How To Edit SM_USER HTTP Header SiteMinder

Tutorials

SM_USER is the header set by siteminder on successful authentication though which application decides on whether to allow the user to login or reject the login request.
In our scenario the even after successful authentication at site minder side we were not able to login to application as the SM_USER header was getting set as DOMAIN\USERNAME where as the application was expecting it to be only USERNAME.

So to achieve this we had 3 options:

1. Change the siteminder policy to setup header as DOMAIN\USERNAME
2. Change application code to filter the username from the doaminname combination.
3. Manage a workaround to avoid doing both 1 and 2

As changing the siteminder policies were very hectic and requires lots of approval considering many other applications use the same. We were left with 2 options either code change or work around and we chose work around considering the effort was way too less than code change.
We chose mod_header.so in apache to achive this and used below regex to edit the header and remove/replace the DOMAIN\ with NULL.

Current HEADER:

SM_USER=DOMAIN\USERNAME

Required HEADER:

SM_USER=USERNAME

httpd.conf regex:

LoadModule headers_module modules/mod_headers.so
RequestHeader edit SM_USER "^.*\x{005C}" ""

Similarly if you want to do it for windows IIS for any manipulation then you can go though below link:

Remote User Header Variable In IIS

I am yet to get any better work around for this so thought of creating a post for future reference. We are open to suggestions if you have any to make it better.

https://stackoverflow.com/questions/48633225/edit-apache-sm-user-header-using-mod-header

In case of any ┬ęCopyright or missing credits issue please check CopyRights page for faster resolutions.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.