CA Single Sign-On Tech Tip by Sau Lai Wong, Senior Support Engineer for 22nd June 2016
The REMOTE_USER HTTP header value is set to null as user accessed the protected resources from backend Weblogic server. Web Agent is installed on the frontend SunOne webserver.
Siteminder response is invoked accordingly but the header dump page shows REMOTE_USER HTTP header is associated with null value.
== Settings ==
- SetRemoteUser = Yes
- RemoteUserVar = REMOTE_USER
Web Agent response attribute type -- WebAgent-HTTP-Header-Variable associate it with an OnAuthAccept rule.
Webserver: SunOne 6.1 with Weblogic 9.2 SP2 plugin
Webagent: 6QMR5 HF21
Weblogic returns "null" in response to getRemoteUser() call to guard against a security vulnerability – identity spoofing.
Start Weblogic with the following run time argument:
Important Note: Please be informed that by enabling this feature, the system would be vulnerable to the REMOTE_USER HTTP header spoofing.