|
|
|
Web Agents can help protect from phishing attempts that could redirect users to a hostile web site, with the following parameter:
Specifies the domains to which a credential collector is allowed to redirect users. If the domain in the URL does not match the domains set in this parameter, the redirect is denied.
Default: No default
This parameter is supported by all advanced authentication schemes, including forms credential collectors (FCCs).
During processing, the ValidTargetDomain parameter identifies the valid domains for the target. Before redirecting the user, the Web Agent compares the values in the redirect URL against the domains in this parameter. Without this parameter, the Web Agent redirects the user to targets in any domain.
The ValidTargetDomain parameter can include multiple values, one for each valid domain.
For local Web Agent configurations, specify an entry, one on each line, for each domain, for example:
validtargetdomain=".xyzcompany.com"
validtargetdomain=".abccompany.com"
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |