AnsweredAssumed Answered

Can HTTP_AUTHORIZATION Header be suppressed at Siteminder end.

Question asked by GoyalNeha on Apr 22, 2016
Latest reply on Apr 26, 2016 by Patrick-Dussault

Hi There,


We have a scenario where Siteminder agent is doing Silent Basic Authentication where App1 is a calling system and App2 is where SM Agent is doing basic authentication.

The calling system(App1) sends cookie "SMCHALLENGE = "YES" and header "AUTHORIZATION : Basic <user base 64 encoded credentials>" to  App2 having SM Agent.

Silent Authentication works fine. Once user credentials are processed, SMCHALLENGE cookie is deleted by SM Agent on App2.

But AUTHORIZATION header still remains i.e., not deleted by SM Agent and this header gets fwd further to backend app server from App2.

Is there any way to suppress "AUTHORIZATION" header by SM Agent , so that it does not reach to back end app server?