![]() ![]() ![]() ![]() In an 12.52 SP1 environment, set the value of the parameter to no. When the value of the FCCCompatMode parameter is set to no, compatibility with 4.x Agents is disabled. This configuration permits the agents to interoperate. This setting which means that a form or NTLM credential cookie is written to the browser of the user is redirected back to the Agent before logging in. Framework Agents have the FCCCompatMode parameter is disabled by default.Įnabling this parameter makes a r5.x, r6.x, or 12.52 SP1 Agent handle forms and NTLM credential collection like a 4.x Agent. Traditional Web Agents have the FCCCompatMode parameter is enabled by default. Use Compatibility Mode-to enable a r5.x, r6.x, or 12.52 SP1 FCC/NTC to serve up forms for resources that are protected by 4.x agents or third-party applications, then enable the FCCCompatMode parameter. The following configuration options help FCCs and NTCs to operate with 4.x Web Agents: However, 4.x agents and third-party agents posting to the FCC and NTC do not pass the Agent name on the URL they send. To process requests, the FCC and NTC rely on the user credentials and the name of the Web Agent that is protecting the requested resource. This parameter is disabled by default, so the credential collector uses the value of the DefaultAgentName parameter as the agent name.Ĭonsider the previous implications before configuring credential collectors in a mixed environment. This behavior is determined by enabling the AgentNamesAreFQHostNames configuration parameter. If no Agent name mappings are configured, use the fully qualified host name of the target URL as the Agent name.If no Agent name is appended to the URL, use the mappings defined in the AgentName configuration parameter that is associated with the credential collector.Įach mapping in the AgentName parameter specifies the name and IP address of a host using that collector for its protected resources.Use the SMAGENTNAME query parameter that the original Agent adds to the query string of the URL as it redirects to the credential collector.To learn the Agent name, a credential collector uses the following process: The credentials that are supplied by the user.The name of the agent protecting the requested resource.Using credential collectors to log users in better secures user credentials because these credentials are not being passed around the network in cookies.Ī credential collector requires the following information to log a user in: Note: We recommend using credential collectors to log users in directly rather than setting cookies. In the newer CA SiteMinder® versions, the credential collector logs the user in to the Policy Server on behalf of the agent protecting the requested resource. 4.x type credential collectors placed a cookie in the browser of the user, and then redirected the user back to the original agent. Configure Credential Collectors in a Mixed Environmentįrom CA SiteMinder® r6.x to CA SiteMinder® 12.52 SP1, the credential collectors operate differently than the older 4.x type credential collectors do. ![]() Additional configuration steps are required for mixed mode deployments. This usage of credential collectors is named mixed mode. Later versions of CA SiteMinder® use a trusted host object on the Policy Sever instead of the shared secret security model.ĬA SiteMinder® supports using credential collectors between 4.x type and later agents. You can specify support for 4.x agent functions when creating an agent object in the CA SiteMinder® Administrative UI. Older versions of the CA SiteMinder® agent objects used a security model that featured a shared secret that is stored on the Policy Server and in the nf file. Web Agent Guides › Web Agent Configuration Guide › Forms Authentication › Using Credential Collectors Between 4.x Type and Newer Type Agents Using Credential Collectors Between 4.x Type and Newer Type Agents ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |