SiteMinder - Forms Credential Collector (FCC)

SiteMinder credential collector is an application within the Web agent that gathers specific user credentials to authenticate a user. The credentials gathered by the credential collector are based on the type of authentication scheme configured for a particular group of protected resources. For forms-based authentication, credentials are collected by the Forms Credential Collector (FCC) process. The default extension for FCC files is (naturally enough) 'FCC'. The FCC process files are composed in a simple mark-up language that includes HTML and some custom notation. This file contains the custom form definition and additional information that the FCC uses to process HTML forms-based authentication. The FCC extracts credentials that a user enters in the custom form generated from the FCC file. For example, the Web agent is installed with a form called login.fcc, which we can customize and use for login purposes.

SiteMinder displays the contents of the .unauth file to users who exceed the maximum number of failed authentication attempts specified by the authentication scheme. One .unauth file should exist for each FCC file. For example, if you have a login.fcc file on a Web server, you should also have a login.unauth file in the same location. If a smerrorpage variable has been defined in the FCC file, the .unauth file is not required.

FCC attribute name/value pairs:

Smenc - contains information that tells the browser what language encoding to use.
smlocale - is the language used in the HTML forms that collect user information or display status messages.
Username - is the name to use as the login user name.
password - is the password to use to perform the login.
target - is the resource to access after login.
smauthreason - is the reason code associated with a login failure.
smusrmsg - contains the text that describes why the user was challenged or failed to login.
Smagentname - is the agent name used for logging the user in.
postpreservationdata - is the data that a user submits through a post request.
smerrorpage - is the page to which the user's browser will be redirected if there is an error on a post to the custom form.
smretries - defines the maximum number of allowed failures when attempting to login.