If you have encoded URLs in scripting thats protected by WebSEAL, it won't automatically filter it, unless you configure the encoding. For example: Javascript Link Backslash U hex encoded: var a = document.createElement('a'); var label = "http:u002fu002fsomeserver:8080u002fdemou002fblah"; a.href = label; var linkText = document.createTextNode(label); a.appendChild(linkText); a.title = "my title text"; a.href = label; document.body.appendChild(a); Without... Continue Reading →
ISAM – POODLE updates
When I attempted to configured ISAM for Mobile V8.0.1.0 against an old version of TAM - specifically TAM Policy Server v 6.1.1 FP 8 (and an older 6.1.1 - FP4), I ran into some problems. It generated the following error: System Error HPDCF0062E Could not connect to the Security Access Manager policy server. Error code... Continue Reading →
ISAM for Web – Modify a Request Header
I posted about modifying a HTTP response back in June 2014 here. This month, I had to put together a HTTP transformation rule that would update a Request header. In particular, the Request header was "out of spec" from the HTTP rules for a Content-Type. It simply updated the request header. <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet... Continue Reading →
ISAM for Web without a User Registry – New and Improved
In 2009, Shane Weeden posted an article about using WebSEAL without a user registry. The article made use of a number of components, including TFIM as a mechanism to generate an ISAM credential and return that to WebSEAL to build a session. This pattern is particularly useful in scenarios where the users are stored in... Continue Reading →
Cannot delete OAUTH grants and devices on ISAM for Mobile
When using ISAM for Mobile, and you access the User Self Service/User Self Care pages for managing OAuth Grants, there is the option to delete and manage your grants. https://<ISAM for Mobile Host>/mga/sps/mga/user/mgmt/html/device/device_selection.html In earlier versions of ISAM for Mobile, the configuration prevented DELETE and PUT operations. This meant that WebSEAL would not allow the... Continue Reading →
ISAM for Mobile – ROPC OAuth Username and Password Validation
As of V8.0.1.0 of ISAM for Mobile, there is a helper class in the Javascript mapping rule for Resource Owner Password Validation against the configured LDAP server. There are a few steps required to configure it though. If you haven't configured it, you will receive the following error on attempting an ROPC flow: {"error":"mapping_error", "error_description":"com.tivoli.am.rba.exception.RBARuntimeException:... Continue Reading →
Get password from a Keystore Stash File
NOTE: The Keystash has been enhanced, and is no longer accessible this way. If you've lost your keystore password now - all bets are off. Sorry. On the other hand, if you at least have the stash, you can likely export the keys and move them into a new keystore of your choice, with a... Continue Reading →