Symantec Access Management

  • Private Community

  • 1.  Skip CookieProvider redirect based on XMLHttpRequest

    Posted Nov 04, 2014 03:40 PM

    Could the WebAgent skip redirects to the CookieProvider by inspecting the XMLHttpRequest header?  We have several applications making large numbers of AJAX calls (jQuery and other API's) that fail when the agent responds with a 302 redirect to the cookieprovider.  We have had mixed results using the OverLookSession* parameters in the ACO, and the WebAppClientResponse configuration is not realistic in our environment.  It seems like inspecting this header would be an easy way to ignore session updates since all AJAX calls set the header.

     

    -Jeff



  • 2.  Re: Skip CookieProvider redirect based on XMLHttpRequest
    Best Answer

    Posted Nov 04, 2014 06:10 PM

    Hi Jeffrey,

     

    Unfortunately No.

    As of now , Web Agent has no option to skip redirection to the cookie provider based on the XMLHttpRequest header.

    I think that is primarily because it is still not a standard methodology for Ajax data transfers.

    It is still possible to implement Ajax without even using the XMLHttpRequest.

     

    e.g http://www.hotscripts.com/blog/ajax-php-xmlhttprequest-object/

    Ajax Data Transfer Methods - XMLHttpRequest Alternatives

     

    Currently SiteMinder supports only following configuration to exclude requests from cookie provider redirection:

    .

    • OverlookSessionForMethods
    • OverlookSessionForMethodsUri
    • OverlookSessionForUrls
    • OverlookSessionAsPattern

     

    However, all this said, I think it would still be good idea to have a feature to ignore request based on request headers - XMLHttpRequest being one of them.

     

    Do you mind putting this idea in our idea group or else I will create one for you :

     

    https://communities.ca.com/groups/ca-single-sign-on-and-authentication-ideas

     

    Cheers,

    Ujwol