Policy Server Guides › Policy Server Configuration Guide › Strong Authentication › Establish a Front-End Authentication Scheme › Configure the selectlogin.fcc File for Front-End Authentication › Selectlogin.fcc Configuration Details
Selectlogin.fcc Configuration Details
You can configure various authentication schemes in the selectlogin.fcc file. The following are configuration details for some schemes:
- The cert-and-form scheme requires posting over an SSL connection. If the front-end authentication scheme does not use an SSL connection, the Web Agent cannot POST to the same selectlogin.fcc URL that was obtained on the GET request.
The following JavaScript code may be used to convert the URL to an SSL URL:
arr = document.URL.split("://");
document.Login.action = "https://" + arr[1];
- To support the SafeWord's two-step authentication, the username collected from the first challenge form must be remembered by the client side in time for the second challenge. The safeword.fcc file, also included in the Web Agent installation, uses the @smtransient FCC directive to keep the username in a transient cookie. The same directive may be used in the selectlogin.fcc file too, but then the cookie is going to be created even if the user makes a different choice of credentials. A better alternative is to modify the action argument to POST to the safeword.fcc file, as follows:
document.Login.action = "safeword.fcc";
- The Windows authentication scheme does not use an FCC file. It uses a specific pseudo-resource URL, which does not exist on the web server but which is recognized by the SiteMinder Web Agent. To make Windows authentication work, set the action argument to this same pseudo-resource URL, as follows:
document.Login.action = "/siteminderagent/ntlm/creds.ntc";
- The SecurID authentication scheme does not use an FCC; however, the Agent can POST the SecurID credentials directly to the selectlogin.fcc file. No modification of the action argument is required.
- The action URL may be hosted by a different web server; however, the other web server must also be protected by a SiteMinder Web Agent so that the SiteMinder-specific resource URLs (FCC, SCC, and NTC) are recognized and properly processed.
Note: SCC pseudo-resource URLs are used for certificate-only authentication.