Web Agent Guides › Web Agent Configuration Guide › Single Sign-On (SSO) › How to Configure Single Sign-On › Require Cookies for Basic Authentication

Require Cookies for Basic Authentication

You can control whether or not SiteMinder requires cookies with the following parameter:

• RequireCookies

  Specifies whether SiteMinder requires cookies. SiteMinder uses cookies to do the following:

  • Secure a single sign-on environment
  • Track session timeouts
  • Track idle time-outs.

  Important! If you configure the Web Agent to require cookies, a user's Web browser must accept HTTP cookies. If the browser does not, the user receives an error message from the Agent denying the user access to all protected resources.

  Default: Yes

RequireCookies is a special setting that is useful only if basic authentication was set during the Policy Server configuration. This setting instructs the agent to require either an SMSESSION or an SMCHALLENGE cookie in order to successfully process HTTP requests, including basic Authorization headers.

If the Web Agent does not require cookies, but the user's Web browser is accepting cookies, the Web Agent functions normally; however, the user may be challenged for credentials unexpectedly and the Web Agent may not strictly enforce time-outs.

To require cookies, set the RequireCookies parameter to yes.