Symantec Access Management

  • Private Community

  • 1.  Realm based on query string

    Posted May 28, 2015 03:17 PM

    Hi,

     

    Can a Realm be based on a Query string parameter using a wildcard?

     

    I have two urls:

    www.mydomain.com/mapplication?someparameters&type=newsubscriber

    www.mydomain.com/mapplication?someparameters&type=anything_other_than_newsubscriber

     

    I want to use a different login page based on the query string.  To do this I have set up two HTML authentication schemes.  I want to set up realm1 and scheme1 if "newsubscriber" is in the query string.  I want to use realm2 scheme2 if "newsubscriber" is NOT in the query string.

     

    If have IgnoreQueryData set to "No" in my ACO.  If I use the full url/querystring, Siteminder picks up correctly.  What I need is a wildcard that looks for "newsubscriber" anywhere in the query string.  (in the other realm2 it needs to make sure "newsubscriber" is NOT in the query string)

     

    Does anyone know if this is possible?  I have not seen any documentation that says wildcards can be used in this way.

     

    thanks



  • 2.  Re: Realm based on query string

    Posted May 28, 2015 03:38 PM

    Very possible.  Take a look at the "Perform regular expression pattern matching" option on a rule.



  • 3.  Re: Realm based on query string

    Posted May 28, 2015 03:52 PM

    From reading that, it looks like the wildcard only applies to the Rule.  In my case I need it to apply to the Realm.  This is because I need to use two different authentication schemes and those are defined at the Realm level.



  • 4.  Re: Realm based on query string

    Posted May 28, 2015 04:16 PM

    I wonder if you could just do this.

     

    realm1: /resource-filter/*newsubscriber*

    realm2: /resource-filter/

     

    Nah. This won't work.

     

    Maybe play games with the resource filter where "most of it" is used as realm1 with auth scheme1.  Then "all of it" with the 'newsubscriber' pattern match on the rule is realm2 with auth scheme2.



  • 5.  Re: Realm based on query string
    Best Answer

    Posted May 29, 2015 07:17 AM

    correct. wildcards are in  rules, not  realms.

    i think it's a common enhancement  request. try  making an idea.

     



  • 6.  Re: Realm based on query string

    Posted May 29, 2015 03:41 PM

    I believe I cam up with a solution.  I am using a sub Realm.

     

    Top realm will use Authentication Scheme 1 and protect:

    www.mydomain.com/mapplication

     

    Sub realm will use Authentication Scheme 2 and protect:

    www.mydomain.com/mapplication?type=newsubscriber&someparameters

     

    so now anyone that has "type=newsubscriber" will see the scheme that has a login page designed for new subscribers.

     

    thanks for everyones help.