We have a scenario where Siteminder agent is doing Silent Basic Authentication where App1 is a calling system and App2 is where SM Agent is doing basic authentication.
The calling system(App1) sends cookie "SMCHALLENGE = "YES" and header "AUTHORIZATION : Basic <user base 64 encoded credentials>" to App2 having SM Agent.
Silent Authentication works fine. Once user credentials are processed, SMCHALLENGE cookie is deleted by SM Agent on App2.
But AUTHORIZATION header still remains i.e., not deleted by SM Agent and this header gets fwd further to backend app server from App2.
Is there any way to suppress "AUTHORIZATION" header by SM Agent , so that it does not reach to back end app server?