Siteminder 12.52 SP1OS : Windows2008Working on Social media Facebook authentication using Oauth 2.0Can we add custom attribute to login.fcc and consume that attribute in policy. say if customer is coming from Facebook I will use the attribute to Yes/No. I will check the domain policy for the user if NO redirect to STEPUP page if YES it will land to End App.
Similar questions posted on Community.Pass custom data to fcc
I have created an attribute called xyz, which will be encapsulated on the browser. need more information on this logic
So what's ur doubt? The above thread does have couple of options explained.
If using custom auth, another option is:
Thank you for the link, I am not looking to create the attribute but want to create the directive for the attribute in login.fcc. Browser will be looking for specific value if value exist sends user to app if not ask for step up authentication.going forward I want to use that directive.
You cannot create directive for custom attributes.
I believe when you said you have created attribute called XYZ, you meant, this is one form attribute in the login.fcc ?
The list of available directives are fixed and predefined. Some example of directives are :
If your requirement is just to save the value for the this custom XYZ attribute for that session, then you can probably use @save directive to instruct web agent to save it in the cookie.
You can then later use it on the subsequent client side code by accessing the cookie.
Sample is here :
Tech Tip : CA Single Sign-On : Web Agent : Pre-fill username during step up authentication
Ujwol,The above information really helps, but is there a best way to get the browser cookie to domain policies.
Our current Login page is customized to .aspx page, submits action to login.fcc
Now want to implement a step-up page controlled by .aspx so the flow will be something like this
Read cookie from browser if not present the redirect to step up page otherwise to app
Solution we are thinking of :
Customize .fcc with either directive [cookie] or concat with @password
Question 1: can we read cookie from browser on login.fcc?Question 2: if yes, how can we use that in domain policy to redirect on AuthAccept ?Question 3: Can we use SP initiated Fed with #2 ?Question 4: if No, what is the alternative ?
Question 1: can we read cookie from browser on login.fcc?
Ujwol => YES, you can read the cookie in login.fcc. Sample on how to do this is on the KB that I provided earlier :
Question 2: if yes, how can we use that in domain policy to redirect on AuthAccept ?
Ujwol => No, the cookies are available only at the web server level, they aren't available for Policy server.
If you want to access this at the server side, you should look at FORM POST VARIABLE with which you can SAVE the custom attribute during login in the Variable which can be later used in the User Policy
Question 3: Can we use SP initiated Fed with #2 ?
Ujwol => Please clarify on this .
Question 4: if No, what is the alternative ?
Ujwol => Think we already discussed couple of alternatives here.