is it possible for a custom SmAuthScheme impl to obtain a reference to the current RequestContext
Article ID: 102357
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
AXIOMATICS POLICY SERVER
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
Is it possible for a custom SmAuthScheme impl to obtain a reference to the current RequestContext, or anything else that can provide the full URL+queryparams of the requested resource that prompted the authentication?
Environment
Release:
Component: SMAPC
Component: SMAPC
Resolution
Authentication schemes only manage credentials, and do not have access to properties about the original request such as the URL/URI.
The web agent constructs the query string passed on to the configured login page on its own. The credentials you type or submit get passed back to the authentication scheme, and the authentication scheme returns a binary yes/no answer to the policy server process on if authentication passed, with additional possible attributes like if the account is locked, a password change is required, etc.
An authentication scheme does not have a mechanism to make an authentication time decision based on the original URL, or specify what URL the user should return to.
Active expressions do have access to the RequestContext class, and can make decisions based on the action (GET/POST etc), server name of the HTTP request, and URI of the request. The possible types of active expressions are an Active Rule, Active Policy, or Active Response.
The web agent constructs the query string passed on to the configured login page on its own. The credentials you type or submit get passed back to the authentication scheme, and the authentication scheme returns a binary yes/no answer to the policy server process on if authentication passed, with additional possible attributes like if the account is locked, a password change is required, etc.
An authentication scheme does not have a mechanism to make an authentication time decision based on the original URL, or specify what URL the user should return to.
Active expressions do have access to the RequestContext class, and can make decisions based on the action (GET/POST etc), server name of the HTTP request, and URI of the request. The possible types of active expressions are an Active Rule, Active Policy, or Active Response.
Feedback
Powered by
