Web Agent Guides › Web Agent Configuration Guide › Protecting Web Applications › SiteMinder Default HTTP Headers

SiteMinder Default HTTP Headers

SiteMinder default HTTP headers instruct applications how to collect user data and apply that information to display personalized content for each user.

As part of the Web application environment, the SiteMinder Agent submits default HTTP headers to the web server, and the web server makes them available for Web applications. You can use these headers to include functions and enable your Web applications to personalize content. Headers can store information such as a user’s name and the type of action a user is authorized to perform.

The Agent sends these headers regardless of whether or not they are called from a Web application; however, you can disable some of these headers so that they do not use up header space.

The following SiteMinder default HTTP headers are available for Web Agents:

HTTP_SM_AUTHDIRNAME

Indicates the name of the directory against which the Policy Server authenticates the user. The administrator specifies this directory with the Administrative UI.

HTTP_SM_AUTHDIRNAMESPACE

Identifies the directory namespace against which the Policy Server authenticates the user. The administrator specifies this namespace with the Administrative UI.

HTTP_SM_AUTHDIROID

Indicates the directory object identifier (OID) from the Policy Server database.

HTTP_SM_AUTHDIRSERVER

Indicates the directory server against which the Policy Server authenticates the user. The administrator specifies this directory server with the Administrative UI.

HTTP_SM_AUTHREASON

Indicates the code the Web Agent returns to the user after a failed authentication attempt or secondary authentication challenge.

HTTP_SM_AUTHTYPE

Indicates the type of authentication scheme the Policy Server uses to verify the user’s identity.

HTTP_SM_DOMINOCN

Identifies the user’s Domino canonical name if a Domino LDAP directory is used to authenticate users.

Example: HTTP_SM_DOMINOCN="CN=jsmith/O=netegrity."

HTTP_SM_REALM

Indicates the SiteMinder realm in which the resource exists.

HTTP_SM_REALMOID

Indicates the realm object ID that identifies the realm where the resource exists. This ID is may be used by third party applications to make calls to the Policy Server.

HTTP_SM_SDOMAIN

Indicates the Agent’s local cookie domain.

HTTP_SM_SERVERIDENTITYSPEC

Indicates the Policy Server identity ticket that keeps track of the user identity. The Web Agent uses this to access content protected by anonymous authentication schemes so that it can personalize the content for the user.

HTTP_SM_SERVERSESSIONID

Indicates a unique string that identifies a user session.

HTTP_SM_SERVERSESSIONSPEC

Indicates the ticket that contains user session information. Only the Policy Server knows how to decode this information.

HTTP_SM_SESSIONDRIFT

Indicates the amount of time the Web Agent can keep a session active using the information in its cache before validating the session with the Policy Server. The session server at the Policy Server must be enabled and a session validation period must be configured for this header to be set.

HTTP_SM_TIMETOEXPIRE

Indicates the amount of time remaining for a SiteMinder session.

HTTP_SM_TRANSACTIONID

Indicates the agent-generated unique ID for each user request.

HTTP_SM_UNIVERSALID

Identifies the Policy Server-generated universal user ID. This ID is specific to the customer and identifies the user to the application, but it is not the same as the user login.

HTTP_SM_USER

Indicates the login name of the authenticated user. If a user does not provide a user name at log in, such as certificate-based authentication, then this variable is not set.

HTTP_SM_USERDN

Identifies an authenticated user’s distinguished name as determined by the Policy Server.

For anonymous authentication schemes, this returns a Globally Unique Identifier (GUID).

HTTP_SM_USERMSG

Identifies the text that the Agent presents to the user after an authentication attempt. Some authentication schemes supply challenge text or a reason why an authentication has failed.

More Information

Disable Default HTTP Header Variables

Disable Default HTTP Header Variables

Many system platforms have an HTTP header limit of 4096 bytes. To avoid exceeding this limit and to allow space for custom response variables, you can disable some of SiteMinder’s default HTTP header variables.

The default variables are grouped into the following categories:

Note: You cannot disable individual variables. You can only disable a category of several variables.

• Authentication source variables
  • SM_AUTHDIRNAME
  • SM_AUTHDIRSERVER
  • SM_AUTHDIRNAMESPACE
  • SM_AUTHDIROID
• User Session variables
  • SM_SERVERSESSIONID
  • SM_SERVERSESSIONSPEC
  • SM_SERVERIDENTITYSPEC
  • SM_SESSIONDRIFT
  • SM_TIMETOEXPIRE
• User Name variables
  • SM_USER
  • SM_USERDN
  • SM_DOMINOCN

To disable the default use of HTTP header variables do any of the following tasks:

• To disable authentication source variables, set the value of the DisableAuthSrcVars parameter to yes.
• To disable user session variables, set the value of the DisableSessionVars parameter to yes.

  Default: No

• To disable user name variables, set the value of the DisableUserNameVars parameter to yes.

  Note: If you are using SiteMinder, or any application that might use the variables in this category, ensure the value of this parameter is set to no (enabled).