Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
783 views

authpolicy: Re-authenticate with Contract and redirect url

I want to achieve the following:
When a user is in a specific LDAP group there should be an additional authentication (google authenticator).
After that additional authentication there should be a redirect to another path on the same site. This redirect should happen for all users (so for users who are in that specific ldap group and how are not).

I created a role for reading the ldap group, made an authorization policy which is evaluating this role and do an action on that condition with Re-authenticate with Contract to the another contract.
But how can I do a redirect after that authentication. I created a URL path condition with a lower priority in the same authorization policy but the redirection won't happen.
It looks like that when a re-authenticate is done, the next rule is not evaluated anymore.

When I do not use the re-authenticate rule the redirection is working fine
0 Likes
6 Replies
Absent Member.
Absent Member.

gschouten32,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
Absent Member.
Absent Member.

Which NAM version are you using?
If you have risk based authentication support, I would use that to fire additional authentication (beware, you can use only user LDAP attributes in RBE rules, so you should check groupMembership attribute).
After that you can have simple redirect authorization policy on AG resource.

regs s
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 8/2/2017 6:14 PM, sebastijan wrote:
>
> Which NAM version are you using?
> If you have risk based authentication support, I would use that to fire
> additional authentication (beware, you can use only user LDAP attributes
> in RBE rules, so you should check groupMembership attribute).
> After that you can have simple redirect authorization policy on AG
> resource.


One of the challenges would be is that authz policy always gets executed, not only after login


--
Cheers,
Edward
0 Likes
Absent Member.
Absent Member.

I thought that was requirement (always execute redirect policy), maybe I didn't understood that correctly.
If redirect is only needed after successful authentication, you can use "Login Redirect URL:" setting on contract (IDP->Local->Contracts-><contract name>->Login Redirect URL.

regs s
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 8/3/2017 7:34 PM, sebastijan wrote:
>
> I thought that was requirement (always execute redirect policy), maybe I
> didn't understood that correctly.
> If redirect is only needed after successful authentication, you can use
> "Login Redirect URL:" setting on contract
> (IDP->Local->Contracts-><contract name>->Login Redirect URL.


Thats not a bad idea i guess.


--
Cheers,
Edward
0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Thanks for all suggestions, great support.
Configuring "Login Redirect URL:" option did the trick.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.