How do you handle a partially authenticated state when the inbound user is either missing attributes, or needs to select from multiple mapped accounts when accessing resources protected by ISAM or what is now IBM Security Verify Access.
ISAM Facebook Login with OIDC Relying Party
In ISAM 9.0.4.0 the OIDC relying party was completely rewritten for increased flexibility. This has made it much easier to add support for Facebook Login into an ISAM Reverse Proxy instance. Here are the steps I've taken to authenticate into ISAM with Facebook. Pre-Conditions: ISAM 9.0.4.0 - Preconfigured Standard WebSEAL reverse Proxy with default configuration.... Continue Reading →
TFIM SAML 2.0 Federation URL
Sample Federation URL: I make this post, as much about a note to myself - as for others. This URL will avoid using the Alias service, and initiate a HTTPPost SAML flow. https://<idpHost>/FIM/sps/<federationname>/saml20/logininitial?RequestBinding=HTTPPost&ResponseBinding=HTTPPost&NameIdFormat=Email&PartnerId=<ID for partner> Here is some additional notes from the IBM Knowledge Center: http://www-01.ibm.com/support/knowledgecenter/SSZSXU_6.2.2.6/com.ibm.tivoli.fim.doc_6226/admin/concept/handlingunspecifiednameid.html