Encoded URLs and WebSEAL filtering

If you have encoded URLs in scripting thats protected by WebSEAL, it won't automatically filter it, unless you configure the encoding. For example: Javascript Link Backslash U hex encoded: var a = document.createElement('a'); var label = "http:u002fu002fsomeserver:8080u002fdemou002fblah"; a.href = label; var linkText = document.createTextNode(label); a.appendChild(linkText); a.title = "my title text"; a.href = label; document.body.appendChild(a); Without... Continue Reading →

ISAM for Web – Modify a Request Header

I posted about modifying a HTTP response back in June 2014 here. This month, I had to put together a HTTP transformation rule that would update a Request header. In particular, the Request header was "out of spec" from the HTTP rules for a Content-Type. It simply updated the request header. <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet... Continue Reading →

IBM Security Access Manager: Protecting your site with Context Based Access

In January, I published an article through developerWorks on protecting your website with some of the new features of the ISAM for Web and ISAM for Mobile appliances. It's available here: http://www.ibm.com/developerworks/mobile/library/se-accessmanager/index.html It makes use of Virtual Host Junctions, WebSEAL authentication levels and the comprehensive context based access engine and one time password capabilities in... Continue Reading →

Sharing ISAM for Web Sessions across Domains

An article has just been released on IBM developerworks on how to use the same sessions across two seperate domains when using Tivoli Access Manager for e-business (WebSEAL): The article is available here. (In the DeveloperWorks transition, it appears to have been lost, thankfully it's in the internet archive!) linked Here It builds on the... Continue Reading →

Kerberos Ticket on Unix/Linux “Clock Skew too great”

Have been trying for 24hrs now to configure Desktop SSO for WebSEAL (TAMeb). After having no issues on my VM, doing it in the customers environment proved strangely difficult. After trying to run: /usr/krb5/bin/kinit user@DOMAIN.COM Even after fixing the time servers, I continued to get the message: Unable to obtain initial credentials.         Status 0x96c73a25... Continue Reading →

Website Built with WordPress.com.

Up ↑