Web Agent Guides › Web Agent Configuration Guide › Forms Authentication

Forms Authentication

This section contains the following topics:

How Credential Collectors Process Requests

MIME Types for Credential Collectors

How to Configure a CA SiteMinder® Agent to Support HTML Forms Authentication

Specify an NTLM Credential Collector

Using Credential Collectors Between 4.x Type and Newer Type Agents

Configure Apache-based Agents for FCC-based Password Services in Japanese Environments

How Credential Collectors Process Requests

The following illustration describes how forms credential collectors (FCCs) process requests for protected resources:

Note: Cookie providers use a different process for single-sign on.

Graphic showing how the forms credential collectors process requests for protected resources

The process shown in the previous illustration describes the following steps:

A user requests access to a resource.
The agent contacts the Policy Server to determine whether the resource is protected.
The Policy Server informs the agent that a credential collector protects the resource, and specifies the type of credential collector in use.
The agent adds query data, the target resource and an encrypted agent name to the URL of the credential collector. The agent then redirects the user to the appropriate credential collector.
One of the following actions occurs, depending on the type of credential collector:
- The FCC displays the form and then collects the credentials of the user.
- The NTC collects the NT credentials of the user.
- The SCC collects the credentials of the user.
- If no certificate is available, the SFCC displays the form. The SFCC collects the user credentials.
The credential collector logs the user directly in to the Policy Server. The Policy Server creates a session.
The agent validates the session and grants the user access to the resource.

Note: For more information about SSL Authentication Schemes, see the Policy Server documentation.

MIME Types for Credential Collectors

Associated with each credential collector is a MIME type. The MIME type indicates which collector presents the authentication challenge when a user requests a resource. The following table shows each type.

Credential Collector	MIME Type
Forms Credential Collector	.fcc
SSL Credential Collector	.scc
Cookie Provider	.ccc
NTLM Credential Collector	.ntc
SSL Forms Credential Collector	.sfcc
Kerberos Credential Collector	.kcc

When you configure an authentication scheme that uses a credential collector, or set up single sign-on across multiple cookie domains, the relevant MIME type is used as a file extension for a file referenced by the authentication scheme or single-sign-on configuration, for example:

When configuring single sign-on across multiple cookie domains, you enter a URL like the following to identify the cookie provider:
http://myserver.company.com:80/siteminderagent/SmMakeCookie.ccc

SmMakeCookie.ccc is the default cookie provider name. You can use this name or create a name of your own; however, it must have the .ccc extension to initiate single sign-on.
For Windows authentication, the default target file to enable this scheme is:
/siteminderagent/ntlm/creds.ntc

Again, you must use a file with the correct MIME type as the extension.

The FCC and SFCC are the only credential collectors that require actual files to exist on the web server where the Agent is installed. These collectors are for forms-based authentication schemes. The .fcc and .sfcc templates are required to define the HTML form presented to the user.