Introduction
If you are using custom login page, you may want to restrict the user from acccessing the OOTB login.fcc URLhttp://<FQDN>/siteminderagent/forms/login.fcc
This blog will guide you on how to achieve this.
Environment
- Policy Server : ANY
- Web Agent : 12.5 and above
Instructions
It is not possible to completely restrict the access to login.fcc as it needs to be unprotected resource and also needed as the custom login page needs to post to this.
However, what you can do is modify the login.fcc such that it will have only the bare minimum required content enough for the POST request but not not enough for GET requests (direct access)
If you are using login.fcc ONLY for POST request then it is sufficient to have just the following content in it. (The error message is optional off-course)
<!-- SiteMinder Encoding=UTF-8; -->
@username=%USER%
@smretries=0
<b><font size="5" color="red">DO NOT USE THIS PAGE DIRECTLY !</font></b>
Please note :
- If ACO parameter localization=no, the default login.fcc used is :
<webagent_install_directory>\samples\forms\login.fcc
- If ACO parameter localization=yes, the default login.fcc used is :
<webagent_install_directory>\samples\forms_<locale>\login_<locale>.fcc
e.g. for en-US locale it would be :
<webagent_install_directory>\samples\forms_en-US\login_en-US.fcc
TESTING:
1. Direct access :
2. Custom login page still works :
Attached : Fiddler
Addtional References :
Custom Login Page