Summary:
In this guide we will discuss how to collect additional attributes from the user during login beside username and password while using custom authentication scheme.
Environment:
- Policy Server : R12.0+
- OS : ANY
Instructions:
1. Modify the .fcc template file (login.fcc) to collect additional attribute
Add the following line at the beginning of the file:
@password=PASSWORD=%PASSWORD%&department=%department%
If the additional attributes have special characters, the line looks like the following sample:
@password=PASSWORD=%PASSWORD%&department=%urlencode(department)%
Where, ‘department’ is the new attribute that you are configuring to collect from the user during login.
Also, create a new text field to provide the additional parameter :
<input type=”text” name=”department” size=”30″ style=”margin-left: 1px”>
Let’s save this as a new customlogin.fcc file.
2. Create a custom authentication scheme in the Administrative UI to pass the path to the customlogin.fcc as a parameter to the custom authentication scheme class.
3. Modify the sample custom authentication scheme class as below :
Create a method to retrieve the redirect URL :
[code language=”java”]
/***
* The redirectURL is exepcted to be first parameter in the Auth scheme definition
* @param parameter
* @return
*/
String getRedirectURL(String parameter){
String redirectURL = parameter;
logInJavaUtilLogger(“parameter :”+redirectURL);
if (parameter.indexOf(‘;’) != -1)
{
String[] params = parameter.split(“;”);
redirectURL = params[0];
}
return redirectURL;
}
[/code]
Modify the query() method to redirect to the custom login page as specified in the Administrative UI:
[java]
else if (SmAuthQueryCode.SMAUTH_QUERY_CREDENTIALS_REQ == request)
{
//response.setResponseCode(SmAuthQueryResponse.SMAUTH_CRED_BASIC);
response.setResponseCode(SmAuthQueryResponse.SMAUTH_CRED_FORM_REQUIRED);
response.setResponseBuffer(getRedirectURL(parameter));
}
[/java]
Create a method to parse ‘Password’ field and extract additional parameters:
[java]
Map<String,String> parsePassword(String param)
{
logInJavaUtilLogger(“Inside parsePassword param is :”+param);
Map<String, String> map = new HashMap<String, String>();
String[] parts = param.split(“&”);
for (String keypair : parts) {
String[] keyval = keypair.split(“=”);
try {
map.put(keyval[0], URLDecoder.decode(keyval[1], “UTF-8”));
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return map;
}
[/java]
Invoke the parsePassword method to parse the password attribute:
[java]
//String additonalParams = theUserCredentialsContext.getPassword();
Map<String,String> paramMaps = <em><strong>parsePassword(theUserCredentialsContext.getPassword())</strong></em>;
String thePassword = paramMaps.get(“PASSWORD”);
logInJavaUtilLogger(“User Password :”+thePassword);
logInJavaUtilLogger(“Department :”+paramMaps.get(“department”));
[/java]
Testing:
1. Login :
2. Custom log output:
[text]
Sep 12, 2016 11:01:56 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::Inside parsePassword param is :PASSWORD=siteminder&department=<strong>ujwol%24%25^%26</strong>
Sep 12, 2016 11:01:56 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::<strong>User Password :siteminder</strong>
Sep 12, 2016 11:01:56 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::<strong>Department :ujwol$%^&</strong>
Sep 12, 2016 11:01:57 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::User Successfully Authenticated :shruj01
Sep 12, 2016 11:01:57 AM com.netegrity.sdk.javaauthapi.AuthApiSample logInJavaUtilLogger
FINE: AuthApiSample::FileLogger::parameter :<a class=”jive-link-external-small” href=”https://communities.ca.com/external-link.jspa?url=http%3A%2F%2Fiis-01.ca.com%2Fsiteminderagent%2Fforms%2Fcustomlogin.fcc” target=”_blank” rel=”nofollow noopener”>http://iis-01.ca.com/siteminderagent/forms/customlogin.fcc</a>
[/text]
Attachment:
- Sample customlogin.fcc customlogin.fcc
- Sample Custom Authentication Java class AuthApiSample
Additional Information:
- Search for “Collect Additional Attributes” in the Single Sign-on bookshelf
- Tech Tip – CA Single Sign-On:Policy Server:Custom Authentication scheme Debug Logging
- https://ujwols26.sg-host.com/custom-login-page/
2 Responses
How to make web-service call to my server in custom authentication template to decide user login, please help
Nice article. Here the custom authentication scheme accepts a department id from the user. Can this user selected department id value be injected as Http header?