Symantec Access Management

Hello All,

we protected an application with Siteminder. But we want to pass an additional attribute called SM_USERLASTLOGINTIME as a response attribute over HTTP header variables. As I am reading CA documentation only OnAuthAccept method over the Authentication events is having a capability to pass this attribute as a header and it is also having Environment dependencies like password services and User must login with CA SingleSignon onetime.

On our environment we are implementing the password services as smpwservices.fcc (Basic ?) and we are on 12.0 SP3 CR09 policy server version. If someone implement this response attribute in their environment, please let me now what are the steps that i need to do to implement it.

Thank you,

Naveen

Yes, steps are as documented but let me summarize it anyway.

1. Ensure that password policy is enabled on the directory and authentication schme. Enable user login tracking in password policy.

Basically unless this done, the LastLogintTime will not be tracked in the password blob.

2. Create HTTP response header and configure it to return above default siteminder header.

3. Ties the respone header with either OnAuthAccept or OnAccessAccept rules.

4. Tie the rule to the policy.

5. Test the return header on the webserver side by dumping all server HTTP headers. It will not be available in Fiddler.

Thank you shrestha. Now we are able to get the SM_USERLASTLOGINTIME over the Http headers and we are using onAuthAccept Event over the Rules to pass  this attribute over the response variables.

Regards,

Naveen

Glad it worked. Please mark the answer as correct to close this thread if your issue has been resolved.

Hi Ujwol ,

when i traverse from application A to application B , which will be the lastlogintime will be ? when i logged into application A or Application B's SmSession generated time?