Use of SM_SSO_ZONE_NAME with ASA Agent on WebLogic

Document ID : KB000014613
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

I'm running ASA Agent for WebLogic. I'm aware that the ACO Parameters
SSOZoneName and SSOTrustedZone aren't supported for this Agent. But
from my reading, it seems I could modify the SMSESSION cookie prefix
using the "SM_SSO_ZONE_NAME" JVM parameters. But how can I set this
one on WebLogic ?

Environment:
ASA Agent 12.0 for WebLogic
Answer:

The SM_SSO_ZONE_NAME can be changed by setting a Java System Property
in the WebLogic startup script. The value of the property is prefixed
to Session to form the cookie name. To change the SM_SSO_ZONE_NAME
you will need to Delete the provider then restore it after rebooting
WebLogic:

1. Log in to the WebLogic Console;
2. On the left panel, click on Security Realms, then select the realm;
3. Click on Providers tab, then click on SMIdentityAsserter;
4. Go to Provider Specific and record User Name Mapper Attribute
   string, and SMIdentity Asserter Config File name, for use when you
   restore the provider;
5. Go back to Providers tab, select SMIdentityAsserter, then click
   "Delete" and save it;
6. Shutdown WebLogic server and edit the WebLogic start script. Add
   JVM option -DSM_SSO_ZONE_NAME=XY;
7. Now start WebLogic and login to the Console;
8. On the left panel, click on Security Realms, then select the realm;
9. Click on Providers tab, click new;
   a. In the Name, give SMIdentityAsserter;
  
   b. In Type drop down list, choose SiteMinderIdentityAsserter. Then
      click OK;
  
   c. In Common tab, click on >> button, then both XYSESSION and X.509
      would be moved to the right list;
  
   d. Click on Provider Specific tab, fill User Name Mapper Attribute
      string and SMIdentity Asserter Config File with previously recorded
      value.