diff --git a/edivorce/apps/core/middleware/bceid_middleware.py b/edivorce/apps/core/middleware/bceid_middleware.py
index c8f8cf93..cb73590f 100644
--- a/edivorce/apps/core/middleware/bceid_middleware.py
+++ b/edivorce/apps/core/middleware/bceid_middleware.py
@@ -20,19 +20,23 @@ class BceidMiddleware(object):
 
         localdev = settings.DEPLOYMENT_TYPE == 'localdev'
 
+        # get SiteMinder variables from the headers first, then from the session
+        smgov_userguid = request.META.get('HTTP_SMGOV_USERGUID', request.session.get('SMGOV_USERGUID',False))
+        smgov_userdisplayname = request.META.get('HTTP_SMGOV_USERDISPLAYNAME', request.session.get('SMGOV_USERDISPLAYNAME', False))
+
         # make sure the request didn't bypass the proxy
         if not localdev and not self.__request_came_from_proxy(request):
             print("Redirecting to " + settings.PROXY_BASE_URL + request.path, file=sys.stderr)
             return redirect(settings.PROXY_BASE_URL + request.path)
 
-        if not localdev and request.META.get('HTTP_SM_USERDN', False):
+        if not localdev and smgov_userguid:
 
             # 1. Real BCeID user / logged in
             request.bceid_user = BceidUser(
-                guid=request.META.get('HTTP_SM_USERDN'),
+                guid=smgov_userguid,
                 is_authenticated=True,
                 user_type='BCEID',
-                first_name=request.META.get('HTTP_SM_USER'),
+                first_name=smgov_userdisplayname,
                 last_name=''
             )
 
diff --git a/edivorce/apps/core/urls.py b/edivorce/apps/core/urls.py
index 83ad2b8a..32f78043 100644
--- a/edivorce/apps/core/urls.py
+++ b/edivorce/apps/core/urls.py
@@ -8,6 +8,10 @@ handler500 = 'core.views.main.server_error'
 urlpatterns = [
     # url(r'^guide$', styleguide.guide),
     url(r'^api/response$', api.UserResponseHandler.as_view()),
+
+    # todo: remove this line once SMGOV headers are working
+    url(r'^login/headers$', system.headers),
+
     url(r'^login', main.login, name="login"),
     url(r'^bceid', localdev.bceid, name="bceid"),
     url(r'^register$', main.register, name="register"),
diff --git a/edivorce/apps/core/views/main.py b/edivorce/apps/core/views/main.py
index b87c1fa8..af67da77 100644
--- a/edivorce/apps/core/views/main.py
+++ b/edivorce/apps/core/views/main.py
@@ -93,6 +93,15 @@ def login(request):
     if settings.DEPLOYMENT_TYPE == 'localdev' and not request.session.get('fake-bceid-guid'):
         return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/bceid')
     else:
+        # Save SiteMinder headers to session variables.  /login* is the only actual
+        # SiteMinder-protected part of the site, so the headers aren't availabale anywhere else
+        if request.META.get('HTTP_SMGOV_USERGUID', ''):
+            request.session['SMGOV_USERGUID'] = request.META.get('HTTP_SMGOV_USERGUID')
+
+        if request.META.get('HTTP_SMGOV_USERDISPLAYNAME', ''):
+            request.session['SMGOV_USERDISPLAYNAME'] = request.META.get('HTTP_SMGOV_USERDISPLAYNAME')
+
+        # get the Guid that was set in the middleware
         guid = request.bceid_user.guid
 
         if guid is None: