Reference Guide
...
HTTP Proxy
HTTP Proxy Assigned Credential...

XMLHttpRequest (XHR)

XMLHttpRequest (XHR) objects are used to interact with servers. You can retrieve data from a URL without having to do a full-page refresh. This enables a Web page to update just part of a page without disrupting what the user is doing.

XHR requests might be done silently without causing the browser to refresh/redirect, hence when multiple auto-login credentials are found, they might not be displayed on the page making users to think the page is unresponsive. To tackle this issue, HTTP Proxy intercepts XHR requests and displays the credentials on a pop-up after the XHR response is retrieved with multiple credentials (HTTP 409-Conflict).

http.response.modification.post.url and http.response.modification.replacer.value

Element Type Properties should be set for the intended devices to enable that feature. http.response.modification.post.url must point to either a JS or HTML resource on the page where the login is performed. When HTTP Proxy matches the resource pointed by http.response.modification.post.url value, it will make the injection to intercept XHR requests. In addition, http.response.modification.replacer.value value must be set to the constant value ${scAutoLogin} which will cause the actual injection for displaying the multi-credential pop-up.

The first sample properties for the Kron PAM portal login page (HTML resource) are as follows:

Property Name

Property Value

http.response.modification.post.url

.*/portal-ui/x/login/

http.response.modification.replacer.value

${scAutoLogin}

The second sample properties for the Kron PAM portal login page (JS resource) are as follows:

Property Name

Property Value

http.response.modification.post.url

.*/js/app/login.js

http.response.modification.replacer.value

${scAutoLogin}



Document image


The second sample properties for the Kron PAM portal login page (JS resource) are as follows:

Property Name

Property Value

http.response.modification.post.url

.*/js/app/login.js

http.response.modification.replacer.value

${scAutoLogin}

Note the difference between the URLs defined for HTML and JS resources. Both HTML and JS resources are loaded on the login page, so it doesn't matter which resource to use for injection. Both definitions above are correct and can be used. The correct auto-login configurations must be predefined for the user selection screen to pop up.