Encoded URLs and WebSEAL filtering

If you have encoded URLs in scripting thats protected by WebSEAL, it won't automatically filter it, unless you configure the encoding. For example: Javascript Link Backslash U hex encoded: var a = document.createElement('a'); var label = "http:u002fu002fsomeserver:8080u002fdemou002fblah"; a.href = label; var linkText = document.createTextNode(label); a.appendChild(linkText); a.title = "my title text"; a.href = label; document.body.appendChild(a); Without... Continue Reading →

February 25, 2015

ISAM – POODLE updates

When I attempted to configured ISAM for Mobile V8.0.1.0 against an old version of TAM - specifically TAM Policy Server v 6.1.1 FP 8 (and an older 6.1.1 - FP4), I ran into some problems. It generated the following error: System Error HPDCF0062E Could not connect to the Security Access Manager policy server. Error code... Continue Reading →

February 25, 2015

ISAM for Web – Modify a Request Header

I posted about modifying a HTTP response back in June 2014 here. This month, I had to put together a HTTP transformation rule that would update a Request header. In particular, the Request header was "out of spec" from the HTTP rules for a Content-Type. It simply updated the request header. <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet... Continue Reading →

February 25, 2015

ISAM for Web without a User Registry – New and Improved

In 2009, Shane Weeden posted an article about using WebSEAL without a user registry. The article made use of a number of components, including TFIM as a mechanism to generate an ISAM credential and return that to WebSEAL to build a session. This pattern is particularly useful in scenarios where the users are stored in... Continue Reading →

February 25, 2015

Cannot delete OAUTH grants and devices on ISAM for Mobile

When using ISAM for Mobile, and you access the User Self Service/User Self Care pages for managing OAuth Grants, there is the option to delete and manage your grants. https://<ISAM for Mobile Host>/mga/sps/mga/user/mgmt/html/device/device_selection.html In earlier versions of ISAM for Mobile, the configuration prevented DELETE and PUT operations. This meant that WebSEAL would not allow the... Continue Reading →

February 23, 2015

ISAM for Mobile – ROPC OAuth Username and Password Validation

As of V8.0.1.0 of ISAM for Mobile, there is a helper class in the Javascript mapping rule for Resource Owner Password Validation against the configured LDAP server. There are a few steps required to configure it though. If you haven't configured it, you will receive the following error on attempting an ROPC flow: {"error":"mapping_error", "error_description":"com.tivoli.am.rba.exception.RBARuntimeException:... Continue Reading →

February 23, 2015

Get password from a Keystore Stash File

NOTE: The Keystash has been enhanced, and is no longer accessible this way. If you've lost your keystore password now - all bets are off. Sorry. On the other hand, if you at least have the stash, you can likely export the keys and move them into a new keystore of your choice, with a... Continue Reading →

February 10, 2015

ISAM for Web – WebSEAL – Firefox doesn’t ask for client certificate

Just spent a while troubleshooting why my browser wouldn't ask me for the client certificate even when I went to a certificate protected webseal instance. After a while, I worked it out, and thought I'd make a note of it here. Title Note: It was actually happening on both Firefox AND Internet Explorer. Pre-conditions: forms-auth... Continue Reading →

December 19, 2014

ISAM for Web – WebSEAL – Stream EAI authentication response to browser

By default, when External Authentication Interface (EAI) authentication has been configured, and the authentication header is returned to WebSEAL by the backend application server, WebSEAL authenticates the user, and then generates a 302 redirect to either the cached request or the login redirect url. If you want the page returned to the browser but the... Continue Reading →

December 18, 2014

ISAM for Web – WebSEAL Certificate Mapping

Since the move to the ISAM for Web Appliance, certificate mapping for client authentication is performed by an XSL stylesheet mapping mechanism. Since it was not immediately obvious to me, I've included two examples here where the CN of the certificate, is used as the username for the user in ISAM. Provide Full LDAP DN:... Continue Reading →

December 18, 2014

ISAM for Web and Mobile – OAuth Authentication and Sessions

[14 July, 2016] There has been a few updates to this article related to the ISAM 9.0.1 release, adding some enhancements for OAuth. This includes enhancements to the session lifetime, and session logout, also some technical updates regarding the use of DSC. 13 Jan, 20201 (Actually well before this) There was a change the DSC... Continue Reading →

July 29, 2014

Website Built with WordPress.com.

Up ↑

Tag: WebSEAL

Encoded URLs and WebSEAL filtering

ISAM – POODLE updates

ISAM for Web – Modify a Request Header

ISAM for Web without a User Registry – New and Improved

Cannot delete OAUTH grants and devices on ISAM for Mobile

ISAM for Mobile – ROPC OAuth Username and Password Validation

Get password from a Keystore Stash File

ISAM for Web – WebSEAL – Firefox doesn’t ask for client certificate

ISAM for Web – WebSEAL – Stream EAI authentication response to browser

ISAM for Web – WebSEAL Certificate Mapping

ISAM for Web and Mobile – OAuth Authentication and Sessions

Follow Blog via Email

Follow me on Twitter

Tags

Top Posts & Pages

Recent Posts

By Request (Since May 2017)