Micro Focus Contributor
Micro Focus Contributor
727 views

Unable to pre-post data to contract on IDP

Hi.
I need to pre-fill a contractś customized page using an external form which makes some previous validations calling external resources:
the contact uses Radius method (connected to a vasco radius server) and fetch password Method (so user's password is not needed)

the original process is:
Step 1: User opens contract's page and is asked for a username, after submit button is pressed,Nam sends a token request to vasco server,and vasco sends the OTP to user's email and or mobile phone
Step 2: User introduces the token and authentication is done.

this is my idea for the new process:


Custom Step 1: Form on external server: asks for some user data and queries some company's databases and determines whether the user can or cannot login, if true, makes a POST form request to an IDP page https://myIDPhost:8443//nidp/idff/sso?id=sb_vasco_sso

Custom Step 2: IDP customized jsp: Receives the post data, shows some information received in the POST Query String and pre-fills the contract's fields, after submit button is pressed,Nam sends a token request to vasco server,and vasco sends the OTP to user's email and or mobile phone.

(not really Custom) Custom Step 3: User introduces the token and authentication is done.

But when the POST is done in the "Custom Step 1", the NAM log shows a bunch of jsp:forward (not shown in the browser) and the contract' s page is shown with EMPTY fields.
tried to extract the http query String but it seems the NAM just ignores all the fields. if I change the method from POST to GET, the referer header actualy shows all the query string inline with all the fields filled

The customized JSP has just been modified to get some POST parameters an show them in the jsp page and also pre-fill the username field

Am I missing something ?

this is the test form for Custom Step 1, nothing special so far and is hosted in my hard drive

<html>
<form name=testForm method=POST action="https://IDP_HOSTNAME/nidp/app/login?id=sb_vasco_sso">
<input type=text name="email" value="c*****@g***.com"><br>
<input type=text name="mobile" value="301******9"><br>
<input type=text name="usernameStr" value="test_username"><br>
<input type=submit name=send value=send>
</form>
0 Likes
2 Replies
Micro Focus Contributor
Micro Focus Contributor

Re: Unable to pre-post data to contract on IDP

My version is NAM 4.3.

Also tried with NAM 4.1 and ind this version discovered that the mainredirect.jsp is doing a form submit with empty values, putted a piece of java that feeds all the query string in that jsp and now it is working (only in nam 4.1) .. Will try to do the same in NAM 4.3 to check if it works.


cecheverry;2486234 wrote:
Hi.
I need to pre-fill a contractś customized page using an external form which makes some previous validations calling external resources:
the contact uses Radius method (connected to a vasco radius server) and fetch password Method (so user's password is not needed)

the original process is:
Step 1: User opens contract's page and is asked for a username, after submit button is pressed,Nam sends a token request to vasco server,and vasco sends the OTP to user's email and or mobile phone
Step 2: User introduces the token and authentication is done.

this is my idea for the new process:


Custom Step 1: Form on external server: asks for some user data and queries some company's databases and determines whether the user can or cannot login, if true, makes a POST form request to an IDP page https://myIDPhost:8443//nidp/idff/sso?id=sb_vasco_sso

Custom Step 2: IDP customized jsp: Receives the post data, shows some information received in the POST Query String and pre-fills the contract's fields, after submit button is pressed,Nam sends a token request to vasco server,and vasco sends the OTP to user's email and or mobile phone.

(not really Custom) Custom Step 3: User introduces the token and authentication is done.

But when the POST is done in the "Custom Step 1", the NAM log shows a bunch of jsp:forward (not shown in the browser) and the contract' s page is shown with EMPTY fields.
tried to extract the http query String but it seems the NAM just ignores all the fields. if I change the method from POST to GET, the referer header actualy shows all the query string inline with all the fields filled

The customized JSP has just been modified to get some POST parameters an show them in the jsp page and also pre-fill the username field

Am I missing something ?

this is the test form for Custom Step 1, nothing special so far and is hosted in my hard drive

<html>
<form name=testForm method=POST action="https://IDP_HOSTNAME/nidp/app/login?id=sb_vasco_sso">
<input type=text name="email" value="c*****@g***.com"><br>
<input type=text name="mobile" value="301******9"><br>
<input type=text name="usernameStr" value="test_username"><br>
<input type=submit name=send value=send>
</form>
0 Likes
Micro Focus Contributor
Micro Focus Contributor

