If you want to hide a header from a junctioned server, it is possible to remove it using a HTTP Transformation rule. The steps to making a HTTP Transformation rule are fairly well documented here: http://www-01.ibm.com/support/knowledgecenter/SSPREK_8.0.0.4/com.ibm.isamw.doc_8.0.0.4/wrp_config/concept/con_http_transforms.html?lang=en On the appliance, you need to either create the XSL HTTP Transformation rule and upload it, or you can... Continue Reading →
Edit (13/1/15): There is another example of trace statements which references a different class in the article: ISAM for Mobile: Javascript Policy Information Points Debugging IBM Security Access Manager (ISAM) for Mobile Mapping rules can be challenging. One of the things that makes it much easier is having regular trace statements. In developing the... Continue Reading →
On the IBM Security Access Manager (ISAM) for Mobile appliance, the authentication service exposes a number of mapping rules. Four of them are related to the OTP capabilities and the last one is a mapping rule that fires once the authentication service has completed and allows manipulation of the returned ISAM credential. I have a... Continue Reading →
If you'd like to do Authorization in a mapping rule for OAuth, there are a couple of options as to how you do this. On the IBM Security Access Manager (ISAM) for Mobile appliance, API protection exposes two Mapping rules: A) A Pre Token Generation mapping rule named: <API Definition Name>PreTokenGeneration. This mapping rule fires... Continue Reading →
In January, I published an article through developerWorks on protecting your website with some of the new features of the ISAM for Web and ISAM for Mobile appliances. It's available here: http://www.ibm.com/developerworks/mobile/library/se-accessmanager/index.html It makes use of Virtual Host Junctions, WebSEAL authentication levels and the comprehensive context based access engine and one time password capabilities in... Continue Reading →
Background: In the latest release of Oracle E-Business, there has been a number of modifications to the security that is applied to their default login form. I captured the initial changes in a blog entry that was posted to on this site here: https://philipnye.com/posts/webseal-forms-sso-into-oracle-ebs-v12/ Disabling the security parameters to make the standard login forms work... Continue Reading →
Integration Update 04/03/14: An alternative Forms SSO method has been documented here: https://philipnye.com/posts/oracle-ebs-r12-forms-sso-mk-ii/ Background I was asked to look at the configuration for Forms SSO into Oracle E-business suite. They had updated from version 11 to version 12 and it wasn't working with their old fsso.conf. After some analysis, it seemed that the javascript on... Continue Reading →
If you want to use desktop SSO and use a fallback to Forms based authentication when that fails, you need to make sure you have a few settings right: (Assuming you have all the desktop SSO configured properly.) Under the [server] stanza, set the order of the authentication mechanisms. auth-challenge-type = spnego, forms We need... Continue Reading →
Have been trying for 24hrs now to configure Desktop SSO for WebSEAL (TAMeb). After having no issues on my VM, doing it in the customers environment proved strangely difficult. After trying to run: /usr/krb5/bin/kinit user@DOMAIN.COM Even after fixing the time servers, I continued to get the message: Unable to obtain initial credentials. Â Â Â Â Â Â Â Status 0x96c73a25... Continue Reading →
Philip Nye 