Symantec Access Management

  • Private Community

  • 1.  POST Authorization header to Basic over SSL not working

    Posted May 28, 2015 12:28 PM

    Hi,

     

    We are trying to protect a realm using a standard basic over SSL authentication scheme. The intention here is to make authentication 'automatically' by sending the Authorization header directly to the credential collector via GET/POST requests.

     

    This is working perfectly with GET-requests, where we set the right authorization header and get the right cookies back.

     

    When doing the same with POST-requests we just receive the following error in tracefiles:

     

    [08:46:23][12015][3558405888][CSmCredentialManager.cpp:222][CSmCredentialManager::GatherAdvancedAuthCredentials][IP Address][][hostname][test/][][Calling SM_WAF_HTTP_PLUGIN->ProcessAdvancedAuthCredentials.]

     

    [08:46:23][12015][3558405888][SmSCC.cpp:418][SmScc::getCredentials][IP Adress][][hostname][test/][][Success in collecting credentials.]

     

    [08:46:23][12015][3558405888][SmSCC.cpp:444][SmScc::getCredentials][IP Address][][hostname][test/][][Failed to obtain post data.]

     

    [08:46:23][12015][3558405888][CSmCredentialManager.cpp:252][CSmCredentialManager::GatherAdvancedAuthCredentials][IP Address][][hostname][test/][][SM_WAF_HTTP_PLUGIN->ProcessAdvancedAuthCredentials returned SmFailure.]

     

    And in Weblog:

     

    [12015/3558405888][CSmCredentialManager.cpp:251][ERROR][sm-AgentFramework-00460] HLA: Analyzer from module 'SM_WAF_HTTP_PLUGIN' returned unknown response code '-1' for component 'Credential Manager'.

    [12015/3558405888][CSmHighLevelAgent.cpp:1108][ERROR][sm-AgentFramework-00420] HLA: Component reported fatal error: 'Credential Manager'.

     

    Any suggestions ??

     

    Best regards,

    Michael



  • 2.  Re: POST Authorization header to Basic over SSL not working

    Posted May 29, 2015 07:10 AM

    could you turn  on more in the trace log?

    https://communities.ca.com/message/101076393#101076393

    that link, even outdated, may assist.

    if you like it support this idea: Documentation Enchancement: Quick Reference Guides: Logging and Agent Parameters



  • 3.  Re: POST Authorization header to Basic over SSL not working

    Posted Jun 01, 2015 02:33 AM

    Hi Josh,

     

    Thanks for your reply - What are you specifically looking for ??

     

    CA Support has just answered me and states that is isn't possible to use an approach like this by posting the authorization header directly, since it bypasses the post preservation steps.

     

    Have any of you had any success with this previously e.g. by integrating custom features ??

     

    Br,

    Michael



  • 4.  Re: POST Authorization header to Basic over SSL not working

    Posted Jun 01, 2015 08:03 AM

    Without more context i''m not sure how  i would adjust the logs. right now it just does not give me enough detail to do more than note that there is an error.

    i'm not shocked that CA hasn't found anything. i would respond asking what methods are supported by the FCC (because their answer should be get and post) and then point out you're using and FCC supported interaction method and ask them to dive further.

     

    I haven't tried what you're doing, but i also don't  think this is an inherent bypass. Could they give a better explanation? could you let us know how they claim you're bypassing their function?