How to have Post Data Preservation in Identity Gateway?

This topic has 1 reply, 2 voices, and was last updated 3 years, 1 month ago by violette.

  • Author
  • #26577

    Hi community,

    I have a somewhat noob question.

    I have IG fronting an application. IG route contains SSOFilter so attempt to access the application through IG will prompt for authentication and only authenticated sessions gets to reach the application. This is well and good for typical web browsing.

    But I have a use case where users can submit form data from another unprotected site to my application. What’s happening now is when the form data is posted to my application, IG intercepts and force user to authenticate via AM. I was expecting after successful login, the original post request will get forwarded to my backend application while maintaining method and post data. But what I’m seeing now is after authentication, IG forward the request using GET and the original post data is gone. As that form processing rejects any method other than POST, I get a 405 error thrown.

    If I redo the form submission again from the other app using the same browser, it is successfully processed as there is no need to route to an authentication chain.

    How can I configure IG to maintain the post data before/during/after authentication?

    I have already enabled Post Data Preservation in the Java agent settings in AM that IG uses to connect to the AMService. May I know what else is missing?

    I’m guessing the AM form with the goto parameter is simply redirecting to the originally requested URL, and such redirecting is always a GET. How then can I satisfy this seemingly simple use case?

    Any advise is appreciated. Thank you.



    Hi Zen,
    Actually, PDP is not actually implemented in IG: :/
    However, I think you can manage something with a ScriptableFilter to save the request data and reinject the data once the filter comes back from the authentication filter where the redirect is applied.
    Not pretty but it could work. I’ll try have a look on my side when I have time.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?