Writing a Remote SSO Form POST Resource Policy

Remote SSO Form POST resource policies specify Web applications to which the system posts data. This data can include a user's username and password, as well as system data stored by system variables.

To write a remote SSO Form POST resource policy:

1.In the admin console, navigate to Users > Resource Policies > Web.

2.If your administrator view is not already configured to show SSO policies, make the following modifications:

1. Click the Customize button in the upper right corner of the page.
2. Select the SSO check box.
3. Select the Form Post check box below the SSO check box.
4. Click OK.

3.Select the SSO> Form Post tab.

4.On the Form POST Policies page, click New Policy.

5.Enter a name to label this policy (required) and a description of the policy (optional).

6.In the Resources section, specify the application's sign-in page, such as: http://yourcompany.com.

If you want to automatically post values to a specific URL when an end user clicks on a bookmark, the resource that you enter here must exactly match the URL that you specify in the Users > User Roles > Role > Web > Bookmarks page of the admin console.

7.In the Roles section, specify:

•Policy applies to ALL roles - To apply this policy to all users.

•Policy applies to SELECTED roles - To apply this policy only to users who are mapped to roles in the Selected roles list. Make sure to add roles to this list from the Available roles list.

•Policy applies to all roles OTHER THAN those selected below - To apply this policy to all users except for those who map to the roles in the Selected roles list. Make sure to add roles to this list from the Available roles list.

8.In the Action section, specify:

•Perform the POST defined below - Perform a form POST with the user data specified in the POST details section to the specified URL when a user makes a request to a resource specified in the Resources list.

•Do NOT perform the POST defined below - Do not perform a form POST with the user data specified in the POST details section.

•Use Detailed Rules - Select this option to specify one or more detailed rules for this policy.

9.In the POST details section:

•In the POST to URL field, specify the absolute URL where the application posts the user's credentials, such as: http://yourcompany.com/login.cgi. The admin can determine the appropriate URL using a TCP dump or by viewing the application's sign-in page source and searching for the POST parameter in the FORM tag. (Wildcard characters are not supported in this field.)

•Check Deny direct login for this resource if you do not want users to be able to access the URL directly.

•Select the Allow multiple POSTs to this resource check box if you want to send POST and cookie values to the resource multiple times if required. If you do not select this option, the system does not attempt single sign-on when a user requests the same resource more than once during the same session.

•Specify the user data to post and user modification permission:

•User label - The label that appears on a user's Preferences page. This field is required if you either enable or require users to modify data to post to back-end applications.

•Name - The name to identify the data of the Value field. (The back-end application should expect this name.)

•Value - The value to post to the form for the specified Name. You can enter static data, a system variable, or system session variables containing username and password values.

•User modifiable? setting - Set to Not modifiable if you do not want the user to be able to change the information in the Value field. Set to User CAN change value if you want the user to have the option of specifying data for a back-end application. Set to User MUST change value if users must enter additional data in order to access a back-end application. If you choose either of the latter settings, a field for data entry appears on the user's Advanced Preferences page. This field is labeled using the data you enter in the User label field. If you enter a value in the Value field, this data appears in the field but is editable.

10.Click Save Changes.

11.On the Form POST Policies page, order the policies according to how you want to evaluate them. Keep in mind that once the system matches the resource requested by the user to a resource in a policy's (or a detailed rule's) Resource list, it performs the specified action and stops processing policies.