IBM Security Verify

 View Only

  • 1.  howto address an empty user-agent for auth-challenge-type

    Posted Wed April 06, 2022 03:01 AM
    I need to authenticate all request with a Java* User-Agent via EAI and all other requests via BasicAuthentication.
    I tried:
    auth-challenge-type = [+java*]eai,ba
    and
    auth-challenge-type = [-java*]ba,eai

    In both cases the requests without User-Agent are sent to the EAI. What is the correct config for the described behavior?

    ------------------------------
    Andreas Rühl
    ------------------------------


  • 2.  RE: howto address an empty user-agent for auth-challenge-type

    Posted Wed April 06, 2022 04:28 PM

    Andreas,

     

    You would need to set a single configuration entry, something like:

     

    auth-challenge-type = [+*java*]ba, [-*java*;+*]eai

     

    The rules are evaluated in the order provided in the configuration.  In this case the first rule states, if the user-agent header contains 'java', send back a BA authentication challenge.  The second rule states, if the user-agent does not container 'java', send back an EAI authentication challenge.  The second rule should not be strictly required because the login form (which is used for the EAI challenge) is sent back by default.

     

    I hope that this helps.

     

     

    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access
    IBM Master Inventor

     

     




    Original Message


  • 3.  RE: howto address an empty user-agent for auth-challenge-type

    Posted Thu April 07, 2022 03:02 AM
    Edited by Andreas Rühl Thu April 07, 2022 03:12 AM
    Hi Scott,
    thanks for your reply.

    It works with
    [+java*]eai, [-java*;+*]ba
    and also with
    [+java*]eai, [+*]ba
    but not with
    [+java*]eai, ba

    From the documeation I had expected, that "ba" is equal to "[+*]ba". Could you please explaine the difference. In my tests it differs only by empty user-agent headers.

    Thanks
    Andreas

    ------------------------------
    Andreas Rühl
    ------------------------------

    Original Message


  • 4.  RE: howto address an empty user-agent for auth-challenge-type

    Posted Thu April 07, 2022 03:24 AM

    Andreas,

     

    Unfortunately, I cannot really explain the difference.  It could be a potential bug in the software.  I would simply go with what works.

     

    Thanks.

     

     

    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access
    IBM Master Inventor

     

     




    Original Message