Policy Server GuidesPolicy Server Configuration GuideStrong AuthenticationEstablish a Front-End Authentication SchemeConfigure the selectlogin.fcc File for Front-End Authentication › Sample selectlogin.fcc File

Previous Topic: Selectlogin.fcc Configuration Details

Next Topic: Configure the Front-end Authentication Scheme
Sample selectlogin.fcc File

A simplified version of the selectlogin.fcc file (without the HTML formatting) follows. There are hidden input fields for smquerydata and postpreservationdata; those are necessary for passing the GET and POST parameters, respectively.

The smauthreason parameter holds the reason code provided by the Policy Server together with the authentication challenge.

A sample selectlogin.fcc file follows:

@username=%USER%
@smretries=0

<html>
<head>
  <script language="JavaScript">
    function submitForm(form)
    {
      authtype = "none";

      if (form == 1)
      {
        document.Login.USER.value     = document.Login.USER1.value;
        document.Login.PASSWORD.value = document.Login.PASSWORD1.value;

        if (!document.Login.UseCert.checked)
        {
          // username/password only
          authtype = "form";
        }
        else if (document.Login.USER.value == "" &&
                 document.Login.PASSWORD.value == "")
        {
          // certificate only
          authtype = "cert";
        }
        else
        {
          // username/password and certificate
          authtype = "certform";

          // This option requires posting over SSL.
          arr = document.URL.split("://");
          document.Login.action = "https://" + arr[1];
        }
      }
      else if (form == 2)
      {
        // SecurID authentication
        authtype = "securid";
        document.Login.USER.value     = document.Login.USER2.value;
        document.Login.PASSWORD.value = document.Login.PASSWORD2.value;
      }
      else if (form == 3)
      {
        // SafeWord authentication
        authtype = "safeword";
        document.Login.USER.value     = document.Login.USER3.value;
        document.Login.PASSWORD.value = "";

        // POST to safeword.fcc, for additional processing.
        // NOTE: This forces the web agent to POST to safeword.fcc
        // even if the authentication scheme's URL parameter
        // is set to selectlogin.fcc for redirection purposes.
        document.Login.action = "safeword.fcc";
      }
      else if (form == 4)
      {
        // Authenticate with the current Windows login credentials
        authtype = "windows";
        document.Login.USER.value     = "";
        document.Login.PASSWORD.value = "";

        // POST to creds.ntc (required by the Windows authentication scheme).
        document.Login.action = "/siteminderagent/ntlm/creds.ntc";
      }
      // Generate the target, depending on the user's choice of credentials.
      // This sample uses redirect.asp, but it could also be redirect.jsp, redirect.pl, etc.
      // This sample uses the following format: /auth/redirect.asp?authtype=<choice>&target=<original target>
      // Other formats are also possible, e.g.: /auth-<choice>/redirect.asp?target=<original    
         target>
      // The helper realms' resource filters must be defined accordingly (see the tech note).
      // Check if the target is not already in the same format. The user may
      // have been redirected back to selectlogin.fcc upon authentication failure,
      // if the authentication scheme's URL parameter is set to selectlogin.fcc.
      if ("$$target$$".indexOf("/auth/redirect.asp?authtype=") == 0 &&
          "$$target$$".indexOf("&target=") > 0)
      {
        // This must be a redirect. Extract the original target, but not
        // the authtype parameter, because the user may have made a different
        // choice of credentials this time.
        trgarr = "$$target$$".split("&target=");
        document.Login.target.value = "/auth/redirect.asp?authtype=" + authtype + "&target=" + trgarr[1];
      }
      else
      {
        // This is not a redirect. Pass $$target$$ as a URL query parameter.
        document.Login.target.value = "/auth/redirect.asp?authtype=" + authtype + "&target=$$target$$";
      }

      document.Login.submit();
    }
    function resetCredFields()
    {
      document.Login.PASSWORD.value  = "";
      document.Login.PASSWORD1.value = "";
      document.Login.PASSWORD2.value = "";
    }
  </script>
</head>

<body onLoad="resetCredFields();">
  <center>
    <form name="Login" method="POST">
      <input type="hidden" name="USER">
      <input type="hidden" name="PASSWORD">
      <input type="hidden" name="smagentname"  value="$$smagentname$$">
      <input type="hidden" name="smauthreason" value="$$smauthreason$$">
      <input type="hidden" name="smquerydata"  value="$$smquerydata$$">
      <input type="hidden" name="postpreservationdata" value="$$postpreservationdata$$">
      <input type="hidden" name="target">
      <!-- Some table formatting throughout -->
        <!-- Authentication Choice: Password And/Or Certificate -->
          <input type="text"     name="USER1">
          <input type="password" name="PASSWORD1">
          <input type="button"   value="Login" onClick="submitForm(1);">

        <!-- Authentication Choice: Windows Authentication -->
          <input type="button"   value="Login" onClick="submitForm(4);">

        <!-- Authentication Choice: SecurID Authentication -->
          <input type="text"     name="USER2">
          <input type="password" name="PASSWORD2">
          <input type="button"   value="Login" onClick="submitForm(2);">

        <!-- Authentication Choice: SafeWord Authentication -->
          <input type="text"     name="USER3">
          <input type="button"   value="Login" onClick="submitForm(3);">
      <!-- More table formatting -->
    </form>
  </center>
</body>
</html>

Copyright © 2010 CA. All rights reserved. Email CA about this topic