|
|
|
The Scheme Setup tab for HTML Forms authentication is where you enter the server, target and attribute list for the HTML Forms authentication scheme.
Specifies the fully qualified domain name of the web server on which the FCC was installed.
Note: IP addresses are not supported.
The server does not have to be the same server on which the Agent is installed.
Domain names must contain at least 2 periods and be specified using the following format:
servername.host.com:[port]
Example: server1.security.com.
This name is case-sensitive. The port is only required for communication over a non–default port.
For information about cookie domains, see the SiteMinder Web Agent Guide.
Note: If your network includes multiple cookie domains, you must configure a separate HTML Forms authentication scheme in each cookie domain in which you want to implement HTML Forms authentication.
Select this check box to use an SSL connection to process HTML Forms authentication.
Path and .fcc file used by the scheme.
The default path points to a virtual directory on the Web server specified in the Server Name field that was created during installation. The default target specifies the login.fcc file, a sample file that can be customized.
Select this check box to allow user credentials to be saved.
You can use the special smsavecreds name/value pair in your .fcc file to allow a user to save their login credentials. If you select this check box and the .fcc file has an appropriate input (such as a check box on your HTML form), users may choose to save their login credentials so they can be used automatically the next time they log into the Web site.
When a user chooses to have credentials saved, the Policy Server instructs the Web Agent to create a persistent cookie with the user’s credentials. The cookie remains in place for the duration specified in the SaveCredsTimeout configuration parameter for the Agent. The default is 30 days. The cookie allows Web Agents to authenticate a user based on the credentials saved in the cookie, rather than challenging the user to authenticate.
(Optional) Attributes other than user name that will be collected from the user.
When listing attributes, begin with AL= and use commas to separate the user attribute names.
Example: AL=PASSWORD,age,zipcode
The AL= is a SiteMinder notation that indicates the list of attributes that should be considered. By default, the list of attributes is considered an AND-style query. The Policy Server compares all of the attribute values collected from the user to the corresponding attribute values in the user directory. If all of the attribute values match exactly, the user will authenticate successfully.
Note: You can authenticate users with attributes that contain multiple values. To specify that an attribute has multiple values, prefix the attribute name with a carat (^).
Example: If you are using a multi-valued "mail" attribute to authenticate users, you would specify "AL=^mail" to indicate that "mail" is multi-valued. A user can provide one of the valid values to successfully authenticate.
Limit: The values of a multi-valued attribute should not contain a carat. A value that contains a carat introduces the possibility of users being improperly authenticated. For example, if a value is 123^456, a user would be able to authenticate with 123 and 456, in addition to 123^456.
In order for SiteMinder to collect additional attributes, the .fcc file used by SiteMinder to generate a form for HTML Forms authentication must be modified to include the attributes.
When using additional attributes in an HTML Forms scheme, consider the following:
Note: If you have installed the CA Software Development Kit, you can use the SiteMinder authentication API (see the Developer’s Guide for C) to define additional notations.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |