Web Agent response attributes are response attributes that SiteMinder Web Agents can interpret and pass on to other applications. The following is a list of generally available Web Agent response attributes:
Indicates an attribute that is reserved for future use.
Generates a SetCookie header, which then sets a nonpersistent cookie in a web browser. The cookies only exist in the cookie domain where the agent is configured. You can enter multiple WebAgent-HTTP-Cookie-Variables.
Limits: Use in accept or reject responses. Multiple instances of this attribute are allowed per response.
Specifies an arbitrary dynamic name/value pair for use by a web application. You can enter multiple WebAgent-HTTP-Header-Variables.
The agent does not include header variables in the responses that it sends back to a web browser. Instead, these responses reside in the request headers of the web server.
Consequently, the header variables are not visible in the debug logs that you can enable from the Policy Server Management Console.
Limits: Use in accept or reject responses. Multiple instances of this attribute are allowed per response.
Defines one of the following URLs, depending on the type of response in which it is used:
To specify whether an authorization response or authentication response, include it in a policy with a rule that specifies an OnAuthAccept or OnAccessAccept event action.
Limits: Use in accept responses. Only one instance of this attribute is allowed per response.
Specifies text that the Web Agent puts in the HTTP_ONACCEPT_TEXT environment variable when it redirects the user after a successful authorization or authentication attempt.
Limits: Use in accept responses. Only one instance of this attribute is allowed per response.
Note: When configuring a Web Agent OnAcceptText response, set the FCC Compatibility Mode parameter (fcccompatmode) corresponding to the Web Agent to yes. This ensures that user authentication takes place at the Web Agent and that the text in the response is available for display in the user's browser. If the FCC Compatibility Mode parameter (fcccompatmode) is set to no, user authentication takes place at the Forms Credential Collector (FCC), where the response is triggered, but the text in the response is lost.
Overrides the number of seconds a user session can be idle. When this limit is reached, the user is forced to authenticate again. Associate this response with a rule configured with an OnAuthAccept authentication event.
Limits: Use in accept responses. Only one instance of this attribute is allowed per response.
Overrides the total number of seconds a user session can be active. When this limit is reached, the user session is terminated and the user is forced to authenticate again. Associate this response with a rule configured with an OnAuthAccept authentication event.
Limits: Use in accept responses. Only one instance of this attribute is allowed per response.
Specifies an AuthContext response attribute for an authentication scheme. The value of this response attribute is added to the session ticket as the value of the SM_AUTHENTICATIONCONTEXT user attribute. The value is not returned to the client as a user response.
Note: The response attribute value is truncated to 80 bytes in length.
Limits: Used in accept responses. Only one instance of this attribute is allowed per response.
Defines one of the following URLs:
To specify an authorization response or authentication response, include it in a policy with a rule that specifies an OnAuthReject or OnAccessReject event action.
Limits: Use in reject responses. Only one instance of this attribute is allowed per response.
Specifies text that the Web Agent puts in the HTTP_ONREJECT_TEXT environment variable when it redirects the user after a failed authorization or authentication attempt.
Limits: Use in reject responses. Only one instance of this attribute is allowed per response.
Affiliate Agent response attributes are response attributes that SiteMinder Affiliate Agent can interpret and pass on to other applications at an affiliate Web site.
The following is a list of Affiliate Agent response attributes:
Note: For complete descriptions of the response attributes, see the Web Agent Configuration Guide.
RADIUS Agent response attributes are response attributes that RADIUS Agents can interpret. All of the response attributes supported by SiteMinder correspond to the attributes described in the Request for Comments (RFC) 2138, which describes attributes supported by the RADIUS protocol.
Directory mappings let you specify a separate authorization user directory in application object component or a realm. When you define a separate authorization directory, a user is authenticated based on the information contained in one directory, but authorized based on the information contained in another directory.
When you create a response and associate it with a authentication (OnAuth) event, any information retrieved from a user directory is retrieved from the authentication directory. If you create an authorization (OnAccess) event, any information retrieved from a user directory is retrieved from the authorization directory.
|
Copyright © 2012 CA.
All rights reserved.
|
|