Symantec Access Management

Is it possible to access/maintain the value of the resource a user was attempting to access on an azreject. (similar to the target parameter)

I would like to be able to maintain this information to send the user through a step-up authentication process, or role-request process, and kick them back into the resource once the requirement has been met.

We have generally used static redirects in the past, but would like to handle more advanced scenarios for AZReject.

Thanks,

Josh

Hi Josh,

So are you saying you are loosing target during setup up authentication at the moment ?

How about preserving the target in cookie ? 

Something like this works for you ? :

Tech Tip : CA Single Sign-On : Web Agent : Pre-fill username during step up authentication 

This wont work. This is after a successful authentication, and the user is redirected to the target, at which time the user does not match any access policy, and an AZReject fires as a result. So we have the ability to process an onaccess reject response, but I am wondering if there is a way to preserve the resource that was being accessed when the reject occurred.

Josh

Try this and let know if it helps....

Variables - CA Single Sign-On - 12.7 - CA Technologies Documentation 

On your AzReject Rule associate a Response.

First Create a Variable with Request Context.

Then Create a Response (I used Header, You may use Cookie).

I tested using SMTESTTOOL (as an alternative for WebAgent). And I get the Resource (URI) that I accessed in the SMTESTTOOL as a response).

I used RESOURCE as an example here, but you may play with other options as well.

One other note.

This works in R12.7.

This did not work in R12.52 SP1 CR02. It was broken there.

Is it possible to process trigger a redirect and set the header or cookie in the same response?

Thanks,

Josh

Yes it should and you should be able to map it to AzReject Rule. Try this and let know.

Perfect! Thank you Hubert!