Decision Management (ODM,ADS)

 View Only
  • 1.  Implementing mTLS (Mutual TLS) in IBM ODM Using WebSphere

    Posted 7 days ago

    Hi There,

    I am currently working on implementing mTLS (Mutual TLS) within an IBM Operational Decision Manager (ODM) environment, with WebSphere as the application server. My goal is to replace the traditional user/password authentication with certificate-based login using mTLS to secure communication between clients and the ODM server.

    Could you please provide guidance or steps on how to configure WebSphere for mTLS in the context of IBM ODM? Specifically, I am looking for instructions on how to set up certificate-based authentication and integrate it with IBM ODM for secure access. Any documentation, examples, or insights on how to approach this implementation would be greatly appreciated.
     
    Thank you in advance for your help!


    ------------------------------
    Kishan Kumar
    Senior Software Engineer
    ------------------------------


  • 2.  RE: Implementing mTLS (Mutual TLS) in IBM ODM Using WebSphere

    Posted 6 days ago

    Hi Kishan,

    which ODM version are you using or considering ? When you say WebSphere, are you referring to traditional WAS (no more supported in ODM 8.12 and higher due to the move to Java version > 8 ) or Liberty ?

    Thanks



    ------------------------------
    Antony Viaud
    Product Manager, IBM Decision Automation
    ------------------------------



  • 3.  RE: Implementing mTLS (Mutual TLS) in IBM ODM Using WebSphere

    Posted 6 days ago

    Hi Antony,

    We are working with ODM 8.12 and 9.0, both on Liberty server.

    Thanks!



    ------------------------------
    Kishan Kumar
    ------------------------------



  • 4.  RE: Implementing mTLS (Mutual TLS) in IBM ODM Using WebSphere

    Posted 5 days ago

    Hello Kishan,

    To configure the certificate authentication on liberty, you can follow :

    Now, the problem you will face if you are replacing entirely the user/password authentication by a certificate authentication is you will have no way to identify who is logging neither what ODM roles you can provide to this authentication. But, perhaps it doesn't matter in your use-case ?

    BR,

    Mathias



    ------------------------------
    Mathias Mouly
    ------------------------------



  • 5.  RE: Implementing mTLS (Mutual TLS) in IBM ODM Using WebSphere

    Posted 22 hours ago

    Hi Mathias,
    Thank you for your comment and support!

    I have successfully configured Mutual TLS (MTLS) for our application, and it is currently applied globally. However, I am now working on restricting MTLS to a specific REST API endpoint only.

    I would appreciate any guidance or best practices you can share on how to achieve this configuration.

    Looking forward to your support.





    ------------------------------
    Kishan Kumar
    ------------------------------



  • 6.  RE: Implementing mTLS (Mutual TLS) in IBM ODM Using WebSphere

    Posted 5 hours ago

    Hello Kishan,

    I don't think that's possible to have a mix of authentication for part of endpoint of the same webapp hosted by liberty.

    Anyway, I asked for advice to liberty security experts and will transmit you the solution if it exists.

    BR,

    Mathias 



    ------------------------------
    Mathias Mouly
    ------------------------------