Highlighted
seba4 Respected Contributor.
Respected Contributor.
92 views

NAM REST Attribute source & ClientIP

Hi 

in NAM i am trying to get STATUS from REST API which is important for next NAM responses.

I kinda got it working except that i don't know how in Attribute Source i can pass ClientIP which in our case is  really important..

 

Current working hardcoded values in JSON looks like that:

{
"currentLocationIP": "{P2}",
"username": "{P1}"
}

 

I have managed to get Username from NAM, but i don't know how can i read ClientIP and set it in JSON

 

Did anyone have similar problem?

0 Likes
2 Replies
seba4 Respected Contributor.
Respected Contributor.

Re: NAM REST Attribute source & ClientIP

Is it possible to save current user IP into Virtual Attribute?
0 Likes
seba4 Respected Contributor.
Respected Contributor.

Re: NAM REST Attribute source & ClientIP

I hope i can create a better explanation of what we are trying to achieve.

 

In our environment we have a requirement that when user logins into Access Manager portal, that we need to send user’s location information to backend REST API.  Because Access Manager already knows users IP address the idea was that we can just send this IP to REST API.  This option would only require mapping (IP => Location NAME) on REST API side. The problem we are having is that user’s current-IP is not directly available when using Access Manager REST functionality for Virtual Attributes.

 

We have managed to get working solution, but it needs more management for each location because Mapping must be done on Access Manager and on REST API side. This really adds a lot of complexity. 

What we have done:

  • He have used Risk Based functionality which is adding Risk Score (location ID) if IP is matched and then in REST request we send user’s Risk Score. On REST API we need to match Risk Score to location which is then used in some calculations.

Explanation in Example:

  • User with IP 192.168.1.100 is Authenticate to Access Manager.
  • When user authenticates, we trigger post Authentication Risk policy.
  • This policy matched 192.168.1.100 in rules and Risk Score is set to 1
  • This Risk Score is then sent to REST API
  • REST API then receives Risk Score = 1 and maps it to Risk Score(1) = LocationA

 

  • User with IP 192.168.1.110 is Authenticate to Access Manager.
  • When user authenticates we trigger post Authentication Risk policy.
  • This policy matched 192.168.1.110 in rules and Risk Score is set to 2
  • This Risk Score is then sent to REST API
  • REST API then receives Risk Score = 2 and maps it to Risk Score (2) = LocationB

This requires double management for each location and we have a lot of locations to set.

Sending IP address would really make this logic much simpler, but we can’t find any setting that can do that.

 

If anyone has any better idea/view how to solve this problem you are more than welcome 😊

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.