Configure POST Preservation
automatically preserves the data that a user posts using an FCC page. This preservation mechanism prevents data loss if a timeout or other interruption occurs during the POST operation.
CA Single Sign-Onautomatically preserves the data that a user posts using an FCC page. This preservation mechanism prevents data loss if a timeout or other interruption occurs during the POST operation.
If you are using a combination of traditional and framework agents in your environment, the following configuration steps are required:
- Enable POST preservation between Framework and Traditional agents
- Customize the POST preservation page
If you do not want to use POST preservation, you can disable it.
POST preservation is not supported in the following situations:
- ACE authentication
- Any custom authentication scheme that posts to an FCC
Enable Post Preservation Between Framework and Traditional Agents
Framework Agents handle POST preservation data differently than Traditional Agents do. If your
CA Single Sign-Onenvironment uses a combination of Framework and Traditional agents, and resources that are hosted by one type of Agent are protected by Forms Credential Collectors (FCCs) hosted on the other type of agent, you must specify the proper template file with the following parameter:
Enables the transfer of POST preservation data between Traditional and Framework Agents by specifying the path to
oneof the following POST-preservation-template files:
- tr2fw.pptemplate—Indicates that resources hosted on a server running a Traditional agent are protected by an FCC running on a Framework agent.
- fw2tr.pptemplate—Indicates that resources hosted on a server running a Framework agent are protected by an FCC running on a Traditional agent.
Follow these steps:
- Determine which resources are protected by FCCs running on a different type of Agent.
- Create a list of Traditional Agents hosting resources that are protected by FCCs running on Framework Agents.
- Create a list of Framework Agents hosting resources that are protected by FCCs running on Traditional Agents.
- For any traditional Agents hosting resources (those you listed in Step 1a), set the value of the PostPreservationFile parameter to the path of the tr2fw.pptemplate file.
- For any Framework Agents hosting resources (those you listed in Step 1b), set the value of the PostPreservationFile parameter to the path of the fw2tr.pptemplate file.
- For all of your Framework Web Agents that communicate with Traditional Agents, set the value of the following parameter to yes:LegacyPostPreservationEncodingSpecifies whether the Web Agent encodes any POST preservation data in a way that is compatible with the older, Traditional, Web Agents, or with the newer, Framework Web Agents. When the value of this parameter is set to yes, the encoding is compatible with the Traditional Web Agents. When the value of this parameter is set to no, the encoding is compatibleonlywith the Framework Web Agents.Default: No
- Restart the web servers hosting your resources.POST preservation is between Framework and Traditional agents is enabled.
Customize the POST Preservation Page
When a timeout or other interruption occurs during a POST operation, the POST preservation page is displayed. Usually, the POST preservation page appears for less than a second. However, the Post Preservation page can be displayed for as long as 5 seconds when the amount of form data being posted is large.
By default, the POST preservation page displays the following text:
This page is used to hold your data while you are being authorized for your request. You will be forwarded to continue the authorization process. If this does not happen automatically, please click the Continue button below.
The POST preservation page also displays a Continue button that allows the user to repost the data to the application.
To customize the POST preservation page, create a POST preservation template file.
The general structure of the default page is as follows:
<HTML><HEAD><TITLE></TITLE></HEAD><BODY onLoad="document.AUTOSUBMIT.submit();">This page is used to hold your data while you are being authorized for your request.<BR><BR>You will be forwarded to continue the authorization process. If this does not happen automatically, please click the Continue button below.<FORM NAME="AUTOSUBMIT" METHOD="POST" ACTION="$$smpostlocation$$"><$$smpostdata$$><INPUT TYPE="SUBMIT" VALUE="Continue"></FORM></BODY></HTML>
The POST preservation template must include the following two elements which the Web Agent expands when rendering the POST preservation page:
- $$smpostlocation$$Expanded to the credential collector URL during the first phase of POST preservation. Expanded to the protected resource URL during the second phase of POST preservation.
- $$smpostdata$$Expanded to contain HTML which results in the correct form data being posted to either location respective to the phase of POST preservation.
Do not remove or alter these elements.
However, you can change other elements. For example, to remove the Continue button, remove the <INPUT> element that defines that button:
<INPUT TYPE="SUBMIT" VALUE="Continue">
Two sample POST preservation template files, fw2tr.pptemplate and tr2fw.pptemplate, are included in the following location:
- web_agent_homeIndicates the directory where the Web Agent is installed on your web server.
To configure the Web Agent to use your POST preservation template file, define the PostPreservationFile agent configuration parameter to specify the path of the template file. For example:
(Optional) Disable POST Preservation
If you do not need to use POST preservation, you can disable it with the following parameter:
Specifies whether the Web Agent preserves POST data when redirecting requests. When the user is challenged for advanced authentication, such as forms or certificate authentication, the post data is preserved during the authentication phase.
To disable POST preservation, set the value of the PreservePostData parameter to no.
(Optional) Disable the POST Preservation Data Size Limit
By default, agents do not preserve or filter POST data files larger than 64 KB. To remove this limit, set the DisablePostDataLimit agent configuration parameter.
Specifies whether a Web Agent observes the 64 KB data-size limit when preserving or filtering POST data. This does not affect the standard POST operation, but it does affect the following:
- POST preservation
- eTelligent Rules Post variables
- WSS authentication schemes
Default:No (limit enforced)
Change this parameter to yes at your own risk. Removing the 64-KB limit means that the agent attempts to preserve any POST data it gets, even if doing so causes downstream issues, such as long login times.