Forum Discussion

david78's avatar
david78
Icon for Nimbostratus rankNimbostratus
Apr 16, 2018

APM : how works /my.policy ?

Hi, I would like to authenticate a server-to-server exchange with login + password + token.

 

I was thinking of using a logon page that would not display to transmit variables to APM.

 

Here is my scenario: 1/ the client makes a request on https://myurl.com/ressource 2/ APM opens a session, returns MRH cookies and redirect to my logon page (320 to /my.policy) 3/ the client does not make a GET on the logon page, but it makes a POST request to /my.policy with the information in the body: "username=my.user&password=my.pwd&otp=my.token&vhost=standard"

 

My question is that I have to submit POST twice for it to work.

 

The first time, I have a 200 OK response with the logon page. The second time, I have the redirect to my original resource.

 

Do you have an idea ?

 

Thanks for your help.