Symantec Access Management

Tech Tip : CA Single Sign-On :Policy Server:How to collect additional attribute using custom authentication

By Ujwol posted 09-11-2016 11:20 PM

  

Summary:

In this guide we will discuss how to collect additional attributes from the user during login beside username and password while using custom authentication scheme.

Environment:

  • Policy Server : R12.0+
  • OS : ANY

Instructions:

1. Modify the .fcc template file (login.fcc) to collect additional attribute

Add the following line at the beginning of the file:

@password=PASSWORD=%PASSWORD%&department=%department%

If the additional attributes have special characters, the line looks like the following sample:

@password=PASSWORD=%PASSWORD%&department=%urlencode(department)%

Where, 'department' is the new attribute that you are configuring to collect from the user during login.

 

Also, create a new text field to provide the additional parameter :

<input type="text" name="department" size="30" style="margin-left: 1px">

 

Let's save this as a new customlogin.fcc file.

 

2. Modify the custom authentication scheme in the Administrative UI to pass the path to the customlogin.fcc as a parameter to the custom authentication scheme class.

 

 

3. Modify the OOTB custom authentication scheme class as below :

 

Create a method to retrieve the redirect URL :

/***
* The redirectURL is exepcted to be first parameter in the Auth scheme definition
* @param parameter
* @return
*/
String getRedirectURL(String parameter){
String redirectURL = parameter;
logInJavaUtilLogger("parameter :"+redirectURL);
if (parameter.indexOf(';') != -1)
{
String[] params = parameter.split(";");
redirectURL = params[0];
}
return redirectURL;
}

 

Modify the query() method to redirect to the custom login page as specified in the Administrative UI:

 

else if (SmAuthQueryCode.SMAUTH_QUERY_CREDENTIALS_REQ == request)
{
//response.setResponseCode(SmAuthQueryResponse.SMAUTH_CRED_BASIC);
response.setResponseCode(SmAuthQueryResponse.SMAUTH_CRED_FORM_REQUIRED);
response.setResponseBuffer(getRedirectURL(parameter));
}

 

 

Create a method to parse 'Password' field and extract additional parameters:

 

Map<String,String> parsePassword(String param)
{
logInJavaUtilLogger("Inside parsePassword param is :"+param);
Map<String, String> map = new HashMap<String, String>();

 

String[] parts = param.split("&");

for (String keypair : parts) {
String[] keyval = keypair.split("=");
try {
map.put(keyval[0], URLDecoder.decode(keyval[1], "UTF-8"));
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

}

return map;

}

 

Invoke the parsePassword method to parse the password attribute:

//String additonalParams = theUserCredentialsContext.getPassword();
Map<String,String> paramMaps = parsePassword(theUserCredentialsContext.getPassword());
String thePassword = paramMaps.get("PASSWORD");
logInJavaUtilLogger("User Password :"+thePassword);
logInJavaUtilLogger("Department :"+paramMaps.get("department"));

 

Testing:

1. Login :

2. Custom log output:

 

Sep 12, 2016 11:01:56 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::Inside parsePassword param is :PASSWORD=siteminder&department=ujwol%24%25^%26
Sep 12, 2016 11:01:56 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::User Password :siteminder
Sep 12, 2016 11:01:56 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::Department :ujwol$%^&
Sep 12, 2016 11:01:57 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::User Successfully Authenticated :shruj01
Sep 12, 2016 11:01:57 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::parameter :http://iis-01.ca.com/siteminderagent/forms/customlogin.fcc

 

Attachment

  • Sample customlogin.fcc
  • Sample Custom Authentication scheme 

Additional Information:

0 comments
11 views

Permalink