Use of SM_SSO_ZONE_NAME with ASA Agent on WebLogic

Document ID : KB000014613
Last Modified Date : 14/02/2018
Show Technical Document Details

I'm running ASA Agent for WebLogic. I'm aware that the ACO Parameters
SSOZoneName and SSOTrustedZone aren't supported for this Agent. But
from my reading, it seems I could modify the SMSESSION cookie prefix
using the "SM_SSO_ZONE_NAME" JVM parameters. But how can I set this
one on WebLogic ?

ASA Agent 12.0 for WebLogic

The SM_SSO_ZONE_NAME can be changed by setting a Java System Property
in the WebLogic startup script. The value of the property is prefixed
to Session to form the cookie name. To change the SM_SSO_ZONE_NAME
you will need to Delete the provider then restore it after rebooting

1. Log in to the WebLogic Console;
2. On the left panel, click on Security Realms, then select the realm;
3. Click on Providers tab, then click on SMIdentityAsserter;
4. Go to Provider Specific and record User Name Mapper Attribute
   string, and SMIdentity Asserter Config File name, for use when you
   restore the provider;
5. Go back to Providers tab, select SMIdentityAsserter, then click
   "Delete" and save it;
6. Shutdown WebLogic server and edit the WebLogic start script. Add
7. Now start WebLogic and login to the Console;
8. On the left panel, click on Security Realms, then select the realm;
9. Click on Providers tab, click new;
   a. In the Name, give SMIdentityAsserter;
   b. In Type drop down list, choose SiteMinderIdentityAsserter. Then
      click OK;
   c. In Common tab, click on >> button, then both XYSESSION and X.509
      would be moved to the right list;
   d. Click on Provider Specific tab, fill User Name Mapper Attribute
      string and SMIdentity Asserter Config File with previously recorded