SiteMInder: Secure Policy Server , Size limit in fcc password field.
search cancel

SiteMInder: Secure Policy Server , Size limit in fcc password field.

book

Article ID: 368717

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder)

Issue/Introduction

While posting the credentials to login.fcc page with 6000 characters via a JSON response from third-party application the password is getting truncated to 4096 characters length and fails to login using login.fcc page.

 

  

Environment

R12.8.x

Cause

It is customer's requirement to increase the password field length in fcc page to accept 6000+ characters.

Resolution

The size of the password field within fcc page of the Access Gateway forms login page has three fields by default ars as follows

Username, password and smaltcreds.

Size restriction for user and pwd are as below.
SM_SIZE_USERNAME                    256
SM_SIZE_USERPW                        4096

Smaltcreds                                        4kb

 

Since customer is implementing a custom authentication schema based on an fcc form, it's recommended to use @smaltcreds for larger size at access gateway/web-agent.

 

Please refer the below document and openid_en-US.fcc in AG (installed path <AG_home>\secure-proxy\proxy-engine\examples\forms_en-US\openid_en-US.fcc) has example usage.

https://ftpdocs.broadcom.com/cadocs/0/CA%20SiteMinder%2012%2052-ENU/Bookshelf_Files/HTML/idocs/346919.html

 

@Smaltcreds :  This directive allows custom authentication schemes to send credentials larger than 4KB.This may be used in the same manner that the @password directive is used. When credentials are posted to an FCC using @smaltcreds, its value is sent to the Policy server during login as a byte buffer avoiding the password field which is restricted to 4k bytes. The @smaltcreds directive may not be used with existing out-of-the box authentication schemes, but it may be used for custom authentication. Developers of custom authentication schemes must code their authentication scheme libraries to look for the @smaltcreds credentials in the lpszCertBinary field of the user credential struct passed through the Agent API during login.

 

Please refer the below for an example.

https://community.broadcom.com/enterprisesoftware/blogs/gadba01/2019/05/30/tech-tip-ca-single-sign-on-jwt-authentication-scheme-support-for-forms-login-page-fcc-using-web-agent