IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Expand all | Collapse all

Retrieve urn:ibm:security:environment:http:uri attribute in mapping rule for MMFA Push notification

  • 1.  Retrieve urn:ibm:security:environment:http:uri attribute in mapping rule for MMFA Push notification

    Posted Fri October 20, 2023 08:26 AM
    Edited by Sascha W Wed May 07, 2025 10:41 AM

    Hi,

    i'm implementing the MMFA flow. I'd like to set the push notification message to contain the junction the user is trying to access. Like "Please confirm Login to: /TEST".

    In the MMFA cookbook we see how to set a custom message but in that case is set from a different source.

    Analyzing logs i can see the attribute "urn:ibm:security:environment:http:uri" already contains the name of the junction we are trying to access:

            <ns1:Attribute
                AttributeId="urn:ibm:security:environment:http:uri" DataType="http://www.w3.org/2001/XMLSchema#string">
                <ns1:AttributeValue>/TEST</ns1:AttributeValue>
            </ns1:Attribute>

    I'd like to retrieve it in the setmessage mapping rule but something like:

    var param = context.get(Scope.REQUEST, "urn:ibm:security:environment:http:uri");
    IDMappingExtUtils.traceString("LOG - Uri = " + param);

    Doesn't work and the message cannot be set.

    Do you have any ideas on how to achieve this?

    I tried also getting the "referer" header but it's not present.

    I'm running out of ideas.

    Thank you,

    Sacha



    ------------------------------
    S
    ------------------------------



  • 2.  RE: Retrieve urn:ibm:security:environment:http:uri attribute in mapping rule for MMFA Push notification

    Posted Sat October 21, 2023 12:53 PM
    Edited by Sascha W Wed May 07, 2025 10:44 AM

    Hi, i've been able to make it work.

    I added the referer header to the [azn-decision-info] stanza:

    Referer = header:Referer

    At this point i was able to retrieve the header in the mapping rule by using:

    var referrer = context.get(Scope.REQUEST, "urn:ibm:security:asf:request:header", "referer"); 

    And set it as:

    context.set(Scope.SESSION, "urn:ibm:security:asf:demo", "prompt", message);