What is the recommended action (<action>) to use in the Authentication REST Interface for the REST base authentication?

book

Article ID: 16571

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction



We're running CA Access Gateway (SPS), and we'd like to know what type of action (GET or POST) is recommended to use the REST base authentication. We're afraid that if a POST action is used, the credentials could show up in the CA Access Gateway (SPS) logs and traces.

 

Environment

Release:
Component: SMSPS

Resolution

As per our documentation, the REST Interface doesn't put the data in the URL, but set it as headers : 

 

A URI in this format:

http://hostname:port/authazws/AuthRestService/login/appID/Resource, 

posts the following request: 

 

  <loginRequest> 

  <binaryCreds></binaryCreds> 

  <password>user1</password> 

  <userName>user1</userName> 

  <action>GET</action> 

  </loginRequest> 

 

Authentication REST Interface 

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/ca-siteminder-sps-configuration/configuring-the-authentication-and-authorization-web-services 

 

So, the credentials won't show up in any log or traces.  

 

More, the GET action is for the Authentication request, and the POST is the action for the Authorization.

See the sample in the same documentation page :

 

Authentication REST Interface 

A URI in this format, http://hostname:port/authazws/AuthRestService/login/appID/Resource, posts the following request: 

 

  <loginRequest> 

  <binaryCreds></binaryCreds> 

  <password>user1</password> 

  <userName>user1</userName> 

  <action>GET</action> 

  </loginRequest> 

 

  [...] 

 

Authorization REST Interface 

The REST interface for authorization is http://hostname:port/authazws/AuthRestService/authz/appID/Resource: 

 

  <authorizationRequest> 

  <action>POST</action> 

  <resource>RealmA/index.html</resource> 

  <sessionToken>affl;;alkf;l;fd</sessionToken> 

  </authorizationRequest> 

 

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/ca-siteminder-sps-configuration/configuring-the-authentication-and-authorization-web-services