IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Changing url in ISAM IGI integration

    Posted Tue July 14, 2020 09:22 AM

    Hello,

     

    I have made the ISAM – IGI integration as instructed in "IBM SECURITY ACCESS MANAGER 9.0 AND IBM SECURITY IDENTITY GOVERNANCE AND INTELLIGENCE 5.2 - Integration CookBook" and everything worked fine.

    But, my customer has some restrictions on his production environment and he would like to change the url used to call the IGI "https://reverseProxy/ideas" into "https://reverseProxy/".

    I managed to change "/ideas" into something else manipulating the "HTTP transformation" rules, but I was not able to make the url "https://reverseProxy/".

    Does anybody know how to turn the path "/ideas" into "/" ?

    Thanks in Advance,
    Rogerio Sachett,
    QRIAR Cybersecurity.



    ------------------------------
    Rogerio Sachett
    ------------------------------


  • 2.  RE: Changing url in ISAM IGI integration

    Posted Wed July 15, 2020 03:46 AM
    Edited by Gianluca Gargaro Wed July 15, 2020 03:46 AM
    Hello Rogerio

    the main problem is that /ideas is a transparenth path junction , so only if WebSeal receives a request to /ideas forwards it to the IGI service desk . Now what you may eventually do is to extend the transformation rule so that when WebSeal receives a request for / it redirects to /ideas.. more or less you can change the login_control.xslt adding the following test node


    <xsl:when test="node()='/'"> <HTTPResponseChange action="replace">

    <Version>HTTP/1.1</Version> <StatusCode>302</StatusCode>
    <Header name="location" action="add">    https://webseal900-

    salinas.usa.north.america.sup/ideas/desk?realm=IDEAS</Header> <Body>%3Chtml%3E%3C%2Fhtml%3E</Body>

    </HTTPResponseChange>
    </xsl:when>



    ------------------------------
    Gianluca Gargaro
    IBM
    Roma
    ------------------------------

    Original Message


  • 3.  RE: Changing url in ISAM IGI integration

    Posted Wed July 15, 2020 05:29 PM

    Hello Gianluca,

    Thanks for your answer.
    I added the transformation that you described before and it is working now.
    But I had to make one additional step: attach the POP "isig-login-pop" to the Object "/WebSEAL/myReverseProxy" instead of "/WebSEAL/myReverseProxy/ideas".
    In this way, when I call in my browser "https://reverseProxy/", the transformation rules are processed, and the connection redirected to the IGI server.
    It also keeps working when calling "https://reverseProxy/ideas".

    Thank you,
    Rogerio Sachett,
    QRIAR Cybersecurity.



    ------------------------------
    Rogerio Sachett
    ------------------------------

    Original Message


Related Content