Skip links

Pro-Tip: Displaying SiteMinder Headers

In this week’s post, we will provide a simple JSP page that we use to validate that SiteMinder protected applications are receiving the required headers.

Overview

We are often asked:

How can we be sure that we have properly configured our SiteMinder policies to support our applications without engaging the application team?

Or they ask:

What tool can we use to prove to the development team that the server side headers are present?

The JSP below will display all of the server side headers, including any responses defined in SiteMinder. In order to execute, the example requires a Java-based application server such as Apache Tomcat. Please consult the documentation for your specific application server before deploying this JSP.

<%@ page import="java.util.*" %>
<%
response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader ("Expires", -1);
%>
<html>
   <head>
      <title>ServerNameHere</title>
   </head>
   <body>
      <h1>HTTP Request Headers Received</h1>
      <table border="1" cellpadding="4" cellspacing="0">
      <%
         Enumeration eNames = request.getHeaderNames();
         while (eNames.hasMoreElements()) {
            String name = (String) eNames.nextElement();
            String value = normalize(request.getHeader(name));
      %>
         <tr><td><%= name %></td><td><%= value %></td></tr>
      <%
         }
      %>
	   </table>
   </body>
   </body>
          <footer>
        <p> &copy; Copyright 2006 - 2021 Your Company Name Here All Rights Reserved</p>
    </footer>
</html>
<%!
   private String normalize(String value)
   {
      StringBuffer sb = new StringBuffer();
      for (int i = 0; i < value.length(); i++) {
         char c = value.charAt(i);
         sb.append(c);
         if (c == ';')
            sb.append("<br>");
      }
      return sb.toString();
   }
%>

Note: This JSP is provided without warranty either expressed or implied.

Setup

  1. Deploy the JSP to your application server within a new context root. (e. g. /headers)
  2. Protect the context root (/headers/) in SiteMinder as a part of a policy domain and configure the responses that you would like to test.

Testing

  1. Enter the URL for the header.jsp page.
  2. Authenticate using a test account. A page similar to the following should be displayed.

As always, we hope that you have found this information useful. If you need IAM assistance, reach out to SIS today and we would be happy to assist you. And subscribe to our newsletter to be notified about the posting of future articles and other SIS news.

JOIN OUR NEWSLETTER

If you want to know our recent offer please subscribe to our newsletter