SSO Help

An Online Community for Identity & Access Management Professionals

David Saraiva

Siteminder custom login page - how to post to FCC

With Siteminder, it is possible to use a custom login page for HTML forms authentication (other than the default login.fcc).  This custom login page can be a .html file, .asp file, .jsp, file, etc.  In order to properly authenticate users, this custom page will need to perform a POST to the .fcc.  Here are the basic steps to get this to work:
  • In the System tab of the Siteminder admin UI, right-click on Authentication Schemes and select Create Authentication Scheme
  • For Authentication Scheme Type, select HTML Form template
  • Enter the fully qualified name of the web server hosting your login page
  • For Target, enter the relative path to your custom page.  By default, this will be set to "/siteminderagent/forms/login.fcc".  As an example, you may want to set it to "/mycustompages/login.asp"
  • In your custom login page ("/mycustompages/login.asp"), make sure the form posts to the login.fcc.  The example below assumes you are using the default login.fcc located in the forms directory:  
    • <form id="myform" name="myform" method="POST" action="/siteminderagent/forms/login.fcc"
  • Also, your custom login page must contain the following parameters (which Siteminder expects to be present on the POST request to the .fcc):
    • <input type=text name="USER">
    • <input type=password name="PASSWORD">
    • <input type=hidden name=target value="<%=Request.QueryString("target")%>">      [note: in this example, we are parsing the target from the query string.  you could also hardcode it]
    • <input type=hidden name=SMAUTHREASON value="0">
  • Assuming your Web Agent has been properly configured, when users now attempt to access Realms protected using this new Authentication Scheme, they will be redirected to your custom login page. 
  • After entering their credentials and submitting the form, the POST to the FCC will take place which will authenticate the user and redirect them to the original protected target.
Update: If the web server you are posting to is either IIS 6 or Apache 2-based( framework agents), there is an additional parameter that you must include in your code:

<input type=hidden name=smagentname value="$$smagentname$$">

Last updated by David Saraiva Jul 16, 2010.

CoreBlox Blog

Configuring OpenLDAP as a SiteMinder Policy Store

Setting the Windows Security Context with SiteMinder

Radiant Logic Blog

Matt Flynn's IDM Blog

Access Governance Continuum

Identity Solutions and Unstructured Data

The Most Powerful Voices in Security

IdentityStuff

Don' Mess with Texas, unless you are the FBI...

Backstopp - The Morning After Pill for Identity Management?

Ash's IdM Rantings

Identropy Reviews Cutting Identity Management Operating Costs

Regarding a Potential Way Forward for SPML

IAM Failures...Product or Services?

Burton Group: Identity Mgt Blog

This Thing is OFF (in a good way). BONUS: Catalyst SPML SIG

Catalyst Europe is Coming Up Fast!

SPML: Life Support Redux

IdM Thoughtplace

Calling all Dispatchers

Tutorial Follow up

Cutting the Gordian Provisioning Knot

Identity Thought Stream

F*** it, I'm lighting 100 candles - Entitlement Management 2012

Book Review - Grouped

IBM Dropping Tivoli Brand from IAM Suite

Jackson's Identity Management & Active Directory Reality Tour Travelblog

Multifactor Authentication for Dummies

SCIM, PEX and what the parrot saw

Sudo video

Discovering Identity

How Many iPhone Apps Do You Use?

Oracle Street in Mesa, Arizona

Identity Services for Cloud Computing

© 2012   Created by CoreBlox

Badges  |  Report an Issue  |  Terms of Service