Require HTTP Cookie Assertion

The Require HTTP Cookie assertion checks that a request contains a cookie with the same name as that specified in the assertion. If the request does not contain a cookie with this name, then the assertion fails.  
gateway90
The
Require HTTP Cookie
assertion checks that a request contains a cookie with the same name as that specified in the assertion. If the request does not contain a cookie with this name, then the assertion fails.  
The HTTP Cookie assertion does not check the validity or expiry of a cookie. It only checks for the presence of a cookie. A custom assertion such as the Access Resource Protected by JSAM assertion should be used to validate the content of the cookie.
Policy Example
The following illustrates how this assertion might be used in a policy:
"At least one assertion must evaluate to true"
Require HTTP Basic Credentials HTTP Cookie: iPlanetDirectoryPro
Access Resource Protected by JSAM (or another custom assertion that uses cookies)
Route via HTTP(S) to URL  
The HTTP Cookie assertion should be positioned
after
the Require HTTP Basic Credentials assertion, within an "At least one..." folder. The sample arrangement above does not imply that the Require HTTP Basic Credentials assertion will always be used if present. This is because the custom assertion that follows will check for both a cookie and user/password credentials. If a valid cookie is found, it is used.
Context Variables Created by This Assertion
The Require HTTP Cookie assertion sets the following context variable when a cookie is found. 
<
prefix
>.<
cookieName
>
Where:
  • <
    prefix
    > is defined in the assertion properties (default:
    cookie
    )
  • <
    cookieName
    > is the name of the cookie from the cookie header
For example, if the cookie header contains: var1=value1; var2=value2
The following context variables will be set:
  • ${cookie.var1}
    , which contains the value of cookie "var1"
  • ${cookie.var2}
    , which contains the value of cookie "var2"
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Adding an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. When adding the assertion, the
    HTTP Cookie Properties
    automatically appear; when modifying the assertion, right-click
    Require HTTP Cookie
    in the policy window and select
    HTTP Cookie Properties
    or double-click the assertion in the policy window. The assertion properties are displayed.
  3. Configure the properties as follows.
    Settings
    Description
    Cookie Name
    Enter the name of the cookie that is expected to contain the request credentials.
    If a cookie with this name is found, the cookie value is placed in the context variable: ${cookie.<
    cookieName
    >} (based on the default prefix).
    Variable Prefix
    Optionally, change the prefix that will be added to the context variable created by this assertion. The prefix will prevent the context variable from being overwritten if the assertion appears more than once in a policy. The default prefix is "
    cookie
    ."
    For an explanation of the validation messages displayed, see Context Variable Validation.
  4. Click [
    OK
    ] when done.