Can I submit a login form from an unprotected page and make the SiteMinder login page transparent?

Question

We have SiteMinder set-up to protect some pages, and not to protect others, based on the url:

http://mysite.com/unprot/page1.html
http://mysite.com/protec/page2.html

This works great. If I attempt to go to page2.html, the SiteMinder login fcc page shows, and with a 'good' authentication, I'm directed to page2.html (which I have specfied as the TARGET). And of course page1.html just shows-up, authenticated or not.

What I would like to know is how to move the login function off of the SiteMinder login fcc page, and onto a nice page, controlled by my web application.

The 'obvious' solution to me was to just view the source of the SiteMinder login fcc page, or look at the fcc file itself, lift the form specifics, and paste that form into page1.html (an unprotected resource) in my application. This seems not to work, though. The form comes up, but the form post does not do anything that I can tell. Apparently SiteMinder is not going to accept a form from my application; it only seems to work if SiteMinder served the form itself. There's some SiteMinder 'interception' going on (not sure what that is), so posting a form from my application just doesn't seem to be the same as posting a form from the fcc page.

So it would seem to me that I need to go through the SiteMinder login fcc page. Is that the correct approach? If so, and if I make my page1.html form post to the fcc page, how do I get that to transparently direct to the TARGET? Or is there a better way?

Answer 1

What you're trying to do will work. A few things to note:

• On your custom form, make sure you post to the original login.fcc
• When SM "intercepts" a page, it adds several variables to the URL, including the agent name. You need to post these variables to login.fcc

Answer 2

http://www.ssohelp.com/notes/Siteminder_custom_login_page_-_how_to_post_to_FCC