Symantec Access Management

  • 1.  login.fcc and SMAuthreason

    Posted Jun 10, 2018 02:00 AM

    Hello All,

     

    Looking to understand how login.fcc functions (flow) and how credentials fetched from login.fcc reach policy server for authentication/Authorization (i understand web agent helps in that- but how i.e. flow)? How the SMAuthreason codes are generated and placed in HTTP_SM_AUTHREASON (i understand Policy server does that post authentication, but from where and how the codes are fetched - flow?). Also, relation of password policies and SMAuthreason?

     

    Thank You

    Ankur Taneja



  • 2.  Re: login.fcc and SMAuthreason
    Best Answer

    Posted Jun 11, 2018 07:34 AM

    Hi Ankur,

     

    SiteMinder credential collector is an application within the Web agent that gathers specific user credentials to authenticate a user. The credentials gathered by the credential collector are based on the type of authentication scheme configured for a particular group of protected resources. For forms-based authentication, credentials are collected by the Forms Credential Collector (FCC) process. The default extension for FCC files is (naturally enough) 'FCC'. The FCC process files are composed in a simple mark-up language that includes HTML and some custom notation. This file contains the custom form definition and additional information that the FCC uses to process HTML forms-based authentication. The FCC extracts credentials that a user enters in the form generated from the FCC file. For example, the Web agent is installed with a form called login.fcc, which we can use for login purposes.

     

    When user enters the credentials on the login page, webagent will take them and put it into FCC and pass the same to the policy server. Policy server checks the user credentials against the User Directory and returns the SMAUTHRESON based the results.

    Below is the link which has complete details on reason codes.

    SMAUTHREASON reason code document (Legacy_Onyx KB - CA Knowledge 

     

    If password policy is enabled then policy server will apply password policy on the user and returns reason code based on the results. 

    Please refer below link which has an example.

    Policy-server smauthreason codes: ErrorMessageIsRedirect 

     

    Hope this helps.

     

    Thanks,
    Sharan



  • 3.  Re: login.fcc and SMAuthreason

    Posted Jun 22, 2018 06:17 AM

    Sharana Apologies for the late reply, Thanks the above is quite helpful