Implementation Guide › Configuration Considerations › Authentication and a Centralized Login Server › Best Practices
Best Practices
Consider the following when configuring login pages:
- Display an error message when a user fails to authenticate properly.
- Redirect users to a page that displays a message that the number of login attempts has been exceeded.
- We recommend using formsbased authentication to redirect users. If you are unable to use formsbased authentication, you can use the SiteMinder OnAuthAttempt and OnAuthReject responses to redirect users.
Note: For more information about responses, see the Policy Server Configuration Guide.
- If you configure formsbased authentication, consider creating a dynamic page, such as login.asp, to create a tighter integration with your existing infrastructure.
- If creating a dynamic page is not possible, use the sample login FCC file (login.fcc) that is included as part of the Web Agent installation to configure a login FCC file. The default location for the sample file is web_agent_home\samples_default\forms. The forms directory is the default location for files that the Forms Credential Collector (FCC) processes.
Note: For more information about the login FCC as it applies to formsbased authentication, see the Policy Server Configuration Guide. For more information about configuring the login FCC with a Web Agent and how the FCC process requests, see the Web Agent Configuration Guide.
- We recommend creating a separate directory on the Web Agent host system for all login pages. Using a location other than the forms directory helps to prevent the sample files from being accidentally overwritten.
- Display a custom logoff page after a user logs out successfully.
Note: For more information about configuring a logoff page, see the Web Agent Configuration Guide.