IBM Security Verify

 View Only

  • 1.  Dynatrace extension - how to disable its automatic .js injection ?

    IBM Champion
    Posted Tue July 20, 2021 03:10 PM
    Hi everybody,

    We installed the Dynatrace OneAgent extension (https://exchange.xforce.ibmcloud.com/hub/extension/46c449543f3570e9f4ffd15370c2c32b) to explore the metrics that are made available..

    After enabling the Dynatrace extension we started encountering a strange behavior when logging in to the LMI : after authentication ISAM redirects the browser to https://myisam.internal.domain/core/ruxitagentjs_ICA2SVfqru_10219210719121502.js
    That javascript file is some sort of Dynatrace web tracker.

    After analyzing the html content of the LMI login page, we identified a line that seems to have been added by the Dynatrace plugin:
        <script type="text/javascript" src="/core/ruxitagentjs_ICA2SVfqru_10219210719121502.js" data-dtconfig="app=2097877e7cf2df46|rcdec=1209600000|featureHash=ICA2SVfqru|vcv=2|rdnt=1|uxrgce=1|bp=3|srmcrv=10|cuc=skgb1fc2|mel=100000|dpvc=1|ssv=4|lastModification=1626731166290|dtVersion=10219210719121502|srmcrl=1|tp=500,50,0,1|uxdcw=1500|vs=2|agentUri=/core/ruxitagentjs_ICA2SVfqru_10219210719121502.js|reportUrl=/core/rb_bf95001xhd|rid=RID_1628671577|rpid=-753908167|domain=ept.lu">
​

    When not yet authentified (that's why the login form is displayed) that .js file is not accessible and so, after the authentication, ISAM redirects to the .js file  instead of redirecting to the LMI itself.


    By itself, it's not a blocking issue, as we can manually edit the url to go back to the LMI.
    The real problem is that the same .js is injected in many "management root" pages of ISAM, and we also encounter the same behavior on other public facing services as the OAuth server.
    Furthermore we exported management root pages and template files and we were unable to find any reference to that javascript file.
    -=> We are now thinking that the Dynatrace plugin dynamically injects its tracking javascript. (is that even possible?)


    We would like to be able to simply disable the web tracking features from the Dynatrace agent, but the ISAM extension does not expose any parameter allowing to customize that behavior.


    Is this something someone else ran into ?
    Is there any way for us to have a better understanding on how the Dynatrace extension dynamically injects the javascript import ? A way to disable it ?
    Does anyone know the developper(s) of the Dynatrace extension ? :)


    Thank you for any tip that you could think of

    ------------------------------
    André Leruitte
    ------------------------------


  • 2.  RE: Dynatrace extension - how to disable its automatic .js injection ?

    IBM Champion
    Posted Tue July 20, 2021 04:17 PM

    Hi André.

    Thank you so much for sharing.

    I had the exact same behavior with one appliance where had deployed the Dynatrace agent also as well ... and forgot about it ... and then started experimenting with strange /core/ URIs in the LMI ... which I investigated for quite some time ... even opened a support Case which led to nothing which we abandoned ... and I could not reproduced this behavior elsewhere so in the end I decide to scrap and recreate that appliance which resolved the issue.  I have not re-installed the Dynatrace agent yet.

    Now your post was the missing element linking together the behavior with the Dynatrace agent installation.

    But sorry, I don't have any answer for your other questions.


    Sylvain

    ------------------------------
    Sylvain Gilbert
    ------------------------------

    Original Message


  • 3.  RE: Dynatrace extension - how to disable its automatic .js injection ?

    Posted Tue July 20, 2021 05:14 PM
    Andre,

    The Dynatrace extension is developed by the core Verify Access development team.  However, the development team itself does not have a lot of knowledge on the Dynatrace product - the extension purely installs the Dynatrace agent into the environment.  I've gone through the Dynatrace installation options, and there doesn't appear to be a way to disable JavaScript injection (https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-oneagent/installation-and-operation/linux/installation/customize-oneagent-installation-on-linux/).  Have you tried reaching out to the Dynatrace support to see if it is possible to disable the JavaScript injection?

    ------------------------------
    Scott Exton
    IBM
    Gold Coast
    ------------------------------

    Original Message


  • 4.  RE: Dynatrace extension - how to disable its automatic .js injection ?

    IBM Champion
    Posted Fri July 23, 2021 07:23 AM
    Hi @Sylvain Gilbert and @Scott Exton,

    Thank you both for your replies.

    We contacted Dynatrace who seems to have another extension version we have to test. As soon as I am able to check with the coworker involved I will update this thread.

    ​​

    ------------------------------
    André Leruitte
    ------------------------------

    Original Message


  • 5.  RE: Dynatrace extension - how to disable its automatic .js injection ?

    IBM Champion
    Posted Thu November 04, 2021 11:12 AM
    Hi guys,

    We just updated one of our ISAM's to v10.0.2 and we are now unable to install the Dynatrace OneAgent extension from IBM.
    Extension installation fails with {"result":"failure", "msg": "An unsupported third-party dependency file was supplied.", "status": 409} .


    Are there any plans to update the extension so it stays compatible with current ISAM versions ?





    ------------------------------
    André Leruitte
    ------------------------------

    Original Message


  • 6.  RE: Dynatrace extension - how to disable its automatic .js injection ?

    Posted Thu November 04, 2021 03:09 PM
    Andre,
     
    This is a known issue with Verify Access 10.0.2.0 and the IBM support team are currently working with the Dynatrace support team to understand the problem and produce a solution.
     
    Thanks.
     
     
    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access
    IBM Master Inventor

     
     
     



    Original Message


  • 7.  RE: Dynatrace extension - how to disable its automatic .js injection ?

    IBM Champion
    Posted Fri November 05, 2021 04:00 AM
    Thanks a lot Scott for your confirmation.

    We will then simply wait for a solution before continuing testing this extension.



    ------------------------------
    André Leruitte
    ------------------------------

    Original Message


  • 8.  RE: Dynatrace extension - how to disable its automatic .js injection ?

    Posted Mon December 13, 2021 03:42 PM
    Hello @André Leruitte ,
              I used SaaS environment with Dynatrace OneAgent Installer versions 1.227.157 and latest one 1.229.180 in version 10.0.2. Corresponding script files Dynatrace-OneAgent-Linux-1.227.157.sh and Dynatrace-OneAgent-Linux-1.229.180.sh are downloaded and installed on the appliance. 
    Not found any java script injections with those versions at the time of LMI login and after reboot of the appliance as well.  Seems those OneAgent installer versions resolved the issue.
              Please don't add .pem file as indicated in the X-force screenshots at the time of ​extension installation to avoid the error message "An unsupported third-party dependency file was supplied."

    Thanks!
    Ramakrishna Rupineni,
    ISVA L2 Support.

    ------------------------------
    Ramakrishna Rupineni
    IBM
    9666434079
    ------------------------------

    Original Message


  • 9.  RE: Dynatrace extension - how to disable its automatic .js injection ?

    IBM Champion
    Posted Fri December 17, 2021 05:47 AM
    As you mention "sh script downloading" , I suppose ISVA appliance should have internet access to a specific domain.

    Our ISVA appliances can only contact whitelisted internet domains, and as I haven't seen any documentation regarding making sure ISVA can access a particular domain, can you indicate me what is the domain(s) concerned ?


    Regards,
    André

    ------------------------------
    André Leruitte
    ------------------------------

    Original Message