locked
UAG doesn't allways proxy credentials for back end app RRS feed

  • Question

  • Hello Everyone.
    I have the following problem. I published two applications with UAG. Both apps using Form login authentication, and also custom repositories. Every repository  has a user with incorrect creds ( "AddSessionUser user, wrongPwd, repository" in postpostValidate.inc). Also I have profiles for that apps in LoginForm.xml (Only Login screen is defined). Then when I launch app1, uag proxies wrongPwd and "Login Failure Screen" is displayed. Then I launch app1 again and instead of proxying creds again, UAG does nothing (even autosubmit Jscript is not inserted). In UAG Traces I saw that Login form was detected two times, and UAG took creds from repository two times. If I  take the same steps for app2, then UAG proxy creds two times!.
    I try modifying autosubmit script (commented .submit() action) but had same results.

    Does anyone now how to solve it? Or at least what trace records should appear in UAG log, so that I can be sure that creds were proxied two times.

    BTW for the app2 I see similar behaviour in case when user.lenght() <= 1

    P.S. If I use good credentials, UAG allways proxies them

    Thanks in advance

    Wednesday, October 6, 2010 2:46 PM

Answers

  • The issue was solved. UAG doesn't proxy credentials second time until the first one were submitted to the back end application!
    • Marked as answer by Vetas Thursday, October 7, 2010 3:52 PM
    Thursday, October 7, 2010 3:52 PM
  • Sure.
    With my app1 I had following workflow:

    1. UAG proxied incorrect creds into the form
    2. AutoSubmit executed
    3. Page was refreshed Login Failure page appeared (Login form was present again on that page)
    4. UAG recognized Failure page as Login (because of "/.*" in the HOST_URL), proxied creds again but autosubmit was not executed (maybe because of delay)
    5. I closed the app1 (Autosubmit was not executed, so UAG will not proxy creds until “Login” button is pressed)!!!
    6. I launched app again (Nothing happens)
    7. If I pressed “Login” button (even if usr and pwd fields were empty) page is refreshed (Login form present on Login Failure page) and then UAG proxies creds again!

    The solution was to specify URL in LoginForm.xml that will identify only Login screen, not Login Failure. But I still don't know how to solve it when the URL of Login and Login failure page are the same. Seems that LOGIN_EVALUATOR will not help because for Login scenario it is used for "diagnostic purposes, in order to define whether the authentication succeeded or failed"

    • Marked as answer by Vetas Friday, October 8, 2010 9:05 AM
    Friday, October 8, 2010 9:05 AM

All replies

  • Hi Amig@. There is a property in LoginForm called Multiple_Login. Did you set it to true?

    Take a look at this article in the amazing Ben Ari's blog :P

    http://blogs.technet.com/b/ben/archive/2010/01/23/custom-form-login-sso-how-to.aspx


    // Raúl - I love this game
    Wednesday, October 6, 2010 3:57 PM
  • When I saw it for the first time, I also thought that MulipleLogins is FALSE. But unfortunately that option is set to TRUE :(
    Wednesday, October 6, 2010 4:03 PM
  • :-S

    Have you configured the Login_Evaluator property?

    This is my last resource


    // Raúl - I love this game
    Wednesday, October 6, 2010 4:31 PM
  • I tried it once but it didn't work. But I could make some error there. Will try again. But anyway, my app2 (where UAG proxies wrong creds everytime) also doesn't have Login_Evaluator

    Wednesday, October 6, 2010 4:39 PM
  • The issue was solved. UAG doesn't proxy credentials second time until the first one were submitted to the back end application!
    • Marked as answer by Vetas Thursday, October 7, 2010 3:52 PM
    Thursday, October 7, 2010 3:52 PM
  • Hi Amig@. Could you, please, give us a more detailed explanation? I am curious.

    Regards


    // Raúl - I love this game
    Thursday, October 7, 2010 4:17 PM
  • Sure.
    With my app1 I had following workflow:

    1. UAG proxied incorrect creds into the form
    2. AutoSubmit executed
    3. Page was refreshed Login Failure page appeared (Login form was present again on that page)
    4. UAG recognized Failure page as Login (because of "/.*" in the HOST_URL), proxied creds again but autosubmit was not executed (maybe because of delay)
    5. I closed the app1 (Autosubmit was not executed, so UAG will not proxy creds until “Login” button is pressed)!!!
    6. I launched app again (Nothing happens)
    7. If I pressed “Login” button (even if usr and pwd fields were empty) page is refreshed (Login form present on Login Failure page) and then UAG proxies creds again!

    The solution was to specify URL in LoginForm.xml that will identify only Login screen, not Login Failure. But I still don't know how to solve it when the URL of Login and Login failure page are the same. Seems that LOGIN_EVALUATOR will not help because for Login scenario it is used for "diagnostic purposes, in order to define whether the authentication succeeded or failed"

    • Marked as answer by Vetas Friday, October 8, 2010 9:05 AM
    Friday, October 8, 2010 9:05 AM