IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Authzrule xsl current timestamp

    Posted Fri November 19, 2021 08:16 AM
    Hi All,

    We are trying to create an authzrule which triggers based on timestamp, such as below.

    <xsl:variable name="nowTime" select="format-dateTime(current-dateTime(), '[Y0001][M01][D01][H01][m01]')"</xsl:variable><xsl:choose><xsl:when test='$nowTime >= 202111191200 and $nowTime < 202111191210'>!FALSE!</xsl:when><xsl:otherwise>!TRUE!</xsl:otherwise></xsl:choose>

    Above tryout failed.Tried finding examples for getting the system timestamp, but did not find any. There were some examples in https://github.com/IBM-Security/isam-support/blob/master/config-example/webseal/http-transformations  but these were all modifying existing request or responses, not retrieving system values.

    Any help is greatly appreciated!

    Br Jan

    ------------------------------
    Jan Lindstam
    ------------------------------


  • 2.  RE: Authzrule xsl current timestamp

    Posted Mon November 22, 2021 02:44 AM

    I don't believe this is possible in authorization rules. The function you have chosen to extract current time is most likely not available with the XSLT processor used in the web reverse proxy.  It is a very old XSLT processor. The only way I can think of to implement this type of authorization constraint (between two absolute timestamps) is using advanced access control authorization policy. If you are interested in just a short-lived policy that you can add/remove at runtime, there is also the time-of-day POP that might be useful. That will obviously run faster than AAC authorization policy.



    ------------------------------
    Shane Weeden
    IBM
    ------------------------------

    Original Message