IBM Security Access Manager provides a set of capabilities that can be used for authentication and authorization of a client accessing API's and can be scoped to a user or clients needs. When you moving away from browser use cases, REST based API's depend less on session cookies and instead make use of security tokens.... Continue Reading →
Using Basic Users with OAuth-Auth and ROPC
It is possible to use Basic Users with the ISAM OAuth-Auth capabilities. (ISAM Basic users are users that have NOT been imported into the ISAM registry.) Authentication used to be performed by: isAuthenticated = PluginUtils.isValidUsernamePassword(username, password); I've talked about how this is configured here. This authentication mechanism *can* be configured to use Federated Registries, however... Continue Reading →
ISAM LMI REST API – HTTP 405 Method not Allowed Error
When using the REST API to run some commands against an ISAM for Web/Mobile Appliance, I ran into an HTTP error code that wasn't immediately obvious. Status Code: 405 Method Not Allowed There was no issue with the POST Method, but rather the headers that I sent. It's vitally important that you send the "Accept"... Continue Reading →
WSSMToken Consumer not found
Using IBM Security Federated Identity Manager (TFIM) I ran into some errors following the guide in the WSSM Web services security installation guide for the echo service application. Whenever I started either the application or the client, I got an error similar to that below: [9/20/12 18:01:14:500 EST] 0000003b ConfigUtil E WSEC5007E: Class "com.tivoli.am.fim.wssm.tokenconsumers.WSSMTokenConsumer" not... Continue Reading →