A SiteMinder credential collector is an application within the Web Agent that gathers specific user credentials to authenticate a user. The credentials gathered by the credential collector are based on the type of authentication scheme configured for a particular group of protected resources. Credential collectors are used for forms, SSL, and Windows authentication schemes, and for single sign-on across multiple cookie domains.
The following types credential collectors are available:
Gathers credentials based on HTML forms that are presented to the user during an authentication challenge. The forms that the FCC presents are based on templates that have the file extension .fcc. For example, the Web Agent is installed with a form called login.fcc, which you can customize and use for login purposes. This file is written using standard HTML tags and some proprietary notation required by SiteMinder.
Note: When using FCC-based authentication, if a form is presented with empty credentials, a framework Web Agent does not process the request and redirects it back to the originally requested URL, hence causing the framework Web Agent not to send any communication to the policy server. In the case of a traditional Web Agent, the request is processed and sent to the policy server, which then generates an OnAuthAttempt event.
Collects SSL-based credentials (credentials required by SSL-based authentication schemes) such as Basic over SSL or X509 Cert and Basic.
Note: The SCC does not handle X509 Cert and Forms or X509 Cert or Forms. X509 Cert and Forms is handled by the FCC and X509 Cert or Forms is handled by the SFCC.
Tracks SiteMinder sessions across multiple cookie domains for single sign-on. Unlike other types of credential collectors, the cookie provider does not collect credentials or perform an authentication challenge of the user. The cookie provider is handling credentials; however, in this case, the session is the credential.
Default: SmMakeCookie.ccc
Gathers NT credentials for resources stored on an IIS Web server and accessed by Internet Explorer browsers. This scheme uses a Windows NT login name and password of a user in place of a challenge for credentials.
Gathers credentials based on HTML forms (like the FCC) but the SFCC gathers them only for the X509 Cert or Forms authentication schemes.
The forms that the SFCC presents are based on a templates that end in the file extension .sfcc. For example, the Web Agent is installed with a form called login.sfcc, which you can customize and use as a login form.
Gathers credentials for Kerberos authentication schemes.
Associated with each credential collector is a MIME type. The MIME type indicates which collector presents the authentication challenge when a user requests a resource. The following table shows each type.
|
Credential Collector |
MIME Type |
|---|---|
|
Forms Credential Collector |
.fcc |
|
SSL Credential Collector |
.scc |
|
Cookie Provider |
.ccc |
|
NTLM Credential Collector |
.ntc |
|
SSL Forms Credential Collector |
.sfcc |
|
Kerberos Credential Collector |
.kcc |
When you configure an authentication scheme that uses a credential collector, or set up single sign-on across multiple cookie domains, the relevant MIME type is used as a file extension for a file referenced by the authentication scheme or single-sign-on configuration, for example:
http://myserver.company.com:80/siteminderagent/SmMakeCookie.ccc
SmMakeCookie.ccc is the default cookie provider name. You can use this name or create a name of your own; however, it must have the .ccc extension to initiate single sign-on.
/siteminderagent/ntlm/creds.ntc
Again, you must use a file with the correct MIME type as the extension.
The FCC and SFCC are the only credential collectors that require actual files to exist on the web server where the Agent is installed. These collectors are for forms-based authentication schemes. The .fcc and .sfcc templates are required to define the HTML form presented to the user.
|
Copyright © 2012 CA.
All rights reserved.
|
|