Hi, I am trying to execute a simple API Protection poc using postman as the utility and would appreciate some guidance with configuration. I successfully installed the Docker trial following the  "ISAM on Docker Quickstart" video using  ISAM image v. 9.0.7.1. Some of my test / flow id like to do is "authorization_code", "Implicit" and Hybrid (oIDC). Also test Claims and other stuff..

Is there a cookbook or instructions for configuring this type of "simple" pattern? I know there is a full blown Cookbook out there though I am hoping for an abbreviated version :)

Thanks

------------------------------
martin cardenas
------------------------------

Hello Martin,

There is a lab on the Security Learning Academy here: https://www.securitylearningacademy.com/course/view.php?id=2672

I also have a cookbook.  It might be more than you need/want - it covers the OAuth flows and also integration with in-line authorization and calling REST authentication APIs for 2FA.  I don't think it's been published on the Security Learning Academy at this point but here is a direct link:  https://ibm.box.com/s/wtzgmi2gyaqqxivbgzhuyipydm5438uh

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Thu January 23, 2020 01:22 PM
From: martin cardenas
Subject: API Protection Cookbook

Hi, I am trying to execute a simple API Protection poc using postman as the utility and would appreciate some guidance with configuration. I successfully installed the Docker trial following the  "ISAM on Docker Quickstart" video using  ISAM image v. 9.0.7.1. Some of my test / flow id like to do is "authorization_code", "Implicit" and Hybrid (oIDC). Also test Claims and other stuff..

Is there a cookbook or instructions for configuring this type of "simple" pattern? I know there is a full blown Cookbook out there though I am hoping for an abbreviated version :)

Thanks

------------------------------
martin cardenas
------------------------------

Thanks Jon! I will give this a go and circle back :)

------------------------------
martin cardenas
------------------------------

Original Message:
Sent: Fri January 24, 2020 03:53 AM
From: Jon Harry
Subject: API Protection Cookbook

Hello Martin,

There is a lab on the Security Learning Academy here: https://www.securitylearningacademy.com/course/view.php?id=2672

I also have a cookbook.  It might be more than you need/want - it covers the OAuth flows and also integration with in-line authorization and calling REST authentication APIs for 2FA.  I don't think it's been published on the Security Learning Academy at this point but here is a direct link:  https://ibm.box.com/s/wtzgmi2gyaqqxivbgzhuyipydm5438uh

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Thu January 23, 2020 01:22 PM
From: martin cardenas
Subject: API Protection Cookbook

Hi, I am trying to execute a simple API Protection poc using postman as the utility and would appreciate some guidance with configuration. I successfully installed the Docker trial following the  "ISAM on Docker Quickstart" video using  ISAM image v. 9.0.7.1. Some of my test / flow id like to do is "authorization_code", "Implicit" and Hybrid (oIDC). Also test Claims and other stuff..

Is there a cookbook or instructions for configuring this type of "simple" pattern? I know there is a full blown Cookbook out there though I am hoping for an abbreviated version :)

Thanks

------------------------------
martin cardenas
------------------------------

The cookbook worked great! Used the docker-compose version and got it working nicely and now am able to run my tests. Thanks Jon!

------------------------------
martin cardenas
------------------------------

Original Message:
Sent: Fri January 24, 2020 03:53 AM
From: Jon Harry
Subject: API Protection Cookbook

Hello Martin,

There is a lab on the Security Learning Academy here: https://www.securitylearningacademy.com/course/view.php?id=2672

I also have a cookbook.  It might be more than you need/want - it covers the OAuth flows and also integration with in-line authorization and calling REST authentication APIs for 2FA.  I don't think it's been published on the Security Learning Academy at this point but here is a direct link:  https://ibm.box.com/s/wtzgmi2gyaqqxivbgzhuyipydm5438uh

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Thu January 23, 2020 01:22 PM
From: martin cardenas
Subject: API Protection Cookbook

Hi, I am trying to execute a simple API Protection poc using postman as the utility and would appreciate some guidance with configuration. I successfully installed the Docker trial following the  "ISAM on Docker Quickstart" video using  ISAM image v. 9.0.7.1. Some of my test / flow id like to do is "authorization_code", "Implicit" and Hybrid (oIDC). Also test Claims and other stuff..

Is there a cookbook or instructions for configuring this type of "simple" pattern? I know there is a full blown Cookbook out there though I am hoping for an abbreviated version :)

Thanks

------------------------------
martin cardenas
------------------------------