Hi,
When logging in from a JSSP (using for instance logon https://experienceleague.adobe.com/developer/campaign-api/api/f-logon.html) the login is performed from 127.0.0.1. Is there any way to perform a login using the IP that requested the JSSP?
The objective is to perform a login from a JSSP that respects the securityZone settings for the operator used to log in.
If not, is there any other way to validate if a requesting IP is valid according to securityZone settings?
Regards,
Jonas
Solved! Go to Solution.
Views
Replies
Total Likes
No idea why the security zones do not work maybe because all request coming to adobe campaign are as from localhost. If you can get the IP address.. and you have operator you can check it manually in a custom JSSP page. Where you check if the actual IP is the one whitelisted in the operator.
Marcel
Hello @jonasn92134656 ,
how do you know what operator is accessing the page? I guess all can access via one operator.
You can do your own login page that will login as eg. admin or any user when the IP of the use accessing page is whitelisted. Security zones you can get from the operator
<access authenticationType="native" noConsoleCnx="true" sessionTimeout="0"> <homeDir activated="false"/> <trustedIP id="1" mask="127.0.0.1"/>
But I would personally not recommend this as I can change IP address in the headers. Not tested it on what
would getRemoteAddress do
Marcel Szimonisz
MarTech Consultant
for more tips visit my blog
https://www.martechnotes.com/
Hi,
The use case I was explaining would be your typical API authentication where credentials (user/password for a specific operator) is supplied by some means, and the user is "logged in" automatically using for instance the "logon(user,password)" method. The script/JSSP would then execute in the context/with the permissions or settings set up for that user.
The issue I'm having is that when executing the logon method the IP of the requestor accessing the JSSP is not taken into account, I assume it's cause "logon" is executed from within the JSSP context, so the accessing IP used in the logon context is 127.0.0.1 instead of the IP of the requestor (as you can get from getRemoteAddress).
IP whitelisting/blocking is an integral part of the AC user security setup so I'm looking for a way to leverage that (ie the existing securityZone settings) when authenticating a user.
To clarify what I want to do we can remove the user/login part for a simpler use case:
I want to check if the IP of something accessing a JSSP is valid with regards to the setup (IP masks) for the 'webservice' securityZone of the instance.
Hope this makes it more clear.
Regards,
Jonas
Views
Replies
Total Likes
No idea why the security zones do not work maybe because all request coming to adobe campaign are as from localhost. If you can get the IP address.. and you have operator you can check it manually in a custom JSSP page. Where you check if the actual IP is the one whitelisted in the operator.
Marcel
Thanks, any idea how I can access the instance securityZone settings from within a JSSP? (In order to check if actual IP is whitelisted there)
Preferably without resorting to execCommand() calls.
Regards,
Jonas
Views
Replies
Total Likes
Hello @jonasn92134656 ,
It's copied to the operator.. so just query (query def, nlws.load,...) operator to access the information
<access authenticationType="native" noConsoleCnx="true" sessionTimeout="0"> <homeDir activated="false"/> <trustedIP id="1" mask="127.0.0.1"/>
Basically steps are
var ctx = logonEscalation("admin");
logonWithContext(ctx);
Marcel