security - How to customize RSA Web Authentication Agent? -

-

currently in company there's internal web application custom login page. in order authenticate user make use of rsa authentication windows agent 7.2. call methods exposed acecln.dll library in internal library.

now want move rsa authentication web agent 7.1. i've seen how works, i've been able install web agent , protect whole web site. doing this, web agent's pages (login, succesful login) displayed. problem still want use our custom login web page haven't been able it.

i've checked dlls come web agent (rsahandler.dll , rsamodule.dll) seems they're not meant used acecln.dll library in windows agent. i've been able bypass rsa web agent's login page making post request handler defined in web.config webid web application set web agent. below details:

this how handler defined in c:\program files\rsa security\rsawebagent\webid\web.config

<handlers>             <add name="rsasecuridhandlermapping" path="iiswebagentif.dll" verb="*" modules="securidhandler" scriptprocessor="c:\program files\rsa security\rsawebagent\webid\rsahandler.dll" requireaccess="none" />         </handlers>

and form i've written in our custom login page. corresponds index.htm page presented after user gets validated.

<form action="/webid/iiswebagentif.dll" method="post" name="transportform">       username: <input  id="username" style=width: 155px" maxlength=64 value="jctorres" name="username" autocomplete=off"><br />       passcode: <input id="passcode" name="passcode" value="1984" maxlength=16  autocomplete="off"  style="width:155px;"><br />           <input type="hidden" name="referrer"  value="z2findexz2ehtm">             <input type="hidden" name="sessionid" value="0">           <input type="hidden" name="postdata"  value="get&#58;">           <input type="hidden" name="authntype" value="2">           <input type="hidden" name="stage"     value="useridandpasscode">            <input type="hidden" name="csrftoken" value="">           <input type=submit value="log in" onclick="">      </form>

as said, this, i'm able login our custom login page i'm still seeing intermediate authentication succeeded presented before index.htm presented.

my question be:

1- how can use rsa authentication web agent , still use company own login, error web page, , without displaying intermediate authentication succeeded web page? behavior of rsahandler.dll library customizable?

thanks in advance


Comments

Post a Comment

Popular posts from this blog

c++ - No viable overloaded operator for references a map -

-
i trying use map can make tag names reference number. when try , use it, in code error (6 in total every time reference map): src/main.cpp:25:45: error: no viable overloaded operator[] type 'std::map<std::string, std::string>' const char* idcs = node.child_value(tagmap[3]); this code: #include "pugi/pugixml.hpp" #include <iostream> #include <string> #include <map> int main() { pugi::xml_document doca, docb; std::map<std::string, pugi::xml_node> mapa, mapb; std::map<std::string, std::string> tagmap {{"1", "data"}, {"2", "entry"}, {"3", "id"}, {"4", "content"}}; if (!doca.load_file("a.xml") || !docb.load_file("b.xml")) { std::cout << "can't find input files"; return 1; } (auto& node: doca.child(tagmap[1]).children(tagmap[2])) { co
Read more

java - Custom OutputStreamAppender not run: LOGBACK: No context given for <MYAPPENDER> -

-
i wish write custom appender on basis of outputstreamappender . wrote following class package tests; import java.io.ioexception; import java.io.outputstream; import ch.qos.logback.core.outputstreamappender; public class myappender<e> extends outputstreamappender<e> { public myappender() { system.out.println("myappender created"); setoutputstream(new outputstream() { @override public void write(int b) throws ioexception { throw new unsupportedoperationexception(); } }); } } then wrote following runner: package tests; import org.slf4j.loggerfactory; import ch.qos.logback.classic.logger; public class runner { private static final logger log = (logger) loggerfactory.getlogger(runner.class); public static void main(string[] args) { //log.addappender(new myappender<iloggingevent>()); log.info("hello world"); } } finall
Read more

java - Cannot secure connection using TLS -

-
i'm trying establish secure socket connection between java client applet (built jdk 1.7.0_75-b13) , vc++ server application. as test vehicle, used vc++ client/server sample found in msdn forums, modified use schannel , able establish socket using cipher suite tls_rsa_with_aes_128_cbc_sha. works of tls 1.0/1.1/1.2. when try opening socket java applet same server application, connection rejected server reporting following: tls 1.0 acceptsecuritycontext failed: 0x80090327 tls 1.1 acceptsecuritycontext failed: 0x80090331 tls 1.2 acceptsecuritycontext failed: 0x80090331 this java code used create socket: debugprint("setting secure connection"); sslsocketfactory sslsocketfactory = (sslsocketfactory) sslsocketfactory.getdefault(); sslsocket sslsocket = (sslsocket) sslsocketfactory.createsocket("127.0.0.1", socketnumber); debugprint("starting handshake"); sslsocket.settcpnodelay(true); sslsocket.setsolinger(false, 0); sslsocket.s
Read more