Using SMSESSION Cookie with HTTP Security Policy

Learn how to authenticate a web service request with CA-SiteMinder using an SMSESSION cookie with an HTTP Security Policy.

Using Admin Console CA SiteMinder Use Cases

Integrate CA SiteMinder with Policy Manager (Main Topic)


When a user in SiteMinder protected realm is authenticated, a cookie called SMSESSION is generated. This use case will test authentication of this SMSESSION cookie using HTTP Security Policy. To generate the SMSESSION cookie, we will first use Basic Authentication.

Step 1: Confirm SiteMinder Administrative Settings

  1. Confirm that the SiteMinder Agent Configuration Object in the CA SiteMinder Administrative UI has a parameter called "AcceptTPCookie" with the value "yes."

Step 2: Configure CA SiteMinder Identity System

  1. Configure a CA SiteMinder Identity System. This step should have been completed as part of the initial configuration. See Configure CA SiteMinder Identity System in Policy Manager 7.x. for more information. Configuration of the Login Process Options screen and Identity System integration is not required.

Step 3: Create Virtual Services

  1. Create a Virtual Service (VS1) then virtualize this Virtual Service again (VS2). Host each Virtual Service on a separate Network Director (ND).

Step 4: Create Policies

In the Policies folder, use Add Policy to create the following policy configurations for VS1 and VS2.

  1. Create an HTTP Security Policy with Basic Authentication, and a Response Cookie called "SMSESSION."

  2. Create an HTTP Security Policy with Cookie Authentication.

Step 5: Attach Policies

  1. Attach the HTTP Security Policy with Basic Authentication to VS1.

  2. Attach the HTTP Security Policy with Cookie Authentication to VS2.

Step 6: Enable Preserve Transport Headers

  1. On the Service Details page of VS1 select Configure Message Processing in the Actions Portlet. Set Preserve Transport Headers to All to preserve this cookie header downstream.

Step 7: Test Configuration

  1. Send requests to VS1 and VS2 and view the usage data in the Services > Monitoring section.

back to top