|
|
|
Beginning with 5.x QMR 2, the forms (FCC/SFCC), SSL (SCCs), and NTLM (NTC) credential collectors operate differently than 4.x credential collectors. When a user submits credentials, the credential collector does not have to create a credential cookie in the user's browser and send the user back to the original Web Agent. Instead, the credential collector can log the user in to the Policy Server directly on behalf of the Web Agent protecting the requested resource.
Note: We recommend using credential collectors to log users in directly rather than setting cookies. Using credential collectors to log users in better secures user credentials because these credentials are not being passed around the network in cookies. This is an important consideration when you are configuring credential collectors in a mixed environment.
For a credential collector to log a user in, it needs the name of the Web Agent protecting the requested resource and the credentials supplied by the user.
To learn the Agent name, a credential collector uses the following process:
Each mapping specifies the name and IP address of a host using that collector for its protected resources. Mappings are defined in the AgentName parameter.
This parameter is disabled by default, so the credential collector uses the value of the DefaultAgentName parameter as the Agent name.
When you upgrade, you must consider the credential collector algorithm and how it affects the configuration of an FCC, SCC, SFCC, or NTC so it can communicate with a 4.x Web Agent.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |