sgvill
asked on
How to pass Siteminder HTML Forms user/password information
I am using SiteMinder 5.5 on Windows 2000 platforms protecting IIS websites and would like to do the following: I would like to find a way to dynamically pass User/Password information to the .fcc HTML Form security (if there is a better way, it doesn't _have_ to be this security settup). Ideally, I would go to a preliminary page which would gather the credentials server side (because these are all internal people and will have been logged into our LAN already) and then pass them to the Form security and, without user interaction, let SiteMinder authenticate and authorize them just as if they had typed in their user/password. I think this is similar to the following question:
https://www.experts-exchange.com/questions/20451852/SiteMinder-Login-Page-question.html
But it was closed by the author saying he found the solution, but he didn't post it. :( Any examples would be greatly appreciated, although if you could point me in the right direction, that would be helpful, too! Thanks! :)
Steve
https://www.experts-exchange.com/questions/20451852/SiteMinder-Login-Page-question.html
But it was closed by the author saying he found the solution, but he didn't post it. :( Any examples would be greatly appreciated, although if you could point me in the right direction, that would be helpful, too! Thanks! :)
Steve
ASKER
Yes, they will be logged into the LAN using AD. I don't want to point SiteMinder to AD, though, because then i have to pay for every named user in AD, even though only a small subset need it. So, I'd like to gather the UserID from NT through an ASP page, and pass that to an .fcc page, for instance, automatically submitting the username with no password. In the SQL directory server, I will have only the usernames of those who need siteminder, with no passwords. Therefore, if someone is logged into the network, they will not have to log in again to SiteMinder, but will only be authenticated if they exist with the proper securities in the SiteMinder user directory.
I think that SiteMinder does use Cookies to store user/sessions.
I think that SiteMinder does use Cookies to store user/sessions.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, I know how to do that (point it to AD), but thats not the solution i want. I'd like to know how to go through an .asp script and then pass the user/password information to the .fcc file. (or straight to siteminder) .
Steve
Steve
sorry, no glue about .asp
but there should be a function to get usernames and credentials
but there should be a function to get usernames and credentials
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was finally able to solve my original question.
I used the following vbscript to load certain variables:
DIM sValue, sURL, sPass, sTarget, sReason
sValue = Request.ServerVariables("L OGON_USER" )
sValue = mid(sValue,instr(1,sValue, "\") + 1,len(sValue)-instr(1,sVal ue,"\"))
sPass = "dummypassword"
sTarget = Request.QueryString.Item(" TARGET")
sReason = Request.QueryString.Item(" REASON")
Then I created a form as follows:
<FORM NAME=PWChange ACTION="login.fcc" METHOD=POST>
...
<input type=hidden name=user value="<%=sValue%>" >
<input type=hidden name=password value="<%=sPass%>">
<input type=submit value="Login">
<input type=hidden name=target value="<%=sTarget%>">
<input type="hidden" name=smauthreason value="<%=sReason%>">
....
</FORM>
The login.fcc is a standard login screen provided by SiteMinder in their samples directory. The script above provides a button to press that submits it to login.fcc and authenticates. I've also made it work by submitting the form on an "onload" event, so there is no user interaction at all.
Thanks for all the ideas!
Steve
I used the following vbscript to load certain variables:
DIM sValue, sURL, sPass, sTarget, sReason
sValue = Request.ServerVariables("L
sValue = mid(sValue,instr(1,sValue,
sPass = "dummypassword"
sTarget = Request.QueryString.Item("
sReason = Request.QueryString.Item("
Then I created a form as follows:
<FORM NAME=PWChange ACTION="login.fcc" METHOD=POST>
...
<input type=hidden name=user value="<%=sValue%>" >
<input type=hidden name=password value="<%=sPass%>">
<input type=submit value="Login">
<input type=hidden name=target value="<%=sTarget%>">
<input type="hidden" name=smauthreason value="<%=sReason%>">
....
</FORM>
The login.fcc is a standard login screen provided by SiteMinder in their samples directory. The script above provides a button to press that submits it to login.fcc and authenticates. I've also made it work by submitting the form on an "onload" event, so there is no user interaction at all.
Thanks for all the ideas!
Steve
Hi Steve,
I am also looking for the same solution, with no user interaction, pass ID to fcc.
Can you please provide me the example. The above example have a login button. Does it need user interaction?
I am also looking for the same solution, with no user interaction, pass ID to fcc.
Can you please provide me the example. The above example have a login button. Does it need user interaction?
sorry.. got the solution
<html>
<script >
function mthsubmit()
{
document.PWChange.submit() ;
}
</script>
<head>
</head>
<body onload="mthsubmit();">
<FORM NAME=PWChange ACTION="login.fcc" METHOD=POST>
<input type=hidden name=user value="" >
<input type=hidden name=password value="">
<input type=submit value="Login">
<input type=hidden name=target value="http://localhost/../default.aspx">
<input type="hidden" name=smauthreason value="0">
</FORM>
</body>
</html>
<html>
<script >
function mthsubmit()
{
document.PWChange.submit()
}
</script>
<head>
</head>
<body onload="mthsubmit();">
<FORM NAME=PWChange ACTION="login.fcc" METHOD=POST>
<input type=hidden name=user value="" >
<input type=hidden name=password value="">
<input type=submit value="Login">
<input type=hidden name=target value="http://localhost/../default.aspx">
<input type="hidden" name=smauthreason value="0">
</FORM>
</body>
</html>
do you mean that of AD authentication for example?
How does your SiteMinder identify users/sessions? with Cookies?