Hi Laurent,
Thank you for your response. Missing that parameter/header was a typo by me. Thanks for pointing it out. I just tried few things already as follows
1. https://logon.rese.colruytgroup.com/mga/sps/SAML-default/saml20/logininitial?RequestBinding=HTTPPost&PartnerId=https://idm.rese.colruytgroup.com/identityiq/ => 302
2. https://logon.rese.colruytgroup.com/mga/sps/auth => 302(user unauthenticated)
3. https://logon.rese.colruytgroup.com/mga/sps/authsvc/policy/colruytUserPasswordPolicy?Target=https://logon.rese.colruytgroup.com/mga/sps/auth => 200 and serves logon page
4. https://logon.rese.colruytgroup.com/mga/sps/authsvc/policy/colruytUserPasswordPolicy?StateId=dqSYl3IBTaZ38AIsIKK5XyWORKIMZg9aMjrWpEo7M1tWExxJy49YeyShjhbH => 302 logon form post and this contains the referrer header
Infomap:
var partnerid = context.get(Scope.REQUEST, "urn:ibm:security:asf:request:parameter", "PartnerId");
var target = context.get(Scope.REQUEST, "urn:ibm:security:asf:request:parameter", "Target");
var referrer = context.get(Scope.REQUEST, "urn:ibm:security:asf:request:header", "Referer");
logmsg(MAPPING_RULE_NAME,"DEBUG","====== partnerid: "+ partnerid);
logmsg(MAPPING_RULE_NAME,"DEBUG","====== target: "+ target);
logmsg(MAPPING_RULE_NAME,"DEBUG","====== referrer: "+ referrer);
Infomap output:
DEBUG: ====== partnerid: null
DEBUG: ====== target: null
DEBUG: ====== referrer: https://logon.rese.colruytgroup.com/mga/sps/authsvc/policy/colruytUserPasswordPolicy?Target=https://logon.rese.colruytgroup.com/mga/sps/auth
I understand that "PartnerId" in step1 and "Target" in step3 query parameters which are not part of request. That is why those are printed as null.
a) Is there a way to capture query parameters of a request in infomap?
b) Additional question, can we capture the original request(step1 in this case) in an infomap somehow?
------------------------------
Ramu Pedada
------------------------------
Original Message:
Sent: Thu June 27, 2024 03:01 AM
From: Laurent LA Asselborn
Subject: Capture initial referrer header and parameters in SP initiated saml flow in an infomap
Hi Ramu,
If you wanted to get a parameter of the request URL you would have to do a call like this:
context.get(Scope.REQUEST, "urn:ibm:security:asf:request:parameter", paramName)
You are missing the "parameter".
But this would still return null as the login_hint is not part of the request URL. The only parameter is "Target". You have to lookup the referer:
context.get(Scope.REQUEST, "urn:ibm:security:asf:request:header", "Referer");
I'm not sure if the headers are case-sensitive.
------------------------------
Laurent LA Asselborn
Original Message:
Sent: Wed June 26, 2024 02:27 PM
From: Ramu Pedada
Subject: Capture initial referrer header and parameters in SP initiated saml flow in an infomap
Greetings,
Could you help me to capture the initial referrer header and it's query parameters in SP initiated saml flow. The request flow is as follows
1. ramu.pedada@myorg.com">https://login.service.imperva.com/sso/idps/0oad0GLTCEX5d7?login_hint=ramu.pedada@myorg.com
2. https://logon.myorg.com/mga/sps/SAML-default/saml20/login(302 - as the user is unauthenticated)
3. https://logon.myorg.com/mga/sps/auth(302 - As the user is still unauthenticated)
4. https://logon.myorg.com/mga/sps/authsvc/policy/UserPasswordPolicy?Target=https://logon.myorg.com/mga/sps/auth
I would like to use the initial referrer header and query parameters in step 4 in a mapping rule of UserPasswordPolicy authentication policy. Is there a way I could capture them. When I tried to do context.get(Scope.REQUEST, "urn:ibm:security:asf:request", "login_hint"), I only got null. This could be because of multiple redirects before it hits the mapping rule.
------------------------------
Ramu Pedada
------------------------------