security - How to customize RSA Web Authentication Agent? -


currently in company there's internal web application custom login page. in order authenticate user make use of rsa authentication windows agent 7.2. call methods exposed acecln.dll library in internal library.

now want move rsa authentication web agent 7.1. i've seen how works, i've been able install web agent , protect whole web site. doing this, web agent's pages (login, succesful login) displayed. problem still want use our custom login web page haven't been able it.

i've checked dlls come web agent (rsahandler.dll , rsamodule.dll) seems they're not meant used acecln.dll library in windows agent. i've been able bypass rsa web agent's login page making post request handler defined in web.config webid web application set web agent. below details:

this how handler defined in c:\program files\rsa security\rsawebagent\webid\web.config

<handlers>             <add name="rsasecuridhandlermapping" path="iiswebagentif.dll" verb="*" modules="securidhandler" scriptprocessor="c:\program files\rsa security\rsawebagent\webid\rsahandler.dll" requireaccess="none" />         </handlers> 

and form i've written in our custom login page. corresponds index.htm page presented after user gets validated.

<form action="/webid/iiswebagentif.dll" method="post" name="transportform">       username: <input  id="username" style=width: 155px" maxlength=64 value="jctorres" name="username" autocomplete=off"><br />       passcode: <input id="passcode" name="passcode" value="1984" maxlength=16  autocomplete="off"  style="width:155px;"><br />           <input type="hidden" name="referrer"  value="z2findexz2ehtm">             <input type="hidden" name="sessionid" value="0">           <input type="hidden" name="postdata"  value="get&#58;">           <input type="hidden" name="authntype" value="2">           <input type="hidden" name="stage"     value="useridandpasscode">            <input type="hidden" name="csrftoken" value="">           <input type=submit value="log in" onclick="">      </form> 

as said, this, i'm able login our custom login page i'm still seeing intermediate authentication succeeded presented before index.htm presented.

my question be:

1- how can use rsa authentication web agent , still use company own login, error web page, , without displaying intermediate authentication succeeded web page? behavior of rsahandler.dll library customizable?

thanks in advance


Comments

Popular posts from this blog

java - Custom OutputStreamAppender not run: LOGBACK: No context given for <MYAPPENDER> -

java - UML - How would you draw a try catch in a sequence diagram? -

c++ - No viable overloaded operator for references a map -