Symantec Access Management

I have my application running in nodejs server and I am now trying to integrate SiteMinder SSO to secure our application. Since there is no webagent for nodeserver, I am introducing an apache http server before node server. I installed and configured the siteminder webagent in apache http server.
In apache server (document root folder) I have an index.html page which will just redirect the request to the node js root page ('/').

When I get a request in apache, siteminder webagent throws the SSO login page and after entering the valid credential, SSO will pull up the index.html page. Now the redirection will trigger and It ends up in the root page of node js. In this point I need to access the SM http header values from the nodejs application.

But I am not able to access the http header values in both node js and apache index.html.

My index.html page looks like:

<html>
<head>
<script>
var request = new XMLHttpRequest();
request.open('GET', document.location, false);
request.send(null);
var headers = request.getAllResponseHeaders();
console.log(headers);
</script>
<meta http-equiv="refresh" content="0; URL='http://<nodeserver_hostname>:8000/'" />
</head>
<body>
<h1>It works!</h1>
</body>
</html>

Also in Node js:

var request1 = require('request');

app.get('/', (request, response, next) => {

logger.info('Loading route map')

request1("http://<hostname>", {method: 'HEAD'}, function (err, res, body){
logger.info(res.headers);
logger.info(res);
});
})

var headers = request.getAllResponseHeaders();   is for the response header such as  content-encoding, date, content-length ….

The SM headers are server headers and will not be returned with this method

If Apache is 2.4 then they would need to set LegacyVariable=no.  Apache 2.4 doesn’t allow underscores in the header variables.  All SSO variables are SM_<variable>

As Jose said, CA SSO headers are all server side headers.

For the Apache, you can use some perl script to read server headers.

For node/angular you need to configure them to invoke it on server, an example is discussed here:

https://stackoverflow.com/questions/46454410/angular-4-siteminder-http-headers-issue

Hi guys thanks for the response.

I am able to read the SSO header now with a simple php code in apache.
<?php
$email = $_SERVER["HTTP_EMAIL"];
?>
So now I am able to login to Node Js server.

But now I am facing another issue.
I have both apache http server with siteminder web-agent and NodeJS as web servers. Our webapplication is deployed in NodeJS. When we get a request in apache, It will authenticate and invoke the NodeJS application home page. Now for all subsequent requests, like API called to back end are not secured with SSO/Siteminder, Since siteminder plugin is installed in apache server and our request is now redirected to node JS.

In such situation how can we secure NodeJS server also with Siteminder SSO?

Appreciate for the support.

Hi Ajay,

Did you manage to get Apache http server with SitemInder web agent & Node JS combination working? How are you passing the headers from apache to Node JS?

We're into similar situation and appreciate your help.