Web Agent Customizing the POST preservation page
search cancel

Web Agent Customizing the POST preservation page

book

Article ID: 53734

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

In the event of a timeout, sites protected by Windows Authentication
will receive the post preservation page with a Continue button. In
some cases, this page flashes by in less than a second, in others, it
stays up for as long as 5 seconds. In the situations where the page
displays for several seconds, users will click on the Continue button
posting data to the application twice. Why the page will display
longer on some pages than others ? Is there any way to prevent the
Continue button from displaying ?

 

Resolution

 

The HTTP Post Preservation page will be displayed longer when the data
being preserved is larger. This is dependent on the size of the
message that is POSTed.

POST preservation templates are invoked in both sides of the POST
preservation exchange, both on the server with the protected content
and on the server with the credential collector. The Web Agent hosting
the original target returns the POST preservation page on the way to
the credential collector, and Web Agent hosting the credential
collector returns the POST preservation page in the other direction.

There are two parts to POST preservation. The first part saves the
data POSTed to the protected resource by sending it back to the
browser and forcing the browser to POST that data to the credential
collector. Once the user has been reauthenticated, the second part of
POST preservation involves restoring the data back to the protected
resource. This is done in a similar fashion, where the data is again
sent back to the browser and then the browser is similarly forced to
POST the data back to the protected resource. An HTTP trace would show
a conversation such as:

  POST http://content.example.com/protected
  200 OK POST PRESERVATION PAGE

  POST http://credentials.example.com/login.fcc
  200 OK LOGIN FORM

  POST http://credentials.example.com/login.fcc
  200 OK POST PRESERVATION PAGE

  POST http://content.example.com/protected
  200 OK CONTENT

Note that a POST preservation page is served from BOTH content.example.com
AND credentials.example.com.

The intermittent page can be customized by modifying the POST
preservation template. There are two samples which get installed with
the Web Agent and have the extension ".pptemplate" which do fancy
things with POST preservation. These files are located in the samples
directory of the SiteMinder Web Agent installation. For instance, if
SiteMinder were installed at /app/webagent, these files
would be located at:

  /app/webagent/samples_default/forms/fw2tr.pptemplate
  /app/webagent/samples_default/forms/tr2fw.pptemplate

These files are samples created to demonstrate a workaround to a
specific issue which no longer exists in the Siteminder Web
Agent. However, they can be used as a basis for creating a custom POST
preservation page, such as one which does not have the "continue"
button.

There are two elements in a POST preservation template which are
expanded by the Web Agent when rendering the POST preservation
page. These are $$smpostlocation$$ and $$smpostdata$$. The general
structure of the form is as follows:

  <HTML>
    <HEAD>
      <TITLE>
      </TITLE>
    </HEAD>
    <BODY onLoad="document.AUTOSUBMIT.submit();">
      This page is used to hold your data while you are being authorized for your request.
      <BR>
      <BR>
      You will be forwarded to continue the authorization process. If this does not happen automatically, please click the Continue button below.
      <FORM NAME="AUTOSUBMIT" METHOD="POST" ACTION="$$smpostlocation$$">
 <$$smpostdata$$>
   <INPUT TYPE="SUBMIT" VALUE="Continue">
      </FORM>
    </BODY>
  </HTML>

When this form is rendered, the $$smpostlocation$$ token is expanded
to the URL of the credential collector for the first part of POST
preservation, and to the URL of the protected resource for the second
part of POST preservation. The $$smpostdata$$ token is expanded to
contain HTML which will result in the correct form data being POSTed
to either location respective to the phase of POST preservation. The
general format of these cannot be changed, in specific, the
$$smpostdata$$ MUST be enclosed in single angle brackets as shown
above.

However, removal of the submit button is simple enough in this
example. All that is required is to remove the <INPUT> element
containing the button. This would leave a template as follows:

  <HTML>
    <HEAD>
      <TITLE>
      </TITLE>
    </HEAD>
    <BODY onLoad="document.AUTOSUBMIT.submit();">
      This page is used to hold your data while you are being authorized for your request.
      <BR>
      <BR>
      You will be forwarded to continue the authorization process. If this does not happen automatically, please click the Continue button below.
      <FORM NAME="AUTOSUBMIT" METHOD="POST" ACTION="$$smpostlocation$$">
 <$$smpostdata$$>
      </FORM>
    </BODY>
  </HTML>

To configure the Web Agent to use this POST preservation template, the
Agent Configuration Object (ACO) parameter "PostPreservationFile" must
be specified to point to the path of the POST preservation template.

To illustrate :

  PostPreservationFile="/app/webagent/samples_default/forms/nosubmitbutton.pptemplate"