Just wanted to see if anyone had any ideas or have done this before.
If I have some login.fcc files out there they will accept username + password POST data so long as the agent name, user, password is passed to it properly. Is there a good way, built-in or easily customized, to have CA SSO verify some additional parameter that only certain credential collectors would know?
Basically I want to restrict it from processing any POST request that didn't originate from a specific set of credential collector agents. If it got one from some other agent, it would deny it. I can't rely on the agent name, because that's not really a protected value in any way so not like it is hard to find a good one and just use that.
Preferably without a custom authentication scheme.
Hopefully that made sense. Anyone know if that is possible using the FCC files?