Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copper

have a question regarding mobile access policy

so i needed some clarification on what happens in the logs for accept or rejecting a user based on policy, will be attaching a screenshot as well, now we have a user who is trying to log into an application called PNR_Unchecker and is getting rejected, user groups are mentioned as well, now i want a clarification of why he might be getting rejected, is it because the user groups that are mentioned (under mobile access details) are the only groups that are allowed access and he doesnt belong to them? or he belongs to those user groups and thats why he isnt granted access? btw i do have the rule in mobile access policy configured to have users from iqor.supervisor access to PNR_Unchecker(iqor.supervisor under users column, and the PNR_Unchecker under applications column if thats how it should be configured and installed on the required gateways) , also there are 5 rules in total with every rule having PNR_Unchecker under applications, doesnt that mean all the user groups defined in those rules should be able to access this particular application? if thats the case why does it only show iqor.supervisor under mobile access details in the screenshot and not the other user groups as well? and another thing why does it not show the rule number as well in the logs? that would be helpful wouldnt it??Capture.PNG

 

Thank You,

Regards.

0 Kudos
7 Replies
Highlighted
Admin
Admin

It looks like MAB is failing HTTP Authentication to access the backend website.
What happens when you try to access the same URL from the CLI of the gateway with curl or similar?
0 Kudos
Highlighted
Copper

I will try that out and update here.
0 Kudos
Highlighted
Copper

Hello,

Can you point me to an sk that states all the curl commands that are used in situations like this?

Thank You.
0 Kudos
Highlighted
Copper

According to the output this is clealry a backend server issue isnt it? the user group hasnt been allowed access to this appication yet right?Capture.PNG

Regards.

0 Kudos
Highlighted
Admin
Admin

curl_cli is curl on a Linux system and you can see man pages for it elsewhere.
Since no credentials were sent to the backend site, you're getting an unauthorized message.
What credentials have to be sent to the backend server to access it?
0 Kudos
Highlighted
Copper

the thing is im getting http ok for other http application links that im using without providing user credentials, so thats why i thought that maybe its a server issue, and how do i type credential user and password using this command?

0 Kudos
Highlighted
Admin
Admin

curl_cli --help should tell you everything you need.
How to translate this in your MAB configuration, I would have to check.
0 Kudos