Hello Team,

I have created a Policy with 2 Mechanisms.

1st Mechanism checks whether the provided user is valid or not if valid then transfer the control to the next Mechanism.
The next Mechanism is MAC OTP it sends the OTP to the user and Asks the user to enter OTP.

When I call the policy from the postman it works fine.

But when I try to call the same policy from the Nodejs application it breaks when the user enters the OTP.
Response
{
"exceptionMsg": "FBTAUT017E Authentication service received an invalid state ID [CUTAfkZMvLUbHgcw8pxqj7yjeWiLrJGjIWCrQrOwBdOJe69BClOetL2DfXgvIu6Rg4uYmPnpN1as6nSr6WVV9u8wxW6Ib3gU3CJ9I3K1qr9A41tj5BSlhBS2marJpGGo].",
"state": "",
"message": ""
}

I observe it work fine with cookies.

Can't we configure the policy to work without cookie(Want to use policy as API)?


Can anyone help with the same?

------------------------------
Mukesh
------------------------------

Hi Mukesh,

There is a configuration parameter in ISAM AAC to control this option.

In the appliance LMI, under AAC -> Advanced Configuration, there is an parameter "authsvc.stateMgmt.cookieless". The default value is false. You can alter it and set it to true to make it work without cookie.

Hope it helps.

Best regards,
Jahanzaib

------------------------------
Jahanzaib Sarwar
------------------------------

Original Message:
Sent: Wed April 07, 2021 08:44 AM
From: Mukesh Bhati
Subject: ISAM - How to configure policy to work without cookie?

Hello Team,

I have created a Policy with 2 Mechanisms.

1st Mechanism checks whether the provided user is valid or not if valid then transfer the control to the next Mechanism.
The next Mechanism is MAC OTP it sends the OTP to the user and Asks the user to enter OTP.

When I call the policy from the postman it works fine.

But when I try to call the same policy from the Nodejs application it breaks when the user enters the OTP.
Response
{
"exceptionMsg": "FBTAUT017E Authentication service received an invalid state ID [CUTAfkZMvLUbHgcw8pxqj7yjeWiLrJGjIWCrQrOwBdOJe69BClOetL2DfXgvIu6Rg4uYmPnpN1as6nSr6WVV9u8wxW6Ib3gU3CJ9I3K1qr9A41tj5BSlhBS2marJpGGo].",
"state": "",
"message": ""
}

I observe it work fine with cookies.

Can't we configure the policy to work without cookie(Want to use policy as API)?


Can anyone help with the same?

------------------------------
Mukesh
------------------------------

Hi Jahanzaib,

Thanks, A Lot!.

Reference Link

https://www.ibm.com/docs/en/sva/9.0.6?topic=authentication-configuring-access-module-cookieless-operation

------------------------------
Mukesh
------------------------------

Original Message:
Sent: Wed April 07, 2021 11:18 AM
From: Jahanzaib Sarwar
Subject: ISAM - How to configure policy to work without cookie?

Hi Mukesh,

There is a configuration parameter in ISAM AAC to control this option.

In the appliance LMI, under AAC -> Advanced Configuration, there is an parameter "authsvc.stateMgmt.cookieless". The default value is false. You can alter it and set it to true to make it work without cookie.

Hope it helps.

Best regards,
Jahanzaib

------------------------------
Jahanzaib Sarwar

Original Message:
Sent: Wed April 07, 2021 08:44 AM
From: Mukesh Bhati
Subject: ISAM - How to configure policy to work without cookie?

Hello Team,

I have created a Policy with 2 Mechanisms.

1st Mechanism checks whether the provided user is valid or not if valid then transfer the control to the next Mechanism.
The next Mechanism is MAC OTP it sends the OTP to the user and Asks the user to enter OTP.

When I call the policy from the postman it works fine.

But when I try to call the same policy from the Nodejs application it breaks when the user enters the OTP.
Response
{
"exceptionMsg": "FBTAUT017E Authentication service received an invalid state ID [CUTAfkZMvLUbHgcw8pxqj7yjeWiLrJGjIWCrQrOwBdOJe69BClOetL2DfXgvIu6Rg4uYmPnpN1as6nSr6WVV9u8wxW6Ib3gU3CJ9I3K1qr9A41tj5BSlhBS2marJpGGo].",
"state": "",
"message": ""
}

I observe it work fine with cookies.

Can't we configure the policy to work without cookie(Want to use policy as API)?


Can anyone help with the same?

------------------------------
Mukesh
------------------------------