How do you handle a partially authenticated state when the inbound user is either missing attributes, or needs to select from multiple mapped accounts when accessing resources protected by ISAM or what is now IBM Security Verify Access.
In ISAM 220.127.116.11 the OIDC relying party was completely rewritten for increased flexibility. This has made it much easier to add support for Facebook Login into an ISAM Reverse Proxy instance. Here are the steps I've taken to authenticate into ISAM with Facebook. Pre-Conditions: ISAM 18.104.22.168 - Preconfigured Standard WebSEAL reverse Proxy with default configuration.... Continue Reading →
Sample Federation URL: I make this post, as much about a note to myself - as for others. This URL will avoid using the Alias service, and initiate a HTTPPost SAML flow. https://<idpHost>/FIM/sps/<federationname>/saml20/logininitial?RequestBinding=HTTPPost&ResponseBinding=HTTPPost&NameIdFormat=Email&PartnerId=<ID for partner> Here is some additional notes from the IBM Knowledge Center: http://www-01.ibm.com/support/knowledgecenter/SSZSXU_22.214.171.124/com.ibm.tivoli.fim.doc_6226/admin/concept/handlingunspecifiednameid.html