simeonof Frequent Contributor.
Frequent Contributor.
1068 views

reCaptcha Authorization Policy for Access Manager

I was wondering if anybody has done it already. I think it would be a nice addition to the authorization policies. If the reCaptcha is successful - you are authorized to access the requested resource. If reCaptcha fails - Access Forbidden. Any ideas how to do it?
0 Likes
7 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: reCaptcha Authorization Policy for Access Manager

On 10/4/2016 1:16 AM, Simeonof wrote:
>
> I was wondering if anybody has done it already. I think it would be a
> nice addition to the authorization policies. If the reCaptcha is
> successful - you are authorized to access the requested resource. If
> reCaptcha fails - Access Forbidden. Any ideas how to do it?
>
>


If I recall correctly, there is something like that coming in the next
version which is due out soon.

--
Cheers,
Edward

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

0 Likes
simeonof Frequent Contributor.
Frequent Contributor.

Re: reCaptcha Authorization Policy for Access Manager

Is there a way to check and confirm that this is scheduled for the next release? If it is, it doesn't make sense to put any resources into developing it. But if it's not, then I can start looking into it. Maybe someone from NetIQ can confirm?
0 Likes
simeonof Frequent Contributor.
Frequent Contributor.

Re: reCaptcha Authorization Policy for Access Manager

OK it looks like there is reCaptcha support in 4.3, however it is only for the protection of the login page (Name/Password Form and Secure Name/Password Form) from too many login attempts. What I am trying to achieve is different - I have a web application, which is public (no authentication required). The way to restrict robots from accessing it is to enable reCaptcha either in the application itself, or in the Access Manager (NAM) which stands in front of it. Since modifying the app is not possible (for various reasons), the best way would be to activate an authorization policy in NAM. Since I am no programmer, I need to know what would be the best way to do it, so I can guide the programmer in the right direction (he has no idea of NAM). From what I read in the dev site, this would be best accomplished by a policy extension, correct? Or is there another way? Any ideas anyone?
0 Likes
simeonof Frequent Contributor.
Frequent Contributor.

Re: reCaptcha Authorization Policy for Access Manager

If someone is interested in developing this for a fee - I'd be happy to discuss it.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: reCaptcha Authorization Policy for Access Manager

On 10/18/2016 8:56 PM, Simeonof wrote:
>
> OK it looks like there is reCaptcha support in 4.3, however it is only
> for the protection of the login page (Name/Password Form and Secure
> Name/Password Form) from too many login attempts. What I am trying to
> achieve is different - I have a web application, which is public (no
> authentication required). The way to restrict robots from accessing it
> is to enable reCaptcha either in the application itself, or in the
> Access Manager (NAM) which stands in front of it. Since modifying the
> app is not possible (for various reasons), the best way would be to
> activate an authorization policy in NAM. Since I am no programmer, I
> need to know what would be the best way to do it, so I can guide the
> programmer in the right direction (he has no idea of NAM). From what I
> read in the dev site, this would be best accomplished by a policy
> extension, correct? Or is there another way? Any ideas anyone?
>
>

This would be fairly challenging I reckon as authorization policies
don't really have a way to interact with the browser to throw up a
reCaptcha challenge

--
Cheers,
Edward

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: reCaptcha Authorization Policy for Access Manager

If bots/spiders are the problem, why not use the Risk engine to process the User Agent string and block them?

Visit my Website for links to Cool Solution articles.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: reCaptcha Authorization Policy for Access Manager

That is an option but keep in mind that the user-agent header can contain anything. If the original poster is concerned about getting the site indexed then another option would be to use robots.txt.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.