000017383 - USERNAME parameter populated but not taken into account for RBA authentication

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017383
Applies ToRSA Authentication Express 1.x
RSA Authentication Manager 8.0
RSA Authentication Manager 8.1
Issue
The "am_rba_custom_integration_guide" that come with RSA Authentication Manager 8.x and RSA Authentication Manager Express 1.x, the "USER_ID_PARAM_NAME" = "userName" parameter is passed to the RBA logon page but it does not use it.
To submit this form to Authentication Manager, you must submit the following parameters to https://am.example.com:7004/ims-rba/ using HTTP POST or GET:

Form Parameter

Sample Value

ORIG_ACTION_URL

https://securelogon.example.com/authenticate.cgi

REFERRING_URL

https://securelogon.example.com/login.html

USER_ID_PARAM_NAME

userName

PASSWORD_PARAM_NAME

password

AGENT_ID

ims.c00e125dd1dc640a01ce95f2f522b332


If your third party application or webpage is passing "userName" parameter to replace the 'USER_ID_PARAM_NAME' on the RBA, page, as per the piece of code below taken from the "Integration Script" this will not work
 

function toAbsolutePath(url) { 

if (url.search('://') != -1) {

return url;

}

if (url.indexOf('/') == 0) {

    var loc = location.href + "/";

    return loc.replace(/(.*?:\/\/[^\/]*?)\/.*/, '$1' + url);

}

return location.href.replace(/(.*\/).*/, '$1' + url);

}

 

function redirectToIdP() {

// check for the existence of the logon form

var logonForm = document.getElementById('myLogonForm');

if (logonForm) {

// change the document title

document.title = 'Please wait...';

 

// hide the document contents while waiting to redirect

document.body.style.display = 'none';

 

// add new input containing the original action URL

var origActionURL = document.createElement('input');

origActionURL.setAttribute('type', 'hidden');

origActionURL.setAttribute('name', 'ORIG_ACTION_URL');

origActionURL.setAttribute('value', toAbsolutePath(logonForm.action));

logonForm.appendChild(origActionURL);

 

// add new input containing the current (referring) URL

var referringURL = document.createElement('input');

referringURL.setAttribute('type', 'hidden');

referringURL.setAttribute('name', 'REFERRING_URL');

referringURL.setAttribute('value', toAbsolutePath(document.location.href));

logonForm.appendChild(referringURL);

 

// add new input containing the name of the user ID parameter

var userIDParamName = document.createElement('input');

userIDParamName.setAttribute('type', 'hidden');

userIDParamName.setAttribute('name', 'USER_ID_PARAM_NAME');

userIDParamName.setAttribute('value', 'userName');

logonForm.appendChild(userIDParamName);

 

// add new input containing the name of the password parameter

var passwordParamName = document.createElement('input');

passwordParamName.setAttribute('type', 'hidden');

passwordParamName.setAttribute('name', 'PASSWORD_PARAM_NAME');

passwordParamName.setAttribute('value', 'password');

logonForm.appendChild(passwordParamName);

 

// add new input containing the agent ID corresponding to the SSL VPN

var agentID = document.createElement('input');

agentID.setAttribute('type', 'hidden');

agentID.setAttribute('name', 'AGENT_ID');

agentID.setAttribute('value', 'ims.c00e125dd1dc640a01ce95f2f522b332');

logonForm.appendChild(agentID);

 

// change the form action to point at the AM service provider

logonForm.action = 'https://am.example.com:7004/ims-rba/';

 

// submit the form

logonForm.submit();

}

 

Resolution

The documentation is incorrect; it should have been USER_ID instead of USERNAME. I have tested the same after going through the source code and the parameter should be 'USER_ID'.

Please ask your customer to replace with following in there script:

// add new input containing the user ID
var userID = document.createElement('input');
userID.setAttribute('type', 'hidden');
userID.setAttribute('name', 'USER_ID');
userID.setAttribute('value', username);
logonForm.appendChild(userID);

Bug AM-28034 has been opened for the documentum team to update the rba customer integration guide accordingly


The correct table should be:

Form Parameter

Sample Value

ORIG_ACTION_URL

https://securelogon.example.com/authenticate.cgi

REFERRING_URL

https://securelogon.example.com/login.html

USER_ID_PARAM_NAME

user_id

PASSWORD_PARAM_NAME

password

AGENT_ID

ims.c00e125dd1dc640a01ce95f2f522b332



Legacy Article IDa65358

Attachments

    Outcomes