CA Single Sign-On Tech Tip by Sau Lai Wong, Senior Support Engineer for 20th August 2015
OVERVIEW
Use custom login page to POST to login.fcc with SecureURLs=yes.
If this is not setup correctly, webagent trace will logged the following error:
[CSmHttpPlugin::ProcessResource][Error. Unable to handle request in Secure mode.]
With SecureURLs enabled, Web Agent encrypts all SiteMinder query parameters (e.g: smagentname, target) in a redirect URL, further securing Agent interactions. All the query parameters are grouped into a single query parameter called SMQUERYDATA.
REQUIREMENTS
- You can use the OOTB login.fcc. However, if you are using custom FCCs, you must add the smquerydata directive along with other FCC directives, such as TARGET to the custom FCC.
- Customize custom login page (ASP/ JSP page) to extract the SMQUERYDATA from the redirect response, append the SMQUERYDATA to the subsequent POST request as query string and as POST data.
SETUP
- Setup form authentication scheme that reference the custom login page e.g: login.asp.
- Customize the login.asp to extract the SMQUERYDATA from the redirect response, POST to login.fcc with SMQUERYDATA appended to the URL as query string and as POST data.
- Customize the login.fcc to include the following directive: <INPUT type='hidden' name='smquerydata' value='$$smquerydata$$'>
- Apply this authentication scheme for a protected realm.
POINTERS
HTTP Header trace will capture the POST data and request redirections. The trace will help to identify the failing point within the login process.