How to configure and test a Form Post Begin Site

Follow

Version Affected: All

Description:  

How to configure and test a Form Post Begin Site (FormPost.aspx)

 

Cause:  

The Form Post Begin Site allows an IdP realm to take the UserName and Mode (Public or Private) plus optionally Password and/or shared Secret as variables by way of a Forms POST made by another website or external page, instead of the user having to type those details directly into the realm.

Once the Form POST is accepted the user is taken through the usual workflow.

 

Resolution:  

1. The configuration of the Begin Site is outlined here:

https://docs.secureauth.com/display/91docs/Form+Post+Begin+Site+Configuration+Guide

2. If the Username AND Password are being supplied via Form POST, change the workflow (on the workflow tab) to accept Username and Password on the same page.  If only Password is expected then again, change the workflow accordingly.

3. To test the begin site, download the attached HTML file, this doesn't have to be downloaded to the IdP but can be to any machine such as a workstation.

4. After downloading the file, edit it in a text editor and change the URL to point to the begin site URL:

mceclip0.png

5. While editing, feel free to alter the username, password, mode and shared secret if desired but it's not necessary as these can be changed in the next step.

6. Open the HTML file in a browser by double clicking it and you will see the following:

mceclip1.png

7. Change the values if necessary and click the "Submit" button to test.

8. If successful the user will be taken through the workflow and the following will be observed in the audit log:

The current identity from Form Post: user1

 

Special Considerations (optional as needed):  

The downside with the FormsPost.aspx begin site is that if the username or password is bad it doesn't really fail in a nice way, it just leaves the user staring at a blank screen without any error message or indication of a problem.

If any of the expected variables are not supplied at all (i.e. not just blank but entirely missing and undefined) it will generate this error:

Error: Object reference not set to an instance of an object

This can happen when hitting the Begin site without making a Forms Post, as happens when a user browses directly to the realm/SecureAuth.aspx which then redirects the user to the Begin site.

A modified version of the Forms Post begin site which addresses these shortcomings and some others is available in this KB Article:

https://support.secureauth.com/hc/en-us/articles/360035644991-Forms-POST-begin-site-Error-Object-reference-not-set-to-an-instance-of-an-object

 

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.