Customizing the POST preservation page

Document ID : KB000053734
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

In the event of a timeout, sites protected by Windows Authentication will receive the post preservation page with a Continue button. In some cases, this page flashes by in less than a second, in others, it stays up for as long as 5 seconds. In the situations where the page displays for several seconds, users will click on the Continue button posting data to the application twice. Can you explain why the page will display longer on some pages than others? Is there any way to prevent the Continue button from displaying?

Solution

The HTTP Post Preservation page will be displayed longer when the data being preserved is larger. This is dependent on the size of the message that is POSTed.

POST preservation templates are invoked in both sides of the POST preservation exchange, both on the server with the protected content and on the server with the credential collector. The Web Agent hosting the original target returns the POST preservation page on the way to the credential collector, and Web Agent hosting the credential collector returns the POST preservation page in the other direction.

There are two parts to POST preservation. The first part saves the data POSTed to the protected resource by sending it back to the browser and forcing the browser to POST that data to the credential collector. Once the user has been reauthenticated, the second part of POST preservation involves restoring the data back to the protected resource. This is done in a similar fashion, where the data is again sent back to the browser and then the browser is similarly forced to POST the data back to the protected resource. An HTTP trace would show a conversation such as:

POST http://content.ca.com/protected
200 OK POST PRESERVATION PAGE

POST http://credentials.ca.com/login.fcc
200 OK LOGIN FORM

POST http://credentials.ca.com/login.fcc
200 OK POST PRESERVATION PAGE

POST http://content.ca.com/protected
200 OK CONTENT

Note that a POST preservation page is served from BOTH content.ca.com AND credentials.ca.com.

The intermittent page can be customized by modifying the POST preservation template . There are two samples which get installed with the Web Agent and have the extension".pptemplate" which do fancy things with POST preservation. These files are located in the samples directory of the SiteMinder Web Agent installation. For instance, if SiteMinder were installed at /app/netegrity/webagent, these files would be located at:

/app/netegrity/webagent/samples_default/forms/fw2tr.pptemplate
/app/netegrity/webagent/samples_default/forms/tr2fw.pptemplate

These files are samples created to demonstrate a workaround to a specific issue which no longer exists in the SiteMinder Web Agent. However, they can be used as a basis for creating a custom POST preservation page, such as one which does not have the "continue" button.

There are two elements in a POST preservation template which are expanded by the Web Agent when rendering the POST preservation page. These are $$smpostlocation$$ and $$smpostdata$$. The general structure of the form is as follows:

<HTML><HEAD><TITLE></TITLE></HEAD><BODY onLoad="document.AUTOSUBMIT.submit();">
This page is used to hold your data while you are being authorized for your request.<BR><BR>
You will be forwarded to continue the authorization process. If this does not happen automatically, please click the Continue button below.
<FORM NAME="AUTOSUBMIT" METHOD="POST" ACTION="$$smpostlocation$$">
<$$smpostdata$$>
<INPUT TYPE="SUBMIT" VALUE="Continue">
</FORM></BODY></HTML>

When this form is rendered, the $$smpostlocation$$ token is expanded to the URL of the credential collector for the first part of POST preservation, and to the URL of the protected resource for the second part of POST preservation. The $$smpostdata$$ token is expanded to contain HTML which will result in the correct form data being POSTed to either location respective to the phase of POST preservation. The general format of these cannot be changed, in specific, the $$smpostdata$$ MUST be enclosed in single angle brackets as shown above.

However, removal of the submit button is simple enough in this example. All that is required is to remove the <INPUT> element containing the button. This would leave a template as follows:

<HTML><HEAD><TITLE></TITLE></HEAD><BODY onLoad="document.AUTOSUBMIT.submit();">
This page is used to hold your data while you are being authorized for your request.<BR><BR>
You will be forwarded to continue the authorization process. If this does not happen automatically, please click the Continue button below.
<FORM NAME="AUTOSUBMIT" METHOD="POST" ACTION="$$smpostlocation$$">
<$$smpostdata$$>
</FORM></BODY></HTML>

To configure the Web Agent to use this POST preservation template, the Agent Configuration Object parameter "PostPreservationFile" must be specified to point to the path of the POST preservation template.
For example:

PostPreservationFile="/app/netegrity/webagent/samples_default/forms/nosubmitbutton.pptemplate"