Patrick-Dussault

Tech Tip : CA Single Sign-On : Custom login page to POST to login.fcc with SecureURLs enabled

Discussion created by Patrick-Dussault Employee on Oct 4, 2018

Introduction:

 

Use custom login page to POST to login.fcc with SecureURLs=yes.

If this is not setup correctly, webagent trace will logged the following error:

[CSmHttpPlugin::ProcessResource][Error. Unable to handle request in Secure mode.]

With SecureURLs enabled, Web Agent encrypts all SiteMinder query parameters (e.g: smagentname, target) in a redirect URL, further securing Agent interactions. All the query
parameters are grouped into a single query parameter called SMQUERYDATA.

 

Background:

 

You can use the OOTB login.fcc. However, if you are using custom FCCs, you must add the smquerydata directive along with other FCC directives, such as TARGET to the custom
FCC.
< >Customize custom login page (ASP/ JSP page) to extract the SMQUERYDATA from the redirect response, append the SMQUERYDATA to the subsequent POST request as query
string and as POST data.

 

Instructions:

 

SETUP

 

1 1. Setup form authentication scheme that reference the custom login page e.g: login.asp.
2 2. Customize the login.asp to extract the SMQUERYDATA from the redirect response, POST to login.fcc with SMQUERYDATA appended to the URL as query string and as POST
data.
3 3. Customize the login.fcc to include the following directive: <INPUT type='hidden' name='smquerydata' value='$$smquerydata$$'>
4 4. Apply this authentication scheme for a protected realm.

POINTERS

HTTP Header trace will capture the POST data and request redirections. The trace will help to identify the failing point within the login process.

 

Additional Information:

 

This has been incorporated into the documentation. Please visit
docops.ca.com for your version for updated information

 

KB : KB000056337

Outcomes