Policy Server Guides › Policy Server Configuration Guide › Authentication Schemes › HTML Forms Authentication Schemes › HTML Forms Authentication Templates › SiteMinder FCC Files

SiteMinder FCC Files

The SiteMinder Forms Credential Collector (FCC) incorporated into SiteMinder Web Agents reads template files called .fcc files. The .fcc files are written using standard HTML tags and a small amount of proprietary notation required by SiteMinder to verify attributes and take advantage of custom features described later in this section.

Important! If you create or edit an .fcc file on a Windows system and move that file to a UNIX system, your UNIX system may append ^M at the end of lines of text. These characters, which identify the file as a Windows text file, cause .fcc files to fail during authentication. When moving files from Windows text editors to UNIX systems, be sure to examine the files and remove the appended characters. To avoid this situation, create and edit .fcc files that will be used in a UNIX environment on a UNIX system.

For the HTML Forms authentication scheme, the default extension for .fcc files is .fcc. If you want to use a different extension:

• For Apache or iPlanet Web servers, configure your Web server to use that extension.
• For Domino or IIS Web servers, specify that extension in the FCCExtensions parameter of your Web Agent configuration file or object. For more information on Web Agent configuration parameters, see the Web Agent Guide.

When a user requests a resource protected by an HTML Forms scheme, the Web Agent redirects the user to an .fcc file. The .fcc file invokes the FCC on the Web server in order to collect credentials from the user via a customized form. The FCC generates a browser page and builds a user name and password based on the contents of the .fcc file. The file resides in a Web server's name space and is accessed like any HTML file. The .fcc file may contain two parts. Both parts are optional.

The first part of the FCC contains directives that are used when executing a POST operation on the .fcc file. The directives are never passed to the client. They must be at the beginning of the file and are of the form: @name=value

The name is the name of a variable. The value is the variable's value. The value may contain strings of the form: %name1%. This will be replaced by the value of the variable associated with name1.

The second part of the .fcc file contains HTML code that is returned when a GET operation is performed on the .fcc file. This part may include text in the form "$$name$$", including the quotation marks (") that will be replaced by the value associated with name. The name is not case sensitive.

The hidden inputs listed in the following figure are used to hold state for the credential collectors:

*Be sure to enter the quotation marks (").

At a minimum, an .fcc file must collect the following:

• User name
• Password
• Target

Important! If users will be submitting post requests to a resource protected by an authentication scheme that uses a credential collector (see the following figure), use the postpreservationdata input. Otherwise, data that users attempt to post to the requested resource will be lost.

The following is an example of a valid (though simple) .fcc file:

The file above is the usermap.fcc sample file included with the default installation of SiteMinder Web Agents.

The .fcc file above creates a distinguished name (DN) for the user based on the information the user enters in the User Name field and the Organization drop-down list of the HTML form. This DN is the user name authentication credential. The user's password is collected from the Password field of the HTML form. The hidden realm and target input values are also collected so that the user can be directed to the appropriate resource when authentication is complete.