IBM Security Verify

 View Only
  • 1.  Call to /sps/apiauthsvc/policy/ gives 400 Bad Request

    Posted Thu November 11, 2021 04:17 AM
    Hi,

    I have a custom policy called /UserManagement , it provides the caller with some user info from ldap using the UserLookupHelper.
    The custom policy ends with:
    success.endPolicyWithoutCredential();
    It worked to my satisfaction, giving the expected json output with 200 OK as the response code.

    Now I've upgraded my ISAM9.0.6 Virtual Appliance to ISVA10.0.2 and also installed the IF0001.

    The same call to /sps/apiauthsvc/policy/UserManagement now gives a 400 Bad Request as the response code.
    The response body still gives the expected json output, same as before the upgrade.

    Has anyone encountered this before?
    Is there some change in behavior?
    How can I get to the bottom of this?

    Any suggestions are highly appreciated.

    Regards,

    ------------------------------
    Paul van den Brink
    ------------------------------


  • 2.  RE: Call to /sps/apiauthsvc/policy/ gives 400 Bad Request
    Best Answer

    Posted Thu November 11, 2021 05:54 AM
    Hi Paul,

    This came up previously.  I wrote:

    ---
    I checked with development and they confirmed that the change to make this response a 400 in 10.0.2.0 was intentional.  It seems that the change slipped past the documentation update process for which we can only apologize.
    ---

    I haven't tried it myself but I think it should be possible to override the response code by adding a snippet of server-side script to the template page that is being returned:

    <%
    templateContext.response.setStatus(200);
    %>​

    Are you able to see if this helps restore the original 200 response?

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------



  • 3.  RE: Call to /sps/apiauthsvc/policy/ gives 400 Bad Request

    Posted Thu November 11, 2021 06:18 AM
    Hi Jon,

    Yes, your suggestion restored the original 200 response.
    Thank a lot!

    Regards,
    Paul

    ------------------------------
    Paul van den Brink
    ------------------------------



  • 4.  RE: Call to /sps/apiauthsvc/policy/ gives 400 Bad Request

    Posted Wed June 29, 2022 04:12 PM

    Hi, 

    I have a similar issue, I have a custom policy called /sps/apiauthsvc?PolicyId=urn:ibm:security:authentication:asf:policyA on version ISAM 9.0.7.1 works correctly,  giving the expected json output with 200 OK as the response code.

    I tested two upgrades to version 10.0.3.1 and 10.0.4.0. When I upgraded to version 10.0.3.1 or 10.0.4.0 this call now sends a 400 Bad Request.

    Try to apply the suggestion shown here and this operation will be corrected, but I have a question, What if I really have to send a 400 Bad request if I apply this solution?

    Regards,

    Daniel



    ------------------------------
    Daniel López
    ------------------------------