IBM Security Verify

Hi, I have a resource protected by an access control policy, then after completing the OTP authentication policy attached to the access control policy I cannot access the protected resource, Webseal redirects to the authentication policy again, on webseal request log I can see a HTTP 302 response to the protected resource but I cannot access it, Webseal inmediately redirect to the OTP authentication policy again.
Does anybody has a clue why this is happening?
Thanks in advance, Regards.



------------------------------
David Vicenteño
------------------------------

Hi David, It would help if the logs contain more details. Seems like the policy rule "Permit with Authentication userotp" is in a loop and authentication is triggered on every redirect as per the rule.


My two cents if it helps.Try by changing the policy Precedence to First and below rule. It might work. Precedence of first, returns decision of the first rule that applies in the chain

Rule1: If user authentication types has userotp authentication then permit.

Rule2: If NOT user authentication types has userotp authentication then permit with authentication userotp

Rule3: Unconditional Deny

Attached a sample rule below:
Note: Authentication type URN should match your auth mechanism type



Regards,
Rama

------------------------------
Rama Yenumula
------------------------------

Original Message:
Sent: Tue August 18, 2020 06:41 PM
From: David Vicenteño
Subject: HTTP 302 response after authentication Policy

Hi, I have a resource protected by an access control policy, then after completing the OTP authentication policy attached to the access control policy I cannot access the protected resource, Webseal redirects to the authentication policy again, on webseal request log I can see a HTTP 302 response to the protected resource but I cannot access it, Webseal inmediately redirect to the OTP authentication policy again.
Does anybody has a clue why this is happening?
Thanks in advance, Regards.

------------------------------
David Vicenteño
------------------------------

Thank you very much Rama. Regards

------------------------------
David Vicenteño
------------------------------

Original Message:
Sent: Tue August 18, 2020 11:23 PM
From: Rama Yenumula
Subject: HTTP 302 response after authentication Policy

Hi David, It would help if the logs contain more details. Seems like the policy rule "Permit with Authentication userotp" is in a loop and authentication is triggered on every redirect as per the rule.


My two cents if it helps.Try by changing the policy Precedence to First and below rule. It might work. Precedence of first, returns decision of the first rule that applies in the chain

Rule1: If user authentication types has userotp authentication then permit.

Rule2: If NOT user authentication types has userotp authentication then permit with authentication userotp

Rule3: Unconditional Deny

Attached a sample rule below:
Note: Authentication type URN should match your auth mechanism type

Regards,
Rama

------------------------------
Rama Yenumula

Original Message:
Sent: Tue August 18, 2020 06:41 PM
From: David Vicenteño
Subject: HTTP 302 response after authentication Policy

Hi, I have a resource protected by an access control policy, then after completing the OTP authentication policy attached to the access control policy I cannot access the protected resource, Webseal redirects to the authentication policy again, on webseal request log I can see a HTTP 302 response to the protected resource but I cannot access it, Webseal inmediately redirect to the OTP authentication policy again.
Does anybody has a clue why this is happening?
Thanks in advance, Regards.

------------------------------
David Vicenteño
------------------------------