Logon from a JSSP using requesting IP | Community
Skip to main content
J
jonasn92134656
Level 3
April 20, 2022
Solved

Logon from a JSSP using requesting IP

  • April 20, 2022
  • 1 reply
  • 2695 views

Hi,

 

When logging in from a JSSP (using for instance logon https://experienceleague.adobe.com/developer/campaign-api/api/f-logon.html) the login is performed from 127.0.0.1. Is there any way to perform a login using the IP that requested the JSSP?

The objective is to perform a login from a JSSP that respects the securityZone settings for the operator used to log in.

 

If not, is there any other way to validate if a requesting IP is valid according to securityZone settings?

 

Regards,

Jonas

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Marcel_Szimonisz

No idea why the security zones do not work maybe because all request coming to adobe campaign are as from localhost. If you can get the IP address.. and you have operator you can check it manually in a custom JSSP page. Where you check if the actual IP is the one whitelisted in the operator.

 

Marcel

1 reply

Marcel_Szimonisz
Community Advisor
Marcel_SzimoniszCommunity Advisor
Community Advisor
April 22, 2022

Hello @jonasn92134656 ,

how do you know what operator is accessing the page? I guess all can access via one operator.

You can do your own login page that will login as eg. admin or any user when the IP of the use accessing page  is whitelisted. Security zones you can get from the operator 

  <access authenticationType="native" noConsoleCnx="true" sessionTimeout="0">
    <homeDir activated="false"/>
    <trustedIP id="1" mask="127.0.0.1"/>

But I would personally not recommend this as I can change IP address in the headers. Not tested it on what 

would getRemoteAddress do

 

 

Marcel Szimonisz

MarTech Consultant
for more tips visit my blog
https://www.martechnotes.com/

    J
    jonasn92134656Author
    Level 3
    April 22, 2022

    Hi,

    The use case I was explaining would be your typical API authentication where credentials (user/password for a specific operator) is supplied by some means, and the user is "logged in" automatically using for instance the "logon(user,password)" method. The script/JSSP would then execute in the context/with the permissions or settings set up for that user.

    The issue I'm having is that when executing the logon method the IP of the requestor accessing the JSSP is not taken into account, I assume it's cause "logon" is executed from within the JSSP context, so the accessing IP used in the logon context is 127.0.0.1 instead of the IP of the requestor (as you can get from getRemoteAddress).

     

    IP whitelisting/blocking is an integral part of the AC user security setup so I'm looking for a way to leverage that (ie the existing securityZone settings) when authenticating a user.

     

    To clarify what I want to do we can remove the user/login part for a simpler use case:

    I want to check if the IP of something accessing a JSSP is valid with regards to the setup (IP masks)  for the 'webservice' securityZone of the instance.

     

    Hope this makes it more clear.

    Regards,

    Jonas

    Marcel_Szimonisz
    Community Advisor
    Marcel_SzimoniszCommunity AdvisorAccepted solution
    Community Advisor
    April 22, 2022

    No idea why the security zones do not work maybe because all request coming to adobe campaign are as from localhost. If you can get the IP address.. and you have operator you can check it manually in a custom JSSP page. Where you check if the actual IP is the one whitelisted in the operator.

     

    Marcel

      Terms & ConditionsAccessibility statement

      Loading footer...