Joydeep joydeepdasgupta
Why would a custom authentication scheme be invoked "AFTER" posting to login.fcc? Could we have this flow explained better. After posting to login.fcc only 2 things could happen i.e. either a successful login OR a failed login. On Successful login user is redirected to Target. On failed login user is taken back to login page.
Directives in login.fcc are specific to hold SiteMinder specific information.
However there is a Technote About Login in with Additional Attributes, let know if this helps your cause.
Login Authentication With Additional Attributes
Let's Assume that you want to authenticate with a login form and in addition to the username and password you want to specify the LDAP attribute 'telephonenumber'.
Step 1 - Create Customer FCC form
- Generally you can use the login.fcc file from the samples/form directory as a start
- Add the following line to the beginning of the file:
- @password=PASSWORD=%PASSWORD%&telephonenumber=%NUMBER%
- The '@password=' portion tells siteminder to store the following parameters in the password portion of the response.
- The 'PASSWORD=%PASSWORD%' stores the value of the PASSWORD html form field in the password response, THIS IS REQUIRED for forms authentication to work when you add new attributes.
- After the password you specify the additional attributes you want to pass with the syntax 'attribute name=HTML form element name'. Note that the list of attribute is seperated by the ampersand (&).
Step 2 - Create the Authentication Scheme
- Create the authetication sheme like you would create an authentication scheme for forms authentication.
- Under target enter the location of the new FCC form you created
- Under Additional attributes enter the attribute list starting with 'AL='. For our example you would enter: AL=PASSWORD,telephonenumber
- The PASSWORD attribute ALWAYS needs to be specified for this authentication method to work correctly
Step 3 - Create Realm / Rules / Responses and Policies
- Now all you need to do is create your realms, rules, responses and policies the same way you would using the normal forms login authentication scheme
Regards
Hubert