[SOLVED] Re: Unable to pre-post data to contract on IDP

Well .. After putting some debug inside some jsp files, I figured out where was the problem, here is what i Did:

first the easy part:
1- configured a new radius class with all it's properties including a CUSTO JSP page (jsp field)
2- configured a new method that uses such radius class and added two properties: MainJSP=false and JSP=the same custom jsp specified in the class
3- configured a new contract that users the radius Method.

now the hard part.
5- edited the file mainRedirect.jsp (take care than this jsp is only used when the property MainJSP=FALSE) to look like this.
(added a piece of java that feeds a string called "inputsString" with hidden form inputs taken from the query string and then put that string inside the <form></form>

6-voila.


<%@ page import="org.apache.commons.lang.StringEscapeUtils" %>
<%@ page import="java.net.URLEncoder" %>
<%
String target = (String) request.getParameter("target");
//target = StringEscapeUtils.escapeHtml(target);
if (target !=null && target.length() > 0)
target = java.net.URLEncoder.encode(target,"UTF-8");
%>

<%
java.util.Enumeration parameterList = request.getParameterNames();
String inputsString="";
while( parameterList.hasMoreElements() )
{
String sName = parameterList.nextElement().toString();
String[] sMultiple = request.getParameterValues( sName );
if( 1 >= sMultiple.length )
inputsString = inputsString + "<input type=hidden name=\""+sName + "\" value=\"" + request.getParameter( sName ) + "\">\n";
else
for( int i=0; i<sMultiple.length; i++ )
inputsString = inputsString + "<input type=hidden name=\""+sName + "\" value=\"" + sMultiple + "\">\n";
}
%>
<html>
<head>
<META HTTP-EQUIV="expires" CONTENT="0">
</head>
<body>
<% if (target != null) { %>
<form method="POST" enctype="application/x-www-form-urlencoded" action="<%= hand.getContentUrl()+"&target="+target %>">
<%=inputsString%>
</form>
<% } else { %>
<form method="POST" enctype="application/x-www-form-urlencoded" action="<%= hand.getContentUrl() %>">
<%=inputsString%>
</form>
<% } %>
<script language="JavaScript">
<!--
document.forms[0].submit();
-->
</script>
</body>
</html>




cecheverry;2486234 wrote:
Hi.
I need to pre-fill a contractś customized page using an external form which makes some previous validations calling external resources:
the contact uses Radius method (connected to a vasco radius server) and fetch password Method (so user's password is not needed)

the original process is:
Step 1: User opens contract's page and is asked for a username, after submit button is pressed,Nam sends a token request to vasco server,and vasco sends the OTP to user's email and or mobile phone
Step 2: User introduces the token and authentication is done.

this is my idea for the new process:


Custom Step 1: Form on external server: asks for some user data and queries some company's databases and determines whether the user can or cannot login, if true, makes a POST form request to an IDP page https://myIDPhost:8443//nidp/idff/sso?id=sb_vasco_sso

Custom Step 2: IDP customized jsp: Receives the post data, shows some information received in the POST Query String and pre-fills the contract's fields, after submit button is pressed,Nam sends a token request to vasco server,and vasco sends the OTP to user's email and or mobile phone.

(not really Custom) Custom Step 3: User introduces the token and authentication is done.

But when the POST is done in the "Custom Step 1", the NAM log shows a bunch of jsp:forward (not shown in the browser) and the contract' s page is shown with EMPTY fields.
tried to extract the http query String but it seems the NAM just ignores all the fields. if I change the method from POST to GET, the referer header actualy shows all the query string inline with all the fields filled

The customized JSP has just been modified to get some POST parameters an show them in the jsp page and also pre-fill the username field

Am I missing something ?

this is the test form for Custom Step 1, nothing special so far and is hosted in my hard drive

<html>
<form name=testForm method=POST action="https://IDP_HOSTNAME/nidp/app/login?id=sb_vasco_sso">
<input type=text name="email" value="c*****@g***.com"><br>
<input type=text name="mobile" value="301******9"><br>
<input type=text name="usernameStr" value="test_username"><br>
<input type=submit name=send value=send>
</form>
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.