Its possible to configure ISAM to listen on more than one network interface, more than one IP, and more than one set of ports. The easiest way to configure this, is in the LMI under the configuration settings for an individual reverse proxy instance: There are settings for: The IP to listen on. This must... Continue Reading →
ISAM HTTP XSL Transformation Rule to Modify request Parameters
I had to write an XSL Stylesheet to modify a request parameter - I had to modify a request parameter in a TFIM SAML request from RelayState to Target, here is what I used changing request text from "something" to "another": <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> <!-- This is a template stylesheet which should... Continue Reading →
ISAM LMI REST API – HTTP 405 Method not Allowed Error
When using the REST API to run some commands against an ISAM for Web/Mobile Appliance, I ran into an HTTP error code that wasn't immediately obvious. Status Code: 405 Method Not Allowed There was no issue with the POST Method, but rather the headers that I sent. It's vitally important that you send the "Accept"... Continue Reading →
ISAM Forms SSO into BMC Remedy
Updated 09/2015: HTTP 505 error solved. See end of article. On a customer site, I encountered BMC Remedy, and had to perform SSO into the Application from ISAM. My initial attempt included trying to use the standard integration we have with Tomcat versions, as detailed here: http://www-01.ibm.com/support/docview.wss?uid=swg24021393 Unfortunately, this didn't work in the time I'd... Continue Reading →
SSO from Native Mobile application to Browser
I'm in the process of formalising an integration with ISAM for Web and ISAM for Mobile where we provide SSO from a Native mobile application into the mobile browser. If this is something you're interested in, please get in contact with me. I'm keen to hear your requirements. This pattern is particularly useful since... Continue Reading →
ISAM for Web – Different login pages per junction
Update 15/05/2015: It would seem that I may have over complicated this, we have a ISAM feature to do this already! 🙂 Apparently since TAM 6.1.1 we can use static management and error page templates per junction, as stated in the following technote: http://www-01.ibm.com/support/docview.wss?uid=swg21587936 So feel free to choose your own adventure! Different people access... Continue Reading →
ISAM for Web – Clickjacking prevention
What is Clickjacking? Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. It... Continue Reading →
ISAM for Web – Sending Security HTTP Headers
Update 5/08/15: In the ISAM 8.0.1.3 Release, we've added a new stanza to the ISAM Reverse Proxy config file. This allows the easy addition of headers to all ISAM responses. [rsp-header-names] # # This stanza is used to define static HTTP headers which will be added # to every HTTP response from the WebSEAL server. ... Continue Reading →
ISAM for Web – Modify a Request Header
I posted about modifying a HTTP response back in June 2014 here. This month, I had to put together a HTTP transformation rule that would update a Request header. In particular, the Request header was "out of spec" from the HTTP rules for a Content-Type. It simply updated the request header. <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet... Continue Reading →
Remove a ISAM for Web Response Header
If you want to hide a header from a junctioned server, it is possible to remove it using a HTTP Transformation rule. The steps to making a HTTP Transformation rule are fairly well documented here: http://www-01.ibm.com/support/knowledgecenter/SSPREK_8.0.0.4/com.ibm.isamw.doc_8.0.0.4/wrp_config/concept/con_http_transforms.html?lang=en On the appliance, you need to either create the XSL HTTP Transformation rule and upload it, or you can... Continue Reading →