IBM Security Verify

 View Only
  • 1.  ISAM: Populate MACROS using InfoMap

    Posted Fri April 03, 2020 06:08 PM
    Hello,

    Is it possible to populate MACROs using InfoMap authentication mechanisms which could then be accessed in the template files utilized by other authentication mechanisms?

    For example, if I create an authentication policy to call two authentication mechanisms:

    1. Infomap authentication mechanism running my mapping rule (to get information from request and populate MACROS)
    2. Any other authentication mechanism which would need to utilize those MACROS

    Would I be able to use those MACROS in the template pages? I am sure about the first step on how to populate macros, but I am not sure what would be the scope of these MACROS. Any ideas?

    Best regards,

    ------------------------------
    Jahanzaib Sarwar
    ------------------------------


  • 2.  RE: ISAM: Populate MACROS using InfoMap

    Posted Fri April 24, 2020 02:13 PM
    Hello Team,

    Any ideas on this? Awaiting your kind response..


    Regards,

    ------------------------------
    Jahanzaib Sarwar
    ------------------------------



  • 3.  RE: ISAM: Populate MACROS using InfoMap

    Posted Mon April 27, 2020 08:57 AM
    Hi Jahanzaib,

    I assume you need this because you want to make custom macros available in the pages generated from one of the built-in mechanisms.   I don't think this is possible.  I was hoping others might have an answer.

    As far as I know, only Macros set in a mechanism are available to the page template called by that mechanism.

    I thought there might be a way to get access to the SESSION context from within the server-side scripting available for the template pages (as an alternative way to pass values to the page) but it appears that is not possible either.

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------



  • 4.  RE: ISAM: Populate MACROS using InfoMap

    Posted Tue April 28, 2020 03:21 AM
    Hi Jahanzaib,

    It is not exactly clear what you want to do. Are we talking about the same authentication policy but two different mechanisms? It is possible to share information from one mechanism to a subsequent one, but not in the @MACRO@. The scope of the @MACRO@ seems to be local.
    To pass an attribute from one mechanism to the next you have to put it in the session:
    context.set(Scope.SESSION, "urn:ibm:security:asf:response:token:attributes", "macroToSave", "some_value");
    Later you can retrieve it and put it in the macro:
    var macroToSave = context.get(Scope.SESSION,"urn:ibm:security:asf:response:token:attributes", "macroToSave");
    macros.put("@MACRO@", macroToSave);
    So if you can execute your own script in the subsequent mechanism it is easy. For mechanisms where you can't use your own script this is of course impossible. But perhaps you can expand a little on what the subsequent mechanism is. I had problems with the built-in "Email Message" mechanism because it was not clear for me how to set the macros. It was only after quite some try and error that I found out that although the format in the template is also @macro@, the value is actually taken from the credential.
    So to use an attribute @myMacro@ in your template you first have to put it in the credential :
    context.set(Scope.SESSION, "urn:ibm:security:asf:response:token:attributes", "myMacro", "some_value");
    Hope this helps.


    ​​​​

    ------------------------------
    Laurent LA Asselborn
    ------------------------------



  • 5.  RE: ISAM: Populate MACROS using InfoMap

    Posted Thu April 30, 2020 03:14 PM
    Hi Jon and Laurent,

    Thank you both of you for your response..

    Jon,

    You are right, I want to make custom macros available in the pages generated from one of the built-in mechanisms, particularly Email Message mechanism. I wanted to pass information to its template page from within the Infomap.

    Laurent,

    Yes we are talking about the same authentication policy but two different mechanisms. What a coincidence, my query was also in reference to the "Email Message" mechanism! I populated the MACRO inside my Infomap authentication mechanism, and then the subsequent mechanism was the Email Message mechanism, where I wanted to read that MACRO in its template file. I am now successfully able to make it work by following what you said in your statement:
    "If the format in the template is also @macro@, the value could still actually be taken from the credential".
    This was really helpful and it worked! I put an attribute in the credential and then accessed it successfully from the template file of the email message mechanism. Thank you very much!

    Best regards,

    ------------------------------
    Jahanzaib Sarwar
    ------------------------------