Using SMSESSION Cookie with HTTP Security Policy (Intermediary for Microsoft)

Learn how to authenticate a web service request with CA-SiteMinder using an SMSESSION cookie with an HTTP Security Policy.

Using Admin Console CA SiteMinder Use Cases

Integrate CA SiteMinder with Policy Manager (Main Topic)


When a user in SiteMinder protected realm is authenticated, a cookie called SMSESSION is generated. This use case will test authentication of this SMSESSION cookie using HTTP Security Policy. To generate the SMSESSION cookie, we will first use Basic Authentication.

Step 1: Confirm SiteMinder Administrative Settings

  1. Confirm that the SiteMinder Agent Configuration Object in the CA SiteMinder Administrative UI has a parameter called "AcceptTPCookie" with the value "yes."

Step 2: Configure CA SiteMinder Identity System

  1. Configure a CA SiteMinder Identity System. This step should have been completed as part of the initial configuration. See Configure CA SiteMinder Identity System in Policy Manager 7.x. for more information. Configuration of the Login Process Options screen and Identity System integration is not required.

Step 3: Create Virtual Service

  1. Create a Virtual Service (VS1). Host a Virtual Service on Intermediary for Microsoft (IMS) container

Step 4: Create Policies

In the Policies folder, use Add Policy to create the following policy configurations for VS1.

  1. Create an HTTP Security Policy SiteMinder Cookie Authentication. Specify Cookie Name as "SMSESSION" on the Cookie Authentication Options screen.


  2. Create an Authentication Policy with the CA SiteMinder Domain and Subject-Category Consumer selected.

Step 5: Attach Policies

  1. Attach Detailed Auditing, Authentication, and HTTP Security Policy SiteMinder Cookie Authentication policies to VS1.

Step 6: Test Configuration

  1. Send requests to VS1 and view the usage data in Services > Monitoring section.

back to top