Highlighted
mcando Super Contributor.
Super Contributor.
848 views

Unable to verify challenge responses though REST

Hi,
I'm using Postman to query our SSPR v.4.2.0.2 appliance and almost every query is working fine, except the /sspr/public/rest/verifyresponses
I can succesfully verify any user's responses through the forgotten password link in the web console and if I give wrong answers I get the expected error.
But doing it so via REST I'm always getting the message "The operation has been successfully completed" even if I post the wrong answers.
I have configured SSPR to save the challenge responses in LDAP (eDirectory)

I'm enclosing the JSON code I use in Postman hoping anyone can help me out.

Thanks in advance.

PD: forgot to mention that nothing wrong seems to be in the logs, no error code, nothing. I'm pasting here the results:

19 de abril de 2018, 13:40:02 -03, DEBUG, rest.RestVerifyResponsesServer, {1748,SSPR_proxy} completed /verifyresponses REST service in 5s, response: {"error":false,"errorCode":0,"successMessage":"The operation has been successfully completed.","data":false} [xxx.xxx.xxx.xxx]
19 de abril de 2018, 13:39:57 -03, DEBUG, operations.CrService, {1748,SSPR_proxy} returning responses read via method LDAP for user cn=MCando,ou=DON_BOSCO,o=TGS [xxx.xxx.xxx.xxx]
19 de abril de 2018, 13:39:57 -03, DEBUG, operations.CrService, {1748,SSPR_proxy} will attempt to read the following storage methods: ["LDAP"] for user cn=MCando,ou=DON_BOSCO,o=TGS [xxx.xxx.xxx.xxx]
19 de abril de 2018, 13:39:57 -03, DEBUG, rest.RestVerifyResponsesServer, {1748,SSPR_proxy} beginning /verifyresponses REST service against cn=MCando,ou=DON_BOSCO,o=TGS (default) [xxx.xxx.xxx.xxx]


This is the Postman code I use:

{"username": "mcando",
"challenges": [
{
"challengeText": "Cuál era el nombre de su primer mascota? (Mín. 6 caracteres)",
"minLength": 6,
"maxLength": 128,
"adminDefined": true,
"required": false,
"maxQuestionCharsInAnswer": 0,
"enforceWordlist": false,
"answer":{
"answerText":"any test here returns a successful message"
}
},
{
"challengeText": "¿Cuál es el nombre de su madre? (Mín. 6 caracteres)",
"minLength": 6,
"maxLength": 128,
"adminDefined": true,
"required": false,
"maxQuestionCharsInAnswer": 0,
"enforceWordlist": false,
"answer":{
"answerText":"teresa"
}
},
{
"challengeText": "¿Cómo se llamaba su mejor amigo del colegio? (Mín. 6 caracteres)",
"minLength": 6,
"maxLength": 128,
"adminDefined": true,
"required": false,
"maxQuestionCharsInAnswer": 0,
"enforceWordlist": false,
"answer":{
"answerText":"maro"
}
},
{
"challengeText": "¿Cuál es el nombre de la calle en la que se crió? (Mín. 6 caracteres)",
"minLength": 6,
"maxLength": 128,
"adminDefined": true,
"required": false,
"maxQuestionCharsInAnswer": 0,
"enforceWordlist": false,
"answer":{
"answerText":"pastbligado"
}
},
{
"challengeText": "¿Cuál es su comida favorita? (Mín. 6 caracteres)",
"minLength": 6,
"maxLength": 128,
"adminDefined": true,
"required": false,
"maxQuestionCharsInAnswer": 0,
"enforceWordlist": false,
"answer":{
"answerText":"milas"
}
}
]
}
0 Likes
1 Reply
AutomaticReply Absent Member.
Absent Member.

Re: Unable to verify challenge responses though REST

mcando,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.