Hello All,

I'm using the Out-Of-Box password policy, after successful login.

it does not return cookies (PD-S-SESSION-ID).

https://<host>/mga/sps/apiauthsvc?PolicyId=urn:ibm:security:authentication:asf:password

can anyone help me?



------------------------------
Mukesh
------------------------------

Hi Mukesh,

Are you sending an OAuth bearer token with the requests you're making to the Reverse Proxy?  If you are then this will be used as the session handle and you won't receive a session cookie.  This is by design because, in most cases, API clients don't like to handle cookies.

You can disable this behaviour by removing the "session = authorization" parameter from the configuration file but consider if that's really what you want to do.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Mon November 30, 2020 04:25 AM
From: Mukesh Bhati
Subject: ISAM - Not getting Cookie after successful login.

Hello All,

I'm using the Out-Of-Box password policy, after successful login.

it does not return cookies (PD-S-SESSION-ID).

https://<host>/mga/sps/apiauthsvc?PolicyId=urn:ibm:security:authentication:asf:password

can anyone help me?

------------------------------
Mukesh
------------------------------

Hi Jon,

I'm not using the OAuth bearer token, data required for authentication is passed as JSON in the request body.



------------------------------
Mukesh
------------------------------

Original Message:
Sent: Mon November 30, 2020 05:19 AM
From: Jon Harry
Subject: ISAM - Not getting Cookie after successful login.

Hi Mukesh,

Are you sending an OAuth bearer token with the requests you're making to the Reverse Proxy?  If you are then this will be used as the session handle and you won't receive a session cookie.  This is by design because, in most cases, API clients don't like to handle cookies.

You can disable this behaviour by removing the "session = authorization" parameter from the configuration file but consider if that's really what you want to do.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon November 30, 2020 04:25 AM
From: Mukesh Bhati
Subject: ISAM - Not getting Cookie after successful login.

Hello All,

I'm using the Out-Of-Box password policy, after successful login.

it does not return cookies (PD-S-SESSION-ID).

https://<host>/mga/sps/apiauthsvc?PolicyId=urn:ibm:security:authentication:asf:password

can anyone help me?

------------------------------
Mukesh
------------------------------

Hi Mukesh,

What headers do you see in the reponse?  If you're seeing am-eai-* headers then that means the Reverse Proxy is not recognizing the responses from the AAC Authentication Service as login triggers.

These triggers are usually set up when you run the wizard which configures the Reverse Proxy as the point-of-contact for the AAC Authentication Service.  You can see these triggers in the [eai-trigger-urls] configuration stanza.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Mon November 30, 2020 08:06 AM
From: Mukesh Bhati
Subject: ISAM - Not getting Cookie after successful login.

Hi Jon,

I'm not using the OAuth bearer token, data required for authentication is passed as JSON in the request body.

------------------------------
Mukesh

Original Message:
Sent: Mon November 30, 2020 05:19 AM
From: Jon Harry
Subject: ISAM - Not getting Cookie after successful login.

Hi Mukesh,

Are you sending an OAuth bearer token with the requests you're making to the Reverse Proxy?  If you are then this will be used as the session handle and you won't receive a session cookie.  This is by design because, in most cases, API clients don't like to handle cookies.

You can disable this behaviour by removing the "session = authorization" parameter from the configuration file but consider if that's really what you want to do.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon November 30, 2020 04:25 AM
From: Mukesh Bhati
Subject: ISAM - Not getting Cookie after successful login.

Hello All,

I'm using the Out-Of-Box password policy, after successful login.

it does not return cookies (PD-S-SESSION-ID).

https://<host>/mga/sps/apiauthsvc?PolicyId=urn:ibm:security:authentication:asf:password

can anyone help me?

------------------------------
Mukesh
------------------------------

Hi Jon,

Thanks for the help!

after setting eai-auth = https in webSeal configuration file.

webSeal returns PD-S-SESSION-ID cookies.

------------------------------
Mukesh
------------------------------

Original Message:
Sent: Mon November 30, 2020 08:31 AM
From: Jon Harry
Subject: ISAM - Not getting Cookie after successful login.

Hi Mukesh,

What headers do you see in the reponse?  If you're seeing am-eai-* headers then that means the Reverse Proxy is not recognizing the responses from the AAC Authentication Service as login triggers.

These triggers are usually set up when you run the wizard which configures the Reverse Proxy as the point-of-contact for the AAC Authentication Service.  You can see these triggers in the [eai-trigger-urls] configuration stanza.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon November 30, 2020 08:06 AM
From: Mukesh Bhati
Subject: ISAM - Not getting Cookie after successful login.

Hi Jon,

I'm not using the OAuth bearer token, data required for authentication is passed as JSON in the request body.

------------------------------
Mukesh

Original Message:
Sent: Mon November 30, 2020 05:19 AM
From: Jon Harry
Subject: ISAM - Not getting Cookie after successful login.

Hi Mukesh,

Are you sending an OAuth bearer token with the requests you're making to the Reverse Proxy?  If you are then this will be used as the session handle and you won't receive a session cookie.  This is by design because, in most cases, API clients don't like to handle cookies.

You can disable this behaviour by removing the "session = authorization" parameter from the configuration file but consider if that's really what you want to do.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon November 30, 2020 04:25 AM
From: Mukesh Bhati
Subject: ISAM - Not getting Cookie after successful login.

Hello All,

I'm using the Out-Of-Box password policy, after successful login.

it does not return cookies (PD-S-SESSION-ID).

https://<host>/mga/sps/apiauthsvc?PolicyId=urn:ibm:security:authentication:asf:password

can anyone help me?

------------------------------
Mukesh
------------------------------