IBM Security Verify

 View Only
Expand all | Collapse all

Retrieve urn:ibm:security:environment:http:uri attribute in mapping rule for MMFA Push notification

  • 1.  Retrieve urn:ibm:security:environment:http:uri attribute in mapping rule for MMFA Push notification

    Posted Fri October 20, 2023 08:26 AM

    Hi,

    i'm implementing the MMFA flow. I'd like to set the push notification message to contain the junction the user is trying to access. Like "Please confirm Login to: /TEST".

    In the MMFA cookbook we see how to set a custom message but in that case is set from a different source.

    Analyzing logs i can see the attribute "urn:ibm:security:environment:http:uri" already contains the name of the junction we are trying to access:

            <ns1:Attribute
                AttributeId="urn:ibm:security:environment:http:uri" DataType="http://www.w3.org/2001/XMLSchema#string">
                <ns1:AttributeValue>/TEST</ns1:AttributeValue>
            </ns1:Attribute>

    I'd like to retrieve it in the setmessage mapping rule but something like:

    var param = context.get(Scope.REQUEST, "urn:ibm:security:environment:http:uri");
    IDMappingExtUtils.traceString("LOG - Uri = " + param);

    Doesn't work and the message cannot be set.

    Do you have any ideas on how to achieve this?

    I tried also getting the "referer" header but it's not present.

    I'm running out of ideas.

    Thank you,

    Sacha



    ------------------------------
    Sacha Mura
    ------------------------------


  • 2.  RE: Retrieve urn:ibm:security:environment:http:uri attribute in mapping rule for MMFA Push notification

    Posted Sat October 21, 2023 12:53 PM

    Hi, i've been able to make it work.

    I added the referer header to the [azn-decision-info] stanza:

    Referer = header:Referer

    At this point i was able to retrieve the header in the mapping rule by using:

    var referrer = context.get(Scope.REQUEST, "urn:ibm:security:asf:request:header", "referer"); 

    And set it as:

    context.set(Scope.SESSION, "urn:ibm:security:asf:demo", "prompt", message);



    ------------------------------
    Sacha Mura
    ------------------------------