You may have forms that obtain credentials from SiteMinder releases prior to v5.0. To preserve data during a POST, add the following line to the .fcc form template that is presented when a user tries to access the resource:
<input type=hidden name=postpreservationdata value="$$postpreservationdata$$">
Note: POST preservation is not supported with CGI and Perl based Password Services, ACE authentication, or any custom authentication scheme that posts to an FCC.
Framework Agents handle POST preservation data differently than Traditional Agents do. If your SiteMinder environment uses a combination of Framework and Traditional agents, and resources hosted by one type of Agent are protected by Forms Credential Collectors (FCCs) hosted on the other type of agent, you must specify the proper template file with the following parameter:
Enables the transfer of POST preservation data between Traditional and Framework Agents by specifying the path to one of the following POST-preservation-template files:
Default: No default
Example: web_agent_home/samples/forms/fw2tr.pptemplate
To enable post preservation between Framework and Traditional agents
Specifies whether the Web Agent encodes any POST preservation data in a way that is compatible with the older, Traditional, Web Agents, or with the newer, Framework Web Agents. When the value of this parameter is set to yes, the encoding is compatible with the Traditional Web Agents. When the value of this parameter is set to no, the encoding is compatible only with the Framework Web Agents.
Default: No
POST preservation is between Framework and Traditional agents is enabled.
When a timeout or other interruption occurs during a POST operation, the POST preservation page is displayed. In most cases, the POST preservation page appears for less than a second. However, the Post Preservation page can be displayed for as long as 5 seconds when the amount of form data being posted is large.
By default, the POST preservation page displays the following text:
This page is used to hold your data while you are being authorized for your request. You will be forwarded to continue the authorization process. If this does not happen automatically, please click the Continue button below.
The POST preservation page also displays a Continue button that allows the user to repost the data to the application.
To customize the POST preservation page, create a POST preservation template file.
The general structure of the default page is as follows:
<HTML><HEAD><TITLE></TITLE></HEAD><BODY onLoad="document.AUTOSUBMIT.submit();"> This page is used to hold your data while you are being authorized for your request.<BR><BR> You will be forwarded to continue the authorization process. If this does not happen automatically, please click the Continue button below. <FORM NAME="AUTOSUBMIT" METHOD="POST" ACTION="$$smpostlocation$$"> <$$smpostdata$$> <INPUT TYPE="SUBMIT" VALUE="Continue"> </FORM></BODY></HTML>
The POST preservation template must include the following two elements which the Web Agent expands when rendering the POST preservation page:
Expanded to the credential collector URL during the first phase of POST preservation. Expanded to the protected resource URL during the second phase of POST preservation.
Expanded to contain HTML which results in the correct form data being posted to either location respective to the phase of POST preservation.
Do not remove or alter these elements.
However, you can change other elements. For example, to remove the Continue button, remove the <INPUT> element that defines that button:
<INPUT TYPE="SUBMIT" VALUE="Continue">
Two sample POST preservation template files, fw2tr.pptemplate and tr2fw.pptemplate, are included in the following location:
Indicates the directory where the Web Agent is installed on your web server.
To configure the Web Agent to use your POST preservation template file, define the PostPreservationFile agent configuration parameter to specify the path of the template file.
For example:
PostPreservationFile="/app/netegrity/webagent/samples_default/forms/nosubmitbutton.pptemplate"
If you do not need to use POST preservation, you may disable it with the following parameter:
Specifies whether the Web Agent preserves POST data when redirecting requests. When the user is challenged for advanced authentication, such as forms or certificate authentication, the post data is preserved during the authentication phase.
Default: Yes
To disable POST preservation, set the value of the PreservePostData parameter to no.
The Policy Server can authenticate users against a SafeWord authentication server, including users who are logging in via SafeWord hardware tokens.
One of the prerequisites for using the SafeWord forms-based authentication scheme is to have a customized safeword.fcc file residing on a web server where the SiteMinder Web Agent is installed. This web server must be in the cookie domain in which you implement HTML Forms authentication.
The safeword.fcc file defines the forms that a user sees during SafeWord authentication. Depending on the value of the authentication code sent by the Policy Server to the credential collector, the form that the user is asked to fill out changes. In the safeword.fcc file you can see the different text for each authentication code, as indicated by the directive smauthreason.
To customize the safeword.fcc file for your enterprise, you can modify the HTML layout of the form but not the type of credentials that the user must provide for a particular form. You may also want to modify the form logo. The file uses ISO-8859-1 encoding.
The sample safeword.fcc file is located in the directory:
web_agent_home/Samples/Forms
Note: For more information, see the Policy Server documentation.
Beginning with Web Agent 5.x QMR1, n FCC file named loginusername.fcc was provided for use with the Passport authentication scheme. If you configure SiteMinder to use this form, when a user requests a protected resource, SiteMinder will:
To use the loginusername.fcc file:
Note: For more information, see the Policy Server documentation.
Note: For more information, see the Policy Server documentation.
You can add these advanced features to the Agent configuration file or an Agent Configuration Object.
Copyright © 2012 CA.
All rights reserved.
|
|