Expand my Community achievements bar.

Announcing the launch of new sub-community for Campaign Web UI to cater specifically to the needs of Campaign Web UI users!
Read more
SOLVED

Logon from a JSSP using requesting IP

Avatar

Level 4
Level 4
4/20/22 1:00:25 AM

Hi,

 

When logging in from a JSSP (using for instance logon https://experienceleague.adobe.com/developer/campaign-api/api/f-logon.html) the login is performed from 127.0.0.1. Is there any way to perform a login using the IP that requested the JSSP?

The objective is to perform a login from a JSSP that respects the securityZone settings for the operator used to log in.

 

If not, is there any other way to validate if a requesting IP is valid according to securityZone settings?

 

Regards,

Jonas

Views

1.4K

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
4/22/22 1:13:14 AM
In response to jonasn92134656

No idea why the security zones do not work maybe because all request coming to adobe campaign are as from localhost. If you can get the IP address.. and you have operator you can check it manually in a custom JSSP page. Where you check if the actual IP is the one whitelisted in the operator.

 

Marcel

View solution in original post

Views

1.4K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Community Advisor
Community Advisor
4/21/22 9:04:20 PM

Hello @jonasn92134656 ,

how do you know what operator is accessing the page? I guess all can access via one operator.

You can do your own login page that will login as eg. admin or any user when the IP of the use accessing page  is whitelisted. Security zones you can get from the operator 

  <access authenticationType="native" noConsoleCnx="true" sessionTimeout="0">
    <homeDir activated="false"/>
    <trustedIP id="1" mask="127.0.0.1"/>

But I would personally not recommend this as I can change IP address in the headers. Not tested it on what 

would getRemoteAddress do

 

 

Marcel Szimonisz

MarTech Consultant
for more tips visit my blog
https://www.martechnotes.com/

Views

1.4K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
4/22/22 12:18:24 AM
In response to Marcel_Szimonisz

Hi,

The use case I was explaining would be your typical API authentication where credentials (user/password for a specific operator) is supplied by some means, and the user is "logged in" automatically using for instance the "logon(user,password)" method. The script/JSSP would then execute in the context/with the permissions or settings set up for that user.

The issue I'm having is that when executing the logon method the IP of the requestor accessing the JSSP is not taken into account, I assume it's cause "logon" is executed from within the JSSP context, so the accessing IP used in the logon context is 127.0.0.1 instead of the IP of the requestor (as you can get from getRemoteAddress).

 

IP whitelisting/blocking is an integral part of the AC user security setup so I'm looking for a way to leverage that (ie the existing securityZone settings) when authenticating a user.

 

To clarify what I want to do we can remove the user/login part for a simpler use case:

I want to check if the IP of something accessing a JSSP is valid with regards to the setup (IP masks)  for the 'webservice' securityZone of the instance.

 

Hope this makes it more clear.

Regards,

Jonas

Views

1.4K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
4/22/22 1:13:14 AM
In response to jonasn92134656

No idea why the security zones do not work maybe because all request coming to adobe campaign are as from localhost. If you can get the IP address.. and you have operator you can check it manually in a custom JSSP page. Where you check if the actual IP is the one whitelisted in the operator.

 

Marcel

Views

1.4K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 4
Level 4
4/22/22 1:21:35 AM
In response to Marcel_Szimonisz

Thanks, any idea how I can access the instance securityZone settings from within a JSSP? (In order to check if actual IP is whitelisted there)

Preferably without resorting to execCommand() calls.

Regards,

Jonas

Views

1.4K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
4/22/22 3:01:53 AM
In response to jonasn92134656

Hello @jonasn92134656 ,

It's copied to the operator.. so just query (query def, nlws.load,...) operator to access the information

  <access authenticationType="native" noConsoleCnx="true" sessionTimeout="0">
    <homeDir activated="false"/>
    <trustedIP id="1" mask="127.0.0.1"/>

Basically steps are 

  • login with the user
  • get oparator id 
  • elevate right to admin

 

 var ctx = logonEscalation("admin");

 

  • load operator object 
  • check if current IP is the one whitelisted
  • deescalate rights

 

logonWithContext(ctx);

 

  • ...
  • Profit

Marcel

 

 

 

 

 

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate