Layer7 Access Management

Tech Tip : CA Single Sign-On : What is the recommended action () to use in the Authentication REST Interface for the REST base authentication?

  • 1.  Tech Tip : CA Single Sign-On : What is the recommended action () to use in the Authentication REST Interface for the REST base authentication?

    Posted 01-10-2018 03:08 AM

    Question:


    We're running CA Access Gateway (SPS), and we'd like to know what type of action (GET or POST) is recommended to use the REST base authentication. We're afraid that if a POST action is used, the credentials could show up in the CA Access Gateway (SPS) logs and traces.

     

    Answer:

     

    As per our documentation, the REST Interface doesn't put the data in the URL, but set it as headers :

     

    A URI in this format:

    http://hostname:port/authazws/AuthRestService/login/appID/Resource,

    posts the following request:

     

    <loginRequest>

    <binaryCreds></binaryCreds>

    <password>user1</password>

    <userName>user1</userName>

    <action>GET</action>

    </loginRequest>

     

    Authentication REST Interface

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/ca-siteminder-sps-configuration/configuring-the-authentication-and-authorization-web-services

     

    So, the credentials won't show up in any log or traces.

     

    More, the GET action is for the Authentication request, and the POST is the action for the Authorization.

    See the sample in the same documentation page :

     

    Authentication REST Interface

    A URI in this format, http://hostname:port/authazws/AuthRestService/login/appID/Resource, posts the following request:

     

    <loginRequest>

    <binaryCreds></binaryCreds>

    <password>user1</password>

    <userName>user1</userName>

    <action>GET</action>

    </loginRequest>

     

    [...]

     

    Authorization REST Interface

    The REST interface for authorization is http://hostname:port/authazws/AuthRestService/authz/appID/Resource:

     

    <authorizationRequest>

    <action>POST</action>

    <resource>RealmA/index.html</resource>

    <sessionToken>affl;;alkf;l;fd</sessionToken>

    </authorizationRequest>

     

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/ca-siteminder-sps-configuration/configuring-the-authentication-and-authorization-web-services

     

    KB : TEC1252652