IBM Security Verify

 View Only
  • 1.  ISAM - How to send data in a response to a success of infoMap.

    Posted Wed November 11, 2020 05:24 AM
    Edited by Mukesh Bhati Wed November 11, 2020 05:35 AM
    Hello All,

    I have created a custom infoMap for authentication. and it's working fine.
    But after successful login. I want to send user detail in response.

    As of now, the 204 status code is a return.

    is this possible? to send user detail in response.

    ------------------------------
    Mukesh
    ------------------------------


  • 2.  RE: ISAM - How to send data in a response to a success of infoMap.

    Posted Wed November 11, 2020 08:26 AM
    Mukesh,

    The way that the Authentication Service is designed, it is intended only to perform authentication and set up a session to the Reverse Proxy.  Once this is complete, a 204 is returned to the calling client to tell it that authentication succeeded at that authenticated requests can now be made.

    To get content returned from the Authentication Service in the way you describe would be complex today... it might not even be possible.  It would likely be much easier to have the client make an additional call to obtain user data after receiving the 204.  This could be a request to the /scim/Me endpoint (if you have configured SCIM) or it could be a request to a custom policy in the Authentication Service which returns a page template with the data you need (using macros to populate the data).

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------



  • 3.  RE: ISAM - How to send data in a response to a success of infoMap.

    Posted Mon May 22, 2023 11:05 AM

    Hi John,

    I realize this is an older post. At the time of writing you mention it is the way to go using SCIM or a custom policy that returns a page with the required data (using Macro's). Is this still the case or are there other possibilities?

    We are in a similar situation where we are trying to get a specific value back after using an InfoMap for authentication. 
    I noticed that macro's are not available within the Reverse Proxy except in the error-dir and mgt-pages-root.
    Misusing these pages to return the value is possible, but not preferable. 

    What would be a good way to go about this?



    ------------------------------
    Jerryt D.
    ------------------------------



  • 4.  RE: ISAM - How to send data in a response to a success of infoMap.

    Posted Mon May 22, 2023 11:05 AM

    Hi John,

    I realize this is an older post. At the time of writing you mention it is the way to go using SCIM or a custom policy that returns a page with the required data (using Macro's). Is this still the case or are there other possibilities?

    We are in a similar situation where we are trying to get a specific value back after using an InfoMap for authentication. 
    I noticed that macro's are not available within the Reverse Proxy except in the error-dir and mgt-pages-root.
    Misusing these pages to return the value is possible, but not preferable. 

    What would be a good way to go about this?

    Kind regards,



    ------------------------------
    Jerryt D.
    ------------------------------



  • 5.  RE: ISAM - How to send data in a response to a success of infoMap.

    Posted Mon May 22, 2023 11:05 AM

    Hi John,

    I realize this is an older post. At the time of writing you mention it is the way to go using SCIM or a custom policy that returns a page with the required data (using Macro's). Is this still the case or are there other possibilities?

    We are in a similar situation where we are trying to get a specific value back after using an InfoMap for authentication. 
    I noticed that macro's are not available within the Reverse Proxy except in the error-dir and mgt-pages-root.
    Misusing these pages to return the value is possible, but not preferable. 

    What would be a good way to go about this?

    Kind regards,



    ------------------------------
    Jerryt D.
    ------------------------------



  • 6.  RE: ISAM - How to send data in a response to a success of infoMap.

    Posted Mon May 22, 2023 11:06 AM

    Hi John,

    I realize this is an older post. At the time of writing you mention it is the way to go using SCIM or a custom policy that returns a page with the required data (using Macro's). Is this still the case or are there other possibilities?

    We are in a similar situation where we are trying to get a specific value back after using an InfoMap for authentication. 
    I noticed that macro's are not available within the Reverse Proxy except in the error-dir and mgt-pages-root.
    Misusing these pages to return the value is possible, but not preferable. 

    What would be a good way to go about this?

    Kind regards,



    ------------------------------
    Jerryt D.
    ------------------------------



  • 7.  RE: ISAM - How to send data in a response to a success of infoMap.

    Posted Tue May 23, 2023 09:59 AM

    Here's what I would do:

    1. When you authenticate the user at the end of your successful infomap, put this piece of data that you want in the user's credential as an attribute.

    2. You then have several options for how to get it back to the client including:

     a) You can write a trivial stateless infomap based "collection" API to return it, which can be called by client-side JS in your post-authentication landing page

     b) With the new Lua-based HTTP transformation rules, write a response HTTP transformation to include it in either the response body (re-writing the empty body 204 to something else), or as a response HTTP header.



    ------------------------------
    Shane Weeden
    IBM
    ------------------------------