What are the criteria that constitutes meaningful ECV.
Would this be a page match for an authenticated user session?
If a simple content match on the home page is our goal it would require that we authenticate through Siteminder or thwart it. Given, my understanding of Siteminder a script that authenticates a user would require an extended application verification script. This aproach would exceed our ECV requirements.
An alternative would be unprotect a page (if there is such an ability) have Big-IP issue a get request and thwart the authentication. This would not tell us if the Siteminder elements are working and there could be a scenario where Big-IP can retreive a page that a user cannot authenticate.
What if a Siteminder referal response is good enough to consider a service available?
This can be done with a http v.1.1 request:
GET /index.html HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Host: www.yoursite.com Connection: close
The recieve string could be:
http://smntlm.yoursite.com/siteminderagent/ntlm/creds.ntc?CHALLENGE=&TARGET=$SM$http