How To Edit SM_USER HTTP Header SiteMinder


SM_USER is the header set by siteminder on successful authentication though which application decides on whether to allow the user to login or reject the login request.
In our scenario the even after successful authentication at site minder side we were not able to login to application as the SM_USER header was getting set as DOMAIN\USERNAME where as the application was expecting it to be only USERNAME.

So to achieve this we had 3 options:

1. Change the siteminder policy to setup header as DOMAIN\USERNAME
2. Change application code to filter the username from the doaminname combination.
3. Manage a workaround to avoid doing both 1 and 2

As changing the siteminder policies were very hectic and requires lots of approval considering many other applications use the same. We were left with 2 options either code change or work around and we chose work around considering the effort was way too less than code change.
We chose in apache to achive this and used below regex to edit the header and remove/replace the DOMAIN\ with NULL.

Current HEADER:


Required HEADER:


httpd.conf regex:

LoadModule headers_module modules/
RequestHeader edit SM_USER "^.*\x{005C}" ""

Similarly if you want to do it for windows IIS for any manipulation then you can go though below link:

Remote User Header Variable In IIS

I am yet to get any better work around for this so thought of creating a post for future reference. We are open to suggestions if you have any to make it better.

In case of any ┬ęCopyright or missing credits issue please check CopyRights page for faster resolutions.

Leave a Reply