Symantec Access Management

  • Private Community

  • 1.  SMSAMLDATA cookie

    Posted May 25, 2015 03:06 AM

    HI,

    What is SMSAMLDATA cookie and what it stores? This cookie is getting set in the browser every time I login using Federation.



  • 2.  Re: SMSAMLDATA cookie

    Posted May 25, 2015 09:18 AM

    From FWSTrace log I found that SPS is setting this SAMLDATA cookie with all the Attributes it received in Assertion. But it's hard to understand why it is setting this cookie and it's use?



  • 3.  Re: SMSAMLDATA cookie

    Posted May 27, 2015 02:34 AM

    Hi Venga,

    Are you using Cloudminder or normal Federation (partnership, legacy)?
    I don't have complete details but found some information that

    SMSAMLDATA is used by Siteminder for HTTP header support.  It uses the Web Agent SESSION cookie encryption keys to encrypt the data. This cookie is basically reserve to use by Siteminder

     

    Does it affect your application?

     

    Regards,

    Kar Meng



  • 4.  Re: SMSAMLDATA cookie

    Posted Oct 07, 2016 05:45 PM

    i had same issue, i created a federation partnership using oAuth 2.0 as HTTP Headers. i see SMSAMLDATA cookie generated but i dont see the token in headers



  • 5.  Re: SMSAMLDATA cookie

    Posted Oct 11, 2016 05:44 PM

    i configured oAuth 2.0 using siteminder partnership model with anonymous user and Redirect Mode as "HTTP Headers". when i test i see SMSAMLDATA cookie is set and fwstrace log shows the facebook user attributes "https://graph.facebook.com/me?fields=id,name,first_name,last_name,email " based this query but i don't see any HTTP headers. do you know why ?



  • 6.  Re: SMSAMLDATA cookie

    Posted Oct 12, 2016 02:17 AM

    Hi,

     

    Try to enable the SAMLDATA plugin in the webagent conf file of SPS. This will enable SPS to send the HTTP headers from SAMLDATA

     

    Thanks,

     

    Venga



  • 7.  Re: SMSAMLDATA cookie

    Posted Oct 12, 2016 09:09 AM

    Venga,

     

    Do you know the file name ?

     

    I enabled oauthplugin is that the same you are referring to



  • 8.  Re: SMSAMLDATA cookie
    Best Answer

    Posted Nov 13, 2016 10:37 PM

    Hi @Manjunath Mudigonda

     

    For SPS/ Web Agent to send the HTTP header, you will need to enable SAMLDataPlugin.dll (SAMLDataPlugin.so in unix) in the WebAgent.conf file.

     

    This has been mentioned in the doco as well :

     

    Using HTTP Headers to Pass Assertion Data (SAML only)

    Configure HTTP Headers to Pass Assertion Data (SAML only)

    CA SiteMinder® can pass assertion data using HTTP headers.

    Follow these steps:

    1. Verify that the CA SiteMinder® web agent is installed on the relying party system that is handling federation traffic.
    2. Navigate to web_agent_home/conf and modify the WebAgent.conf file. Uncomment the following entry so it appears as follows:
      Windows

      LoadPlugin="path\SAMLDataPlugin.dll"

      UNIX

      LoadPlugin="path/SAMLDataPlugin.so"

    3. (Optional but recommended) Add the setting fedheaderprefix setting to the appropriate Agent Configuration Object for the web agent. Enter any string as a prefix.

      The fedheaderprefix setting specifies a global prefix that CA SiteMinder® adds to HTTP headers. Setting a prefix protects HTTP headers against manipulation by an unauthorized user before the CA SiteMinder® consumes an assertion. As a result, only legitimate headers get passed to the target application. Read more about protecting HTTP headers.

    4. Do one of the following tasks in the Application Integration step of the partnership wizard:
      • Select HTTP Headers as the Redirect Mode for the target application.
      • Select HTTP Headers as the Delivery Option for user provisioning.

    HTTP headers are now configured to pass attribute data.