Question:
I'm running ASA Agent for WebLogic. I'm aware that the ACO Parameters
SSOZoneName and SSOTrustedZone aren't supported for this Agent. But
from my reading, it seems I could modify the SMSESSION cookie prefix
using the "SM_SSO_ZONE_NAME" JVM parameters. But how can I set this
one on WebLogic ?
Environment:
ASA Agent 12.0 for WebLogic
Answer:
The SM_SSO_ZONE_NAME can be changed by setting a Java System Property
in the WebLogic startup script. The value of the property is prefixed
to Session to form the cookie name. To change the SM_SSO_ZONE_NAME
you will need to Delete the provider then restore it after rebooting
WebLogic:
1. Log in to the WebLogic Console;
2. On the left panel, click on Security Realms, then select the realm;
3. Click on Providers tab, then click on SMIdentityAsserter;
4. Go to Provider Specific and record User Name Mapper Attribute
string, and SMIdentity Asserter Config File name, for use when you
restore the provider;
5. Go back to Providers tab, select SMIdentityAsserter, then click
"Delete" and save it;
6. Shutdown WebLogic server and edit the WebLogic start script. Add
JVM option -DSM_SSO_ZONE_NAME=XY;
7. Now start WebLogic and login to the Console;
8. On the left panel, click on Security Realms, then select the realm;
9. Click on Providers tab, click new;
a. In the Name, give SMIdentityAsserter;
b. In Type drop down list, choose SiteMinderIdentityAsserter. Then
click OK;
c. In Common tab, click on >> button, then both XYSESSION and X.509
would be moved to the right list;
d. Click on Provider Specific tab, fill User Name Mapper Attribute
string and SMIdentity Asserter Config File with previously recorded
value.
KB : TEC1597376