Previous Topic: Configure Virtual ServersNext Topic: How to Configure a CA SiteMinder® Agent to Support HTML Forms Authentication


Forms Authentication

This section contains the following topics:

How Credential Collectors Process Requests

MIME Types for Credential Collectors

How to Configure a CA SiteMinder® Agent to Support HTML Forms Authentication

Specify an NTLM Credential Collector

Using Credential Collectors Between 4.x Type and Newer Type Agents

Configure Apache-based Agents for FCC-based Password Services in Japanese Environments

How Credential Collectors Process Requests

The following illustration describes how forms credential collectors (FCCs) process requests for protected resources:

Note: Cookie providers use a different process for single-sign on.

Graphic showing how the forms credential collectors process requests for protected resources

The process shown in the previous illustration describes the following steps:

  1. A user requests access to a resource.
  2. The agent contacts the Policy Server to determine whether the resource is protected.
  3. The Policy Server informs the agent that a credential collector protects the resource, and specifies the type of credential collector in use.
  4. The agent adds query data, the target resource and an encrypted agent name to the URL of the credential collector. The agent then redirects the user to the appropriate credential collector.
  5. One of the following actions occurs, depending on the type of credential collector:
  6. The credential collector logs the user directly in to the Policy Server. The Policy Server creates a session.
  7. The agent validates the session and grants the user access to the resource.

Note: For more information about SSL Authentication Schemes, see the Policy Server documentation.

MIME Types for Credential Collectors

Associated with each credential collector is a MIME type. The MIME type indicates which collector presents the authentication challenge when a user requests a resource. The following table shows each type.

Credential Collector

MIME Type

Forms Credential Collector

.fcc

SSL Credential Collector

.scc

Cookie Provider

.ccc

NTLM Credential Collector

.ntc

SSL Forms Credential Collector

.sfcc

Kerberos Credential Collector

.kcc

When you configure an authentication scheme that uses a credential collector, or set up single sign-on across multiple cookie domains, the relevant MIME type is used as a file extension for a file referenced by the authentication scheme or single-sign-on configuration, for example:

The FCC and SFCC are the only credential collectors that require actual files to exist on the web server where the Agent is installed. These collectors are for forms-based authentication schemes. The .fcc and .sfcc templates are required to define the HTML form presented to the user.