search cancel

Continuation of 20100136- Target's cookieDomain and agent configured cookieDomai


Article ID: 143419


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running a Web Agent as a login server and we'd like to know :

1. Only setting FccCompatMode=NO in ACO of agent which is used for
   login (authentication server basically) will redirect to
   TARGET. There is no other parameter dependency ?

2. It is mentioned that 4.x agent is not compatible. Does this mean
   against login server/authentication server we cant [sic] create 4.x
   agent ?




Web Agent 12.52SP1CR09 on Apache 2.4 on RedHat 6;




At first glance, 

1. When FccCompatMode is set to no, you have to take care of
   AgentName, DefaultAgentName and AgentNamesAreFQHostNames ACO
   parameter doesn't depend on other ACO parameter;

   Using Credential Collectors Between 4.x Type and Newer Type Agents

2. That doesn't mean that you can use 4.x Agent with the login
   server. It does only mean that when login in .fcc or .ntc
   authentication scheme there will be some limitation as described in
   documentation :

   Using Credential Collectors Between 4.x Type and Newer Type Agents

     To process requests, the FCC and NTC rely on the user credentials
     and the name of the Web Agent that is protecting the requested
     resource. However, 4.x agents and third-party agents posting to the
     FCC and NTC do not pass the Agent name on the URL they send.

     When the FCCCompatMode parameter is set to No, compatibility with
     4.x Agents is disabled. In a homogeneous product environment, set
     the value of the parameter to no.

     Specify Agent name mappings FCC only: If you disable backward
     compatibility, map the AgentName parameter to the name and IP
     address of each host using that FCC for its protected
     resources. Set up these mappings in the configuration settings of
     the FCC.


     Use Host Names as Agent Names FCC only: If the first two options
     in the algorithm are not optimal, you can set the value of the
     AgentNamesAreFQHostNames parameter to yes. This setting instructs
     the FCC to use the fully qualified host name in the target URL as
     the Agent name.