A simplified version of the selectlogin.fcc file (without the HTML formatting) follows. There are hidden input fields for smquerydata and postpreservationdata; those are necessary for passing the GET and POST parameters, respectively.
The smauthreason parameter holds the reason code provided by the Policy Server together with the authentication challenge.
A sample selectlogin.fcc file follows:
@username=%USER% @smretries=0 <html> <head> <script language="JavaScript"> function submitForm(form) { authtype = "none"; if (form == 1) { document.Login.USER.value = document.Login.USER1.value; document.Login.PASSWORD.value = document.Login.PASSWORD1.value; if (!document.Login.UseCert.checked) { // username/password only authtype = "form"; } else if (document.Login.USER.value == "" && document.Login.PASSWORD.value == "") { // certificate only authtype = "cert"; } else { // username/password and certificate authtype = "certform"; // This option requires posting over SSL. arr = document.URL.split("://"); document.Login.action = "https://" + arr[1]; } } else if (form == 2) { // SecurID authentication authtype = "securid"; document.Login.USER.value = document.Login.USER2.value; document.Login.PASSWORD.value = document.Login.PASSWORD2.value; } else if (form == 3) { // SafeWord authentication authtype = "safeword"; document.Login.USER.value = document.Login.USER3.value; document.Login.PASSWORD.value = ""; // POST to safeword.fcc, for additional processing. // NOTE: This forces the web agent to POST to safeword.fcc // even if the authentication scheme's URL parameter // is set to selectlogin.fcc for redirection purposes. document.Login.action = "safeword.fcc"; } else if (form == 4) { // Authenticate with the current Windows login credentials authtype = "windows"; document.Login.USER.value = ""; document.Login.PASSWORD.value = ""; // POST to creds.ntc (required by the Windows authentication scheme). document.Login.action = "/siteminderagent/ntlm/creds.ntc"; } // Generate the target, depending on the user's choice of credentials. // This sample uses redirect.asp, but it could also be redirect.jsp, redirect.pl, etc. // This sample uses the following format: /auth/redirect.asp?authtype=<choice>&target=<original target> // Other formats are also possible, e.g.: /auth-<choice>/redirect.asp?target=<original target> // The helper realms' resource filters must be defined accordingly (see the tech note). // Check if the target is not already in the same format. The user may // have been redirected back to selectlogin.fcc upon authentication failure, // if the authentication scheme's URL parameter is set to selectlogin.fcc. if ("$$target$$".indexOf("/auth/redirect.asp?authtype=") == 0 && "$$target$$".indexOf("&target=") > 0) { // This must be a redirect. Extract the original target, but not // the authtype parameter, because the user may have made a different // choice of credentials this time. trgarr = "$$target$$".split("&target="); document.Login.target.value = "/auth/redirect.asp?authtype=" + authtype + "&target=" + trgarr[1]; } else { // This is not a redirect. Pass $$target$$ as a URL query parameter. document.Login.target.value = "/auth/redirect.asp?authtype=" + authtype + "&target=$$target$$"; } document.Login.submit(); } function resetCredFields() { document.Login.PASSWORD.value = ""; document.Login.PASSWORD1.value = ""; document.Login.PASSWORD2.value = ""; } </script> </head> <body onLoad="resetCredFields();"> <center> <form name="Login" method="POST"> <input type="hidden" name="USER"> <input type="hidden" name="PASSWORD"> <input type="hidden" name="smagentname" value="$$smagentname$$"> <input type="hidden" name="smauthreason" value="$$smauthreason$$"> <input type="hidden" name="smquerydata" value="$$smquerydata$$"> <input type="hidden" name="postpreservationdata" value="$$postpreservationdata$$"> <input type="hidden" name="target"> <!-- Some table formatting throughout --> <!-- Authentication Choice: Password And/Or Certificate --> <input type="text" name="USER1"> <input type="password" name="PASSWORD1"> <input type="button" value="Login" onClick="submitForm(1);"> <!-- Authentication Choice: Windows Authentication --> <input type="button" value="Login" onClick="submitForm(4);"> <!-- Authentication Choice: SecurID Authentication --> <input type="text" name="USER2"> <input type="password" name="PASSWORD2"> <input type="button" value="Login" onClick="submitForm(2);"> <!-- Authentication Choice: SafeWord Authentication --> <input type="text" name="USER3"> <input type="button" value="Login" onClick="submitForm(3);"> <!-- More table formatting --> </form> </center> </body> </html>
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |