Retrieve user id from Siteminder smsession

user1860832 picture user1860832 · Dec 6, 2012 · Viewed 12.3k times · Source

Our system is a gateway interacting with Siteminder for authentication and connecting to back end systems. Siteminder is returning SMSESSION and SMIDENTITY in the header. How to retrieve the userid from SMSESSION. The format is as below: SMSESSION=dQtTYNjolqkVPoblyV2iUYzlaffxweO7jwHdbC8R8HCRzyuR2E6we22hBEdfOquw4Wx4V2Ly6tuTq7DctZXBpiUVOqYr1htSKExdDauUYD0Eh+jmdw9yBSSjkUm/nlDd6iFizN2zeyBAGda7jgHbyvKCB0T54ZrFFEMTd1jdJfiOJS0q6c

I have tried to take the encoded string manually and decode it but its not getting me the user id. How to get the userid from SMSESSION?

Thanks,

Answer

0leg picture 0leg · Jan 3, 2013

I believe SMSESSION cookie is encrypted by the agent, you won't be able to do much with it. You'll have to work with the external SiteMinder support team to ask them to add the SM_USER or other headers. It is a part of SiteMinder configuration.