Symantec SiteMinder

 View Only

Tech Tip - CA Single Sign-On:Web Agent: FORMCRED Cookie Explained

By Ujwol posted Sep 06, 2016 09:07 PM

  

Question:

What is FORMCRED cookie ?

Environment:

Web Agent Version : v6 and above

Answer:

On a POST to an FCC the FCC will generate a number of cookies. This includes the FORMSCRED cookie which is created when FCCCompatMode is set to the value YES. This cookies represents the old way of doing
forms login and should be considered deprecated.  The functionality only exists today to provide backwards compatibility with older SiteMinder installations.  The FORMCRED cookie is generated from the USERNAME and PASSWORD variables. In the default mode (FCCCOmpatMode="NO"), The FCC will log the user in directly and on successful authentication redirect the user back to the TARGET url with a SMSESSION cookie using SSO instead of FORMCRED credentials to access the TARGET.

 

The FORMCRED cookie is further encrypted using Agent Keys.

1 comment
3 views