topic Re: have a question regarding mobile access policy in General Topics

have a question regarding mobile access policy

kb1 — Wed, 11 Mar 2020 23:40:16 GMT

so i needed some clarification on what happens in the logs for accept or rejecting a user based on policy, will be attaching a screenshot as well, now we have a user who is trying to log into an application called PNR_Unchecker and is getting rejected, user groups are mentioned as well, now i want a clarification of why he might be getting rejected, is it because the user groups that are mentioned (under mobile access details) are the only groups that are allowed access and he doesnt belong to them? or he belongs to those user groups and thats why he isnt granted access? btw i do have the rule in mobile access policy configured to have users from iqor.supervisor access to PNR_Unchecker(iqor.supervisor under users column, and the PNR_Unchecker under applications column if thats how it should be configured and installed on the required gateways) , also there are 5 rules in total with every rule having PNR_Unchecker under applications, doesnt that mean all the user groups defined in those rules should be able to access this particular application? if thats the case why does it only show iqor.supervisor under mobile access details in the screenshot and not the other user groups as well? and another thing why does it not show the rule number as well in the logs? that would be helpful wouldnt it??

Thank You,

Regards.

Re: have a question regarding mobile access policy

PhoneBoy — Thu, 12 Mar 2020 01:11:42 GMT

It looks like MAB is failing HTTP Authentication to access the backend website.
What happens when you try to access the same URL from the CLI of the gateway with curl or similar?

Re: have a question regarding mobile access policy

kb1 — Thu, 12 Mar 2020 01:36:20 GMT

I will try that out and update here.

Re: have a question regarding mobile access policy

kb1 — Thu, 12 Mar 2020 16:39:09 GMT

Hello,

Can you point me to an sk that states all the curl commands that are used in situations like this?

Thank You.

Re: have a question regarding mobile access policy

kb1 — Thu, 12 Mar 2020 16:49:57 GMT

According to the output this is clealry a backend server issue isnt it? the user group hasnt been allowed access to this appication yet right?

Regards.

Re: have a question regarding mobile access policy

PhoneBoy — Thu, 12 Mar 2020 19:10:57 GMT

curl_cli is curl on a Linux system and you can see man pages for it elsewhere.
Since no credentials were sent to the backend site, you're getting an unauthorized message.
What credentials have to be sent to the backend server to access it?

Re: have a question regarding mobile access policy

kb1 — Thu, 12 Mar 2020 19:16:26 GMT

the thing is im getting http ok for other http application links that im using without providing user credentials, so thats why i thought that maybe its a server issue, and how do i type credential user and password using this command?

Re: have a question regarding mobile access policy

PhoneBoy — Thu, 12 Mar 2020 19:46:02 GMT

curl_cli --help should tell you everything you need.
How to translate this in your MAB configuration, I would have to check.