Implementation Guide › Configuration Considerations › Authentication and a Centralized Login Server › Login Page Use Cases › Embedded Form on a Web Portal
Embedded Form on a Web Portal
In this use case, a form is embedded on a web portal home page. Users enter credentials in the form and are redirected to the protected resource upon authentication. Specifically:
- A web portal home page (portal.asp) includes an embedded form that prompts users for credentials. The home page:
- Contains a target variable that points to the protected resource.
- Posts to a login FCC file (login.fcc).
- A stand-alone login page (login.asp) is deployed to the Web Agent host system. If users try to access the protected resource directly, this page prompts users for credentials. The login page:
- The login FCC file is configured with an @directive (@smretries) to redirect users to a failed authentication page (login.unauth) after two failed authentication attempts.
Note: For more information about configuring an FCC file with @directives, see the Policy Server Configuration Guide.
- A SiteMinder administrator has configured a formbased authentication scheme named Auth1. The target of Auth1 is login.asp.
Note: For more information about configuring authentication schemes, see the Policy Server Configuration Guide.
The following diagram illustrates the authentication process for this use case:
- A user navigates to the web portal home page.
- The Web Agent contacts the Policy Server, which determines that the resource is unprotected.
- The user submits invalid credentials. The credentials are posted to the login.fcc file and processed by the FCC.
- The FCC forwards the credentials to the Policy Server.
- The Policy Server determines that the credentials are invalid and notifies the FCC.
- The FCC inserts the SMTRYNO cookie into the web browser of the user and redirects the user to the login page. The login page appears with an error message. The error message states that invalid credentials were supplied and to try again.
Note: Although not illustrated, if the user accessed the protected resource directly, the login page would appear without an error message because the web browser would not contain the SMTRYNO cookie.
- The user submits invalid credentials. The credentials are posted to the login.fcc file and processed by the FCC.
- The FCC forwards the credentials to the Policy Server.
- The Policy Sever determines that the credentials continue to be invalid and notifies the FCC.
- The user has exceeded the maximum number of failed authentication attempts and is redirected to a page that displays a failed authentication message.