Good morning,
we're implementing an InfoMap with the aim to verify a TOTP. We retrieve all required information from the Session, as follows:
var username = context.get(Scope.SESSION, "urn:ibm:security:asf:response:token:attributes", "username");
and everything works fine.
Then, we prepare a JSON like the following:
var jsonRequest = {
"otp":""+otp,
"operation":"verify"
};
to perform a Post to /apiauthsvc?PolicyId=urn:ibm:security:authentication:asf:totp
in order to verify the TOTP.
The headers we add are:
headers.addHeader("Content-Type", "application/json");
headers.addHeader("Accept", "application/json");
headers.addHeader("Cookie", cookiesArray[0]);
But when we perform the POST using this method:
com.ibm.security.access.httpclient.HttpClient.httpPost(url, headers, JSON.stringify(jsonRequest), "", "", "", "", "");
we get the correct TOTP validation but after the post all the session info is lost and even if TOTP was verified with success, then authentication does not end well and we get the HPDIA0114E Could not acquire a client credential
error.
We checked that it is because responseToken in session info is missing, but this is strange since we added "operation":"verify"
and everything should work well.
------------------------------
Marco Smorti
------------------------------