Symantec Access Management

Hi,

I was wondering what's the best practice to display error messages.

Ideal Behavior : I have a custom login.fcc that has a username and password field. If the user enters invalid credentials, it should display a message like "Invalid Credentials" on the same FCC.

I've been doing this through cookies. I configure a Auth failed, auth attempt and authorization failed responses that set a cookie "SSO_ERROR_MESSAGE" upon any of these events. The FCC has javascript that reads this cookie and displays it on the page. I set this cookie to a   upon authorization success so that it clears it.

I run into an issue when I turn on HTTPOnly cookie flag in the ACO. Suddenly all cookies set by siteminder are unreadable to javascript, thus breaking this solution.

Is there any alternate to this? What's the best practice to display these error messages?

Regards,

Anand.

Hi Anand,

Setting the HttpOnly attribute means that client side Javascript cannot read the cookie.

Instead setting cookie variable, try setting header variable (Response attribute: Webgent-HTTP-Header-Variable).

Best regards,

Kelly

This solution might not work as well. As JavaScript can't read HTTP header variable sent for the current loaded resources. It can do so by initiating a new request for the same resource again but that may or may not result in the same response headers.

This solution would have worked, if the login page was custom built using some server side technologies like ASP/JSP etc.

Thanks wonsa03 and Ujwol

Is there any native support for it in the fccs? maybe something with retry count?

Regards,

Anand.

Hi Anand,

In fcc page, there is smretries that you can set for retry allowed

@smretries=0

With above, it means the end user can retry infinite.If you set to

@smretries=2

this mean user can only try 2 times with credentials, if it doesn't match, then it will redirect to login.unauth (Assume you are using login.fcc, the login.unauth resided at same path as login.fcc). At login.unauth, you can customize the error message. In my testing environment, I have following at login.unauth to inform the end user:

Snippet from login.unauth

###

          <td NOWRAP WIDTH="100%" BGCOLOR="#FFEFD5" height="26"><font face="Arial, Helvetica">Your credentials are not valid for $$target$$.</font></td>

        </tr>

        <tr>

          <td WIDTH="5" HEIGHT="25"></td>

          <td NOWRAP WIDTH="100%" BGCOLOR="#FFEFD5" height="26"><font face="Arial, Helvetica">Please

          contact your Security Administrator or Help Desk.</font></td>

        </tr>

###

Hope this gives you some alternate to print the message.

Thanks.

Kar Meng