Hi All,
I am using a custom login.aspx in my environment and using it to post the credentials to the SiteMinder login.fcc page. The flow is working fine but the URL contains the password,target and user id in clear text. I need to fix this ASAP as it is highly unsecure. Here is my custom page:-
<form action="/siteminderagent/forms/login.fcc" method="post">
....
<td><P><span>Username :</span></P></td>
<td><P><input name="USER" type="text" value="" style="width:150px" /></P></td>
....
<td><P><span>Password :</span></P></td>
<td><P><input name="PASSWORD" type="password" value="" style="width:150px" /></P></td>
....
<INPUT TYPE=HIDDEN NAME="SMENC" VALUE="ISO-8859-1">
<INPUT type=HIDDEN name="SMLOCALE" value="US-EN">
<input type=hidden name=target value="http://HOSTNAME/test">
<input type=hidden name=smquerydata value="$$smquerydata$$">
<input type=hidden name=smauthreason value="$$smauthreason$$">
<input type=hidden name=smagentname value="$$smagentname$$">
<input type=hidden name=postpreservationdata value="$$postpreservationdata$$">
<div class="formRow">
<P><input name="submit" type="submit" value="Login" />
<input name="Reset" type="reset" /></P>
Iam also using the secureURL ACO parameter and its not working for me. If I am removing all directives other then the target above its working with clear text passwords and other things in URL but as soon as I am putting smquery directive( to encrypt) its giving internal server error.
ANy help would be appreciated.
Thanks,
Ashish Vashistha
+91-8130233066