IBM Security Verify

 View Only
  • 1.  ISAM - Facing an issue while accessing SPA

    Posted Mon November 30, 2020 08:21 AM
    Hello All,

    Facing an issue while accessing the SPA(created in Angular).

    if SPA is accessed directly(via LocalHost) then there is no errors/warning in the browser's console.


    but if the SPA is accessed via reverse proxy through the junction. then there are errors/warnings in the browser's console.


    Can anyone help me?

    ------------------------------
    Mukesh
    ------------------------------


  • 2.  RE: ISAM - Facing an issue while accessing SPA
    Best Answer

    Posted Mon November 30, 2020 08:29 AM
    Mukesh,

    Seems very likely that the JavaScript resources you're trying to access are not set up for public (unauthenticated) access in the Reverse Proxy policy.  So, the Reverse Proxy is returning its login page when you try to access them.

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------



  • 3.  RE: ISAM - Facing an issue while accessing SPA

    Posted Tue December 01, 2020 02:59 AM
    Hi Jon,

    Thanks for the help!

    Now it is working after applying unauthenticated ACL to JavaScript resources.

    ------------------------------
    Mukesh
    ------------------------------



  • 4.  RE: ISAM - Facing an issue while accessing SPA

    Posted Wed April 21, 2021 06:44 AM
    Edited by Prashant Narkhede Wed April 21, 2021 06:47 AM
    Hi Team,

    I am facing the same issue when integrated an angular front-end application with ISAM.
    Even after applying the unauthenticated ACL, it doesn't work for me.

    Getting below error in console logs:
    Uncaught SyntaxError: Unexpected token '<'

    Are there any configuration changes that need to be done for this in the WebSEAL configuration file?

    Regards,
    Prashant




    ------------------------------
    Prashant Narkhede
    ------------------------------



  • 5.  RE: ISAM - Facing an issue while accessing SPA

    Posted Wed April 21, 2021 07:13 AM
    Prashant,

    The Unexpected token '<' is almost certainly an indication that the (HTML) login page is being returned when the application is expecting to receive some JavaScript or JSON object.

    You should probably figure out the request that is returning the "bad" response and then try to access it directly from your browser.  This will let you see what you are getting back.  I bet it's a login page (or some other HTTP error page).

    If unauthenticated access is allowed but you still get login page, I would first check that both "unauthenticated" and "any-other" groups have Tr permissions in your ACL.

    It's also worth checking the junction.  If you have your Basic Authentication config set to "Supply" or "GSO" then this will require login for all access to the junction unless you change:

    allow-unauth-ba-supply = no

    to

    allow-unauth-ba-supply = yes

    in the WebSEAL configuration.

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------



  • 6.  RE: ISAM - Facing an issue while accessing SPA

    Posted Wed April 21, 2021 08:23 AM
    Hi Jon,

    It's an HTML page. 
    Here are more details:
    An application must be protected by WebSEAL so that ISAM will present its login page.
    After successful authentication to ISAM, the application should be loaded. 
    I applied the unauth ACLs to those specific JS files but facing the issue as mentioned in my previous message.

    Additionally, I observed that the issue occurs only when the junction is transparent.
    If I uncheck the transparent checkbox then this issue does not occur.

    However, I want a transparent junction so that there would not be any need to change the routes within an application.



    ------------------------------
    Prashant Narkhede
    ------------------------------



  • 7.  RE: ISAM - Facing an issue while accessing SPA

    Posted Wed April 21, 2021 10:59 AM
    Hi Prashant,

    If you want Reverse Proxy to show login page before the SPA is loaded, seems like you should make sure the main "loader" page requires authenticated access so that trying to load it causes the Reverse Proxy login page to be displayed.

    If the user is forced to login before the SPA loads then there should be no need to allow unauthenticated access to any resources because the user will be authenticated by the time they are loaded.

    If the user has logged in but still sees the login page being returned when requesting resources then that might indicate an issue with maintaining sessions?

    I can't explain why it would work with a standard junction but fail for a transparent path junction.

    Perhaps you need to capture the browser trace and/or Reverse Proxy request log for working and failing case and compare.

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------