|
|
|
When configured to challenge requests for credentials, for authentication schemes other than basic, the SiteMinder Identity Asserter redirects to a Web Agent to collect credentials. Verify that several Agent configuration parameters that apply to both Agent types have matching values to avoid related issues.
The fcccompatmode Agent configuration parameter handles backward compatibility of forms credential collection, which the SiteMinder IA does not support. Therefore, set this parameter to NO for both the SiteMinder IA and the Web Agent:
fcccompatmode="NO"
The SiteMinder IA does not support legacy encoding. Set the legacyencoding Agent configuration parameter to NO for both the SiteMinder IA and the Web Agent:
legacyencoding="NO"
The secureURLs setting in the Agent Configuration Object does not affect the fcccompatmode and legacyencoding parameters – the SiteMinder IA does not support them no matter what secureURLs is set to.
Note: The secureURLs parameter enables the Web Agent to encrypt all SiteMinder query parameters in a redirection URL. When this parameter is set to yes, the Agents encrypt query data when it returns an HTTP 302 status code (redirect response) to the browser. This functionality can be used when a requested resource is protected by an advanced authentication scheme. Use the Policy Server User Interface to set SecureURLs centrally in the Agent Configuration Object.
Additionally, the following parameters must match for both the SiteMinder IA and SiteMinder Web Agent if specified:
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |