Thursday, January 27, 2011

Post information to the login.fcc file

Title:  Post information to the login.fcc file (Legacy_Onyx KB Id: 190481)

Description:
We're trying to implement a simple functionality on our website. We would like to notify a user, which provides the wrong login credentials for the login with some text: "Invalid username or password was specified." but we don't want that the user gets redirected to a different page than the login.fcc page.

We tried different approaches with the DynamicRetry.fcc/DynamicRetry.unauth or with providing the clients browser with the SM_HTTP_ONJRECTTEXT variable or even the usage of the SMTEXT cookie...

But we failed in all 3 different approaches!

Could you please assist?

Solution:
We are generating our own cookie and grabbing the cookie through the javascript.
Below are the steps to configure:

1) Set a rule depending on what is your requirement.
--> OnAuthAttempt (This would be user not found in user store)
--> OnAuthReject (This would be the user password is incorrect)
--> OnAccessReject (This would be the user not authorized).

2) Set a response with the type "Webagent HTTP Cookie Variable".
--> You can set the cookie name to "NotAuthCookie"
--> The value, you can customize by putting something like "You are not authenticated, please try to login again".

3) Under the policy, bind the rule to the response together.

4) The next step would be to customize your login.fcc page.
--> You would need to add in javascript to grab the cookie called "NotAuthCookie" and its value.
--> Below is the sample javascript to be embedded to your login.fcc:

<SCRIPT LANGUAGE="JavaScript">
function resetCredFields()
{
document.Login.PASSWORD.value = "";
}

function submitForm()
{
document.Login.submit();
}

function getCookie(name)
{
var dc = document.cookie;
var prefix = name + "=";
var begin = dc.indexOf("; " + prefix);
if (begin == -1)
{begin = dc.indexOf(prefix);
if (begin != 0) return null;
}
else
{
begin += 2;
}
var end = document.cookie.indexOf(";", begin);
if (end == -1)
{
end = dc.length;
}
return unescape(dc.substring(begin + prefix.length, end));
}

document.write(getCookie("NotAuthCookie"));

</SCRIPT>

------------------------------
The above script has a function called getCookie which would grab the cookie that you wish to get the value.
Next, the document.write would be to display the output of the value returned from function getCookie.

2 comments:

  1. CA Siteminder Federation Online Training
    http://www.21cssindia.com/courses/ca-siteminder-federation-online-training-233.html
    Siteminder Federation course contents
    What is SAML and where did it come from?
    History of SAML
    SAML Technical Basics
    What is assertion and how the information flows in it
    Employees to learn at their own pace and maintain control of learning “where, when and how” with boundless access 24/7by 21st Century Software Solutions. contact@21cssindia.com - +9190004444287.

    ReplyDelete
  2. 21st Century SiteMinder Training Synopsis:

    Through a combination of presentations and hands-on lab work, the students will go through a complete SiteMinder implementation project, including installation, configuration, deploying agents, protecting applications, maintaining, and troubleshooting.

    Target Audience for Online CA SiteMinder Courses:

    This course is designed for Deployment Consultants, Architects and Administrators, who
    will be building, deploying and/or maintaining a SiteMinder infrastructure.
    21st Century Software Solutions. contact@21cssindia.com - +9190004444287.

    ReplyDelete