There is one realm for each configured back-end authentication scheme. Each realm needs a resource filter defined as follows:
/auth/redirect.asp?authtype=type&target=
Can be one of the following:
form username/password authentication
cert certificate authentication
certform cert-and-form authentication
securid SecurID authentication
safeword SafeWord authentication
windows Windows authentication
Note: These are the types chosen for the purposes of this use case. You are not restricted to these specific values, but the types must correspond to the authtype values in the selectlogin.fcc file, or any other FCC file based on the selectlogin.fcc template. Also, the realm's resource filter must match the redirect target in the FCC file.
The following pane lists the realms.
The Web Agents protecting the realms may or may not be the same. This solution uses a single Web Agent; however, if multiple Web Agents are used, they must satisfy specific requirements.
The following requirements are necessary for Web Agents protecting realms as part of the Credentials Selector functionality:
Note: To configure single sign-on, see the Web Agent Configuration Guide.
The expected value is the value of the Web Agent's AgentName parameter or the DefaultAgentName parameter, if the AgentName parameter is not assigned a value. If the EncryptAgentName parameter in the Agent's configuration is set to yes, the value must be encrypted.
One way of setting the @smagentname directive is by configuring each Web Agent with the same naming properties. They can even share the same Agent Configuration Object. Another method is to configure the @smagentname directive programmatically in the FCC file, provided that the name is not encrypted.
Important! If the @smagentname directive is misconfigured, you may see a "No realm received in request" error message in the Policy Server log.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |