresource=/sitemindertai

CookieDomain

String

Name of the cookie domain. For example:

cookiedomain="ca.com"

No default value.

See also the cookiedomainscope parameter.

CookieDomainScope

Number

If specified, further defines the cookie domain for assertion of SiteMinder session cookies by the SiteMinder TAI. The scope determines the number of sections, separated by periods, that make up the domain name. A domain always begins with a period (.) character. For example:

cookiedomainscope="2"

Default is 0, which takes the domain name specified in the cookiedomain parameter.

EncryptAgentName

yes or no

Specifies whether the agent name is encrypted when redirecting to the SiteMinder Web Agent for SiteMinder IA credential collection. Must match the value of the same parameter on the Web Agent responsible for advanced authentication.

Default is NO.

FccCompatMode

no

Specifies whether to handle backward compatibility of forms credential collection, which the SiteMinder IA does not support. Therefore set this parameter to NO for both the SiteMinder IA and the Web Agent responsible for advanced authentication. For example:

fcccompatmode="NO"

IgnoreQueryData

yes or no

Specifies whether the SiteMinder Agent will cache the entire URL (including the query strings) and send the entire URI to the Policy Server for rule processing. Must match the value of the same parameter on the Web Agent responsible for advanced authentication.

Default is NO.

LegacyEncoding

no

Specifies whether to replace any dollar sign ($) characters in legacy URLs with a hyphen (-), which the SiteMinder IA does not support. Therefore set this parameter to NO for both the SiteMinder IA and the Web Agent responsible for advanced authentication. For example:

legacyencoding="NO"

PersistentCookies

yes or no

Specifies whether the agent allows single sign-on for multiple browser sessions. When PersistentCookies is enabled, users who authenticate during one browser session will retain single sign-on capabilities for subsequent browser sessions.

Default is NO.

ServerErrorFile

String

Specifies a page to redirect a request to if a processing error is encountered. This can either be an HTTP or local file system resource. For example:

servererrorfile="http://server.ca.com:88/errorpage.html"

If this setting is not configured, a default message is output to the response when the IA encounters an error. The default message is "SiteMinder Agent encountered an error while handling request. Please ask the administrator to look for messages in the agent log to check for the cause."