Is it possible to determine the protection-level of an SMSESSION cookie or the session-spec via the CA SiteMinder Java Agent API?
The session-spec field of the SMSESSION cookie is encrypted as it is transmitted by the Web Agent to the Policy Server to take decision about authentication and authorization. By decoding the SMSESSION cookie, you get the information about:
See Sm_AgentApi_DecodeSSOToken function description. This will be used for the Web Agent. But you won't get the protection level as it is to the Policy Server to determine if the user has to re-authenticate and not the Web Agent.