I would like to authenticate a server-to-server exchange with login + password + token.
I was thinking of using a logon page that would not display to transmit variables to APM.
Here is my scenario:
1/ the client makes a request on https://myurl.com/ressource
2/ APM opens a session, returns MRH cookies and redirect to my logon page (320 to /my.policy)
3/ the client does not make a GET on the logon page, but it makes a POST request to /my.policy with the information in the body: "username=my.user&password=my.pwd&otp=my.token&vhost=standard"
My question is that I have to submit POST twice for it to work.
The first time, I have a 200 OK response with the logon page.
The second time, I have the redirect to my original resource.
Do you have an idea ?
Thanks for your help.
you can use this code to capture Post data as authentication credentials