Symantec SiteMinder

 View Only

Tech Tip : CA Single Sign-On :: Web Agent::How to restrict user from using login.fcc directly

By Ujwol posted Feb 13, 2018 07:00 PM




If you are using custom login page, you may want to restrict the user from acccessing the OOTB login.fcc URL


This blog will guide you on how to achieve this.



  • Policy Server : ANY
  • Web Agent : 12.5 and above


It is not possible to completely restrict the access to login.fcc as it needs to be unprotected resource and also needed as the custom login page needs to post to this.

However, what you can do is modify the login.fcc such that it will have only the bare minimum required content enough for the POST request but not not enough for GET requests (direct access)


If you are using login.fcc ONLY for POST request then it is sufficient to have just the following content in it. (The error message is optional off-course)

<!-- SiteMinder Encoding=UTF-8; -->

<b><font size="5" color="red">DO NOT USE THIS PAGE DIRECTLY !</font></b>


Please note : 

  • If ACO parameter localization=no, the default login.fcc used is : 


  • If ACO parameter localization=yes, the default login.fcc used is : 


e.g. for en-US locale it would be :




1. Direct access : 

2. Custom login page still works :

Attached : Fiddler


Addtional References :

Custom Login Page