|
|
|
The Scheme Setup tab for Impersonation authentication is where you enter the server, target and attribute list for the Impersonation authentication scheme.
Fully qualified domain name of the web server on which the FCC was installed.
Note: IP addresses are not supported.
The server does not have to be the same server on which the Agent is installed. Domain names must contain at least 2 periods and be specified using the following format:
servername.host.com:[port]
Example: server1.security.com. The port is only required for communication over a non-default port.
This name is case-sensitive. For information about cookie domains, see the SiteMinder Web Agent Guide.
Note: If your network includes multiple cookie domains, you must configure a separate Impersonation authentication scheme in each cookie domain in which you want to implement impersonation.
Select this check box if you want SiteMinder to use an SSL connection to process authentication for impersonation.
Path and .fcc file used by the scheme.
The default path points to a /forms subdirectory under the /siteminderagent virtual directory on the Web server specified in the Server Name field. The directory and the default .fcc file were created during Web Agent installation. The default target specifies the imp.fcc file, a sample file that can be customized. For information about .fcc file requirements for impersonation, see Impersonation.
(Optional) Impersonatee attributes, other than user name, that will be specified by an impersonator.
When listing attributes, begin with AL= and use commas to separate the user attribute names.
Example: AL=age,zipcode
The AL= is a SiteMinder notation that indicates the list of attributes that should be considered. By default, the list of attributes is considered an AND-style query. The Policy Server compares all of the attribute values collected from the user to the corresponding attribute values in the user directory. If all of the attribute values match exactly, the user will authenticate successfully.
Note: You can authenticate users with attributes that contain multiple values. To specify that an attribute has multiple values, prefix the attribute name with a carat (^).
Example: If you are using a multi-valued "mail" attribute to authenticate users, you would specify "AL=^mail" to indicate that "mail" is multi-valued. A user can provide one of the valid values to successfully authenticate.
Limit: The values of a multi-valued attribute should not contain a carat. A value that contains a carat introduces the possibility of users being improperly authenticated. For example, if a value is 123^456, a user would be able to authenticate with 123 and 456, in addition to 123^456.
In order for SiteMinder to collect additional attributes, the .fcc file used by SiteMinder to generate a form for impersonation must be modified to include the attributes.
When using additional attributes in an impersonation scheme, consider the following:
Note: If you have installed the CA Software Development Kit, you can use the SiteMinder authentication API (see the Developer’s Guide for C) to define additional notations.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |