CA SiteMinder® automatically preserves the data that a user posts to an FCC form. This preservation mechanism prevents the data on the form from loss if a timeout or other interruption occurs during the POST operation.
If you are using a combination of traditional and framework agents in your environment, the following additional configuration steps are required:
If you do not want to use POST preservation, you can disable it.
POST preservation is not supported in the following situations:
Framework Agents handle POST preservation data differently than Traditional Agents do. If your CA SiteMinder® environment uses a combination of Framework and Traditional agents, and resources hosted by one type of Agent are protected by Forms Credential Collectors (FCCs) hosted on the other type of agent, you must specify the proper template file with the following parameter:
Enables the transfer of POST preservation data between Traditional and Framework Agents by specifying the path to one of the following POST-preservation-template files:
Default: No default
Example: web_agent_home/samples/forms/fw2tr.pptemplate
To enable post preservation between Framework and Traditional agents
Specifies whether the Web Agent encodes any POST preservation data in a way that is compatible with the older, Traditional, Web Agents, or with the newer, Framework Web Agents. When the value of this parameter is set to yes, the encoding is compatible with the Traditional Web Agents. When the value of this parameter is set to no, the encoding is compatible only with the Framework Web Agents.
Default: No
POST preservation is between Framework and Traditional agents is enabled.
When a timeout or other interruption occurs during a POST operation, the POST preservation page is displayed. In most cases, the POST preservation page appears for less than a second. However, the Post Preservation page can be displayed for as long as 5 seconds when the amount of form data being posted is large.
By default, the POST preservation page displays the following text:
This page is used to hold your data while you are being authorized for your request. You will be forwarded to continue the authorization process. If this does not happen automatically, please click the Continue button below.
The POST preservation page also displays a Continue button that allows the user to repost the data to the application.
To customize the POST preservation page, create a POST preservation template file.
The general structure of the default page is as follows:
<HTML><HEAD><TITLE></TITLE></HEAD><BODY onLoad="document.AUTOSUBMIT.submit();"> This page is used to hold your data while you are being authorized for your request.<BR><BR> You will be forwarded to continue the authorization process. If this does not happen automatically, please click the Continue button below. <FORM NAME="AUTOSUBMIT" METHOD="POST" ACTION="$$smpostlocation$$"> <$$smpostdata$$> <INPUT TYPE="SUBMIT" VALUE="Continue"> </FORM></BODY></HTML>
The POST preservation template must include the following two elements which the Web Agent expands when rendering the POST preservation page:
Expanded to the credential collector URL during the first phase of POST preservation. Expanded to the protected resource URL during the second phase of POST preservation.
Expanded to contain HTML which results in the correct form data being posted to either location respective to the phase of POST preservation.
Do not remove or alter these elements.
However, you can change other elements. For example, to remove the Continue button, remove the <INPUT> element that defines that button:
<INPUT TYPE="SUBMIT" VALUE="Continue">
Two sample POST preservation template files, fw2tr.pptemplate and tr2fw.pptemplate, are included in the following location:
Indicates the directory where the Web Agent is installed on your web server.
To configure the Web Agent to use your POST preservation template file, define the PostPreservationFile agent configuration parameter to specify the path of the template file.
For example:
PostPreservationFile="/app/netegrity/webagent/samples_default/forms/nosubmitbutton.pptemplate"
If you do not need to use POST preservation, you may disable it with the following parameter:
Specifies whether the Web Agent preserves POST data when redirecting requests. When the user is challenged for advanced authentication, such as forms or certificate authentication, the post data is preserved during the authentication phase.
Default: Yes
To disable POST preservation, set the value of the PreservePostData parameter to no.
Copyright © 2014 CA.
All rights reserved.
|
|