Layer7 Access Management

Tech Tip - CA Single Sign-On: Saving user login credentials

By wonsa03 posted 06-08-2016 11:54 PM


CA Single Sign-On Tech Tip by Sau Lai Wong, Senior Support Engineer for 9th June 2016



When a user chooses to have credentials saved, the Policy Server instructs the Web Agent to create a persistent cookie with the user's credentials. The cookie remains in place for the duration specified in the SaveCredsTimeout configuration parameter for the Agent. The default is 30 days. The cookie allows Web Agents to authenticate a user based on the credentials saved in the cookie, rather than challenging the user to authenticate.



How to setup form authentication with the option to have credentials saved for future use and how does this feature works?



Apply to all R12.x webagents.



OOTB, Siteminder webagent installation includes a sample login form that incorporates the saved credentials feature -- savecreds.fcc. For starter, setup HTML Form Authentication referencing savecreds.fcc with "Allow this Scheme to Save Credentials" option checked. Protect resources with this authentication scheme and check the option "Remember my Username and Password" on the login form upon login.


As user is authenticated by Siteminder, SMSESSION (can be a transient cookie depending on the ACO parameter) and SMDATA (persistent cookie) cookies are generated. The SaveCredsTimeout ACO parameter governs the SMDATA expiration while the realm timeout settings (can be overridden by WebAgent Session Timeout response) governs the SMSESSION cookie expiration. SMDATA cookie stores the user credentials while SMSESSION cookie stores the user session details. During the time interval when the SMDATA cookie is valid, Web Agent authenticates the user with the data stored in the cookie. After this time interval expires, SMDATA cookie is removed and the Web Agent challenges the user again.

1 view