Web Agent Guides › Web Agent Configuration Guide › Forms Authentication › Configure Advanced FCC Settings › Specify Redirect URL Protocols with Lowercase Characters

Specify Redirect URL Protocols with Lowercase Characters

If you protect legacy applications that do not confirm to RFC 2396 with a forms-based authentication scheme, and you need the protocol portions of URLs to be lowercase, then set the following parameter:

LowerCaseProtocolSpecifier

Specifies whether the scheme (protocol) portion of a redirect URL uses only lowercase characters. This configuration parameter accommodates legacy applications that do not confirm to RFC 2396. This RFC states that applications must handle the protocol portion of a URL in both uppercase and lowercase. Change this parameter in any of the following situations:

• You use legacy applications that do not confirm to RFC 2396.
• Your redirect URLS contain query data.
• You use an HTML-forms (FCC) authentication scheme.

Default: No (uppercase characters are used HTTP, HTTPS).

Example: Yes (lowercase characters are used http, https).

To specify lowercase protocols for the URLs in your environment, set the value of the LowerCaseProtocolSpecifier parameter to yes.

Use a Special Forms Template for Passport Authentication

Beginning with Web Agent 5.x QMR1, n FCC file named loginusername.fcc was provided for use with the Passport authentication scheme. If you configure SiteMinder to use this form, when a user requests a protected resource, SiteMinder will:

1. Recognize a signed-in Passport user as a mapped user from the SiteMinder user directory.
2. Present the form, which:
   • Automatically displays the user name of the mapped user
   • Prompts for the corresponding password

To use the loginusername.fcc file:

1. Edit the value of the IgnoreExt Web Agent parameter by removing the .fcc entry from the list of extensions that the Agent should ignore.
2. Protect loginusername.fcc, using the Passport (Custom) authentication scheme.

   Note: For more information, see the Policy Server documentation.

3. For each realm protected by the Passport authentication scheme, create a response on the Policy Server. For each response, configure a Web Agent response attribute as follows:
   1. Select WebAgent-HTTP-Header-Variable from the Attribute drop-down list.
   2. Select the User Attribute radio button from the Attribute Kind group box.
   3. In the Attribute Name field, enter the name of the user directory attribute that corresponds to the user name or user id. For example, if an LDAP directory contains the users that are mapped to Passport holders, enter uid.
   4. In the Variable Name field, enter a name for the response variable, such LDAPUID.

      Note: For more information, see the Policy Server documentation.

4. Edit the loginusername.fcc form to reflect the Variable Name value. Continuing with this example, the variable name is LDAPUID.

You can add these advanced features to the Agent configuration file or an Agent Configuration Object.

Use the safeword.fcc File for SafeWord Forms Authentication

The Policy Server can authenticate users against a SafeWord authentication server, including users who are logging in via SafeWord hardware tokens.

One of the prerequisites for using the SafeWord forms-based authentication scheme is to have a customized safeword.fcc file residing on a web server where the SiteMinder Web Agent is installed. This web server must be in the cookie domain in which you implement HTML Forms authentication.

The safeword.fcc file defines the forms that a user sees during SafeWord authentication. Depending on the value of the authentication code sent by the Policy Server to the credential collector, the form that the user is asked to fill out changes. In the safeword.fcc file you can see the different text for each authentication code, as indicated by the directive smauthreason.

To customize the safeword.fcc file for your enterprise, you can modify the HTML layout of the form but not the type of credentials that the user must provide for a particular form. You may also want to modify the form logo. The file uses ISO-8859-1 encoding.

The sample safeword.fcc file is located in the directory:

web_agent_home/Samples/Forms

Note: For more information, see the Policy Server documentation.