Tech Tip : How to collect additional attribute using custom authentication

custom login

 

Summary:

In this guide we will discuss how to collect additional attributes from the user during login beside username and password while using custom authentication scheme.

Environment:
  • Policy Server : R12.0+
  • OS : ANY
Instructions:

1. Modify the .fcc template file (login.fcc) to collect additional attribute

Add the following line at the beginning of the file:

@password=PASSWORD=%PASSWORD%&department=%department%

If the additional attributes have special characters, the line looks like the following sample:

@password=PASSWORD=%PASSWORD%&department=%urlencode(department)%

Where, ‘department’ is the new attribute that you are configuring to collect from the user during login.

Also, create a new text field to provide the additional parameter :

<input type=”text” name=”department” size=”30″ style=”margin-left: 1px”>

Let’s save this as a new customlogin.fcc file.

2. Create a custom authentication scheme in the Administrative UI to pass the path to the customlogin.fcc as a parameter to the custom authentication scheme class.

custom_authentication_scheme

 

3. Modify the sample custom authentication scheme class as below :

Create a method to retrieve the redirect URL :

[code language=”java”]

/***
* The redirectURL is exepcted to be first parameter in the Auth scheme definition
* @param parameter
* @return
*/
String getRedirectURL(String parameter){
String redirectURL = parameter;
logInJavaUtilLogger(“parameter :”+redirectURL);
if (parameter.indexOf(‘;’) != -1)
{
String[] params = parameter.split(“;”);
redirectURL = params[0];
}
return redirectURL;
}

[/code]

 

Modify the query() method to redirect to the custom login page as specified in the Administrative UI:

[java]

else if (SmAuthQueryCode.SMAUTH_QUERY_CREDENTIALS_REQ == request)
{
//response.setResponseCode(SmAuthQueryResponse.SMAUTH_CRED_BASIC);
response.setResponseCode(SmAuthQueryResponse.SMAUTH_CRED_FORM_REQUIRED);
response.setResponseBuffer(getRedirectURL(parameter));
}

[/java]

 

Create a method to parse ‘Password’ field and extract additional parameters:

[java]

Map&lt;String,String&gt; parsePassword(String param)
{
logInJavaUtilLogger(“Inside parsePassword param is :”+param);
Map&lt;String, String&gt; map = new HashMap&lt;String, String&gt;();

String[] parts = param.split(“&amp;”);

for (String keypair : parts) {
String[] keyval = keypair.split(“=”);
try {
map.put(keyval[0], URLDecoder.decode(keyval[1], “UTF-8”));
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

}

return map;

}

[/java]

 

Invoke the parsePassword method to parse the password attribute:

[java]

//String additonalParams = theUserCredentialsContext.getPassword();
Map&lt;String,String&gt; paramMaps =&nbsp;<em><strong>parsePassword(theUserCredentialsContext.getPassword())</strong></em>;
String thePassword = paramMaps.get(“PASSWORD”);
logInJavaUtilLogger(“User Password :”+thePassword);
logInJavaUtilLogger(“Department :”+paramMaps.get(“department”));

[/java]

Testing:

1. Login :

2. Custom log output:

[text]

Sep 12, 2016 11:01:56 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::Inside parsePassword param is :PASSWORD=siteminder&department=<strong>ujwol%24%25^%26</strong>
Sep 12, 2016 11:01:56 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::<strong>User Password :siteminder</strong>
Sep 12, 2016 11:01:56 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::<strong>Department :ujwol$%^&</strong>
Sep 12, 2016 11:01:57 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::User Successfully Authenticated :shruj01
Sep 12, 2016 11:01:57 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::parameter :<a class=”jive-link-external-small” href=”https://communities.ca.com/external-link.jspa?url=http%3A%2F%2Fiis-01.ca.com%2Fsiteminderagent%2Fforms%2Fcustomlogin.fcc” target=”_blank” rel=”nofollow noopener”>http://iis-01.ca.com/siteminderagent/forms/customlogin.fcc</a>

[/text]

Attachment:
Additional Information:
Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

2 Responses

  1. Nice article. Here the custom authentication scheme accepts a department id from the user. Can this user selected department id value be injected as Http header?

Leave a Reply