Web Agent Guides › Web Agent Configuration Guide › Authenticate Users with Forms › Use Credential Collectors for Authentication and Single Sign-On

Use Credential Collectors for Authentication and Single Sign-On

A SiteMinder credential collector is an application within the Web Agent that gathers specific user credentials to authenticate a user. The credentials gathered by the credential collector are based on the type of authentication scheme configured for a particular group of protected resources. Credential collectors are used for forms, SSL, and Windows authentication schemes, and for single sign-on across multiple cookie domains.

The following types credential collectors are available:

• Forms Credential Collector (FCC)

  Gathers credentials based on HTML forms that are presented to the user during an authentication challenge. The forms that the FCC presents are based on templates that have the file extension .fcc. For example, the Web Agent is installed with a form called login.fcc, which you can customize and use for login purposes. This file is written using standard HTML tags and some proprietary notation required by SiteMinder.

  Note: When using FCC-based authentication, if a form is presented with empty credentials, a framework Web Agent does not process the request and redirects it back to the originally requested URL, hence causing the framework Web Agent not to send any communication to the policy server. In the case of a traditional Web Agent, the request is processed and sent to the policy server, which then generates an OnAuthAttempt event.

• SSL Credential Collector (SCC)

  Collects SSL-based credentials (credentials required by SSL-based authentication schemes) such as Basic over SSL or X509 Cert and Basic.

  Note: The SCC does not handle X509 Cert and Forms or X509 Cert or Forms. X509 Cert and Forms is handled by the FCC and X509 Cert or Forms is handled by the SFCC.

• Cookie Provider (CCC)

  Tracks SiteMinder sessions across multiple cookie domains for single sign-on. Unlike other types of credential collectors, the cookie provider does not collect credentials or perform an authentication challenge of the user. The cookie provider is handling credentials; however, in this case, the session is the credential.

  Default: SmMakeCookie.ccc

• NTLM Credential Collector (NTC)

  Gathers NT credentials for resources stored on an IIS Web server and accessed by Internet Explorer browsers. This scheme uses a Windows NT login name and password of a user in place of a challenge for credentials.

• SSL Forms Credential Collector (SFCC)

  Gathers credentials based on HTML forms (like the FCC) but the SFCC gathers them only for the X509 Cert or Forms authentication schemes.

  The forms that the SFCC presents are based on a templates that end in the file extension .sfcc. For example, the Web Agent is installed with a form called login.sfcc, which you can customize and use as a login form.