IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Create new webseal user

    Posted Mon October 17, 2022 08:48 AM
    Dears, 

    First of all I'm new to IBM security verify access (10.0.4.0) configuration and I'm using a docker image. Sorry in advance for my basic and dummy questions.
    Please note that I have configured "Runtime component" to use local user registry and local policy server and I have create new reverse proxy "default" instance.
    I've successfully login into webseal using "sec_master" user and password.
    My question here: how to add new user to webseal? as far as I know that the embedded LDAP server is OpenLdap so where can I configure this server? 
    where can I see user restries?

    Best Regards

    ------------------------------
    John Massaad
    ------------------------------


  • 2.  RE: Create new webseal user

    Posted Mon October 17, 2022 03:47 PM

    John,

     

    The first point which I need to mention is that the internal user registry should only ever be used in conjunction with an external registry, where the internal user registry stores the ISVA specific data, and the external registry stores the user information.  This is achieved through the 'federation' capability of the runtime.

     

    However, if you are just experimenting with the software you can still use the internal user registry to house the user information.  In order to create a user you have to either using the 'pdadmin' Web API or embedded utility (look at the 'user create' command), or you can use the 'policy administration' tool, which is available in the LMI.

     

    I hope that this helps.

     

     

     

    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access
    IBM Master Inventor

    cid4122760825*<a href=image002.png@01D85F83.85516C50">

     

     




    Original Message


  • 3.  RE: Create new webseal user

    Posted Tue October 18, 2022 04:51 AM
    Dear Scott,

    Thank you for your reply,

    Please note that I've tried to create a new user using pdadmin user create command the user is successfully create however when I tried to login with this user to Webseal an execption is raised: "HPDIA0200W Authentication failed. You have used an invalid user name, password or client certificate."

    I'v run the following commands:

    dadmin sec_master> user create sso3 cn=sso3,secAuthority=Default sso3 sso3 password123
    pdadmin sec_master> user modify sso3 account-valid yes
    pdadmin sec_master> user modify sso3 gsouser yes
    pdadmin sec_master> user modify sso3 password-valid yes
    pdadmin sec_master> user show sso3
    Login ID: sso3
    LDAP DN: cn=sso3,secAuthority=Default
    LDAP CN: sso3
    LDAP SN: sso3
    Description:
    Is SecUser: Yes
    Is GSO user: Yes
    Account valid: Yes
    Password valid: Yes


    Best Regards

    ------------------------------
    John Massaad
    ------------------------------

    Original Message


  • 4.  RE: Create new webseal user

    Posted Tue October 18, 2022 04:13 PM

    John,

     

    It looks like you have created the user correctly.  You can try logging on as this user via pdadmin to validate that you are able to authenticate as the user. 

     

    You will also need to ensure that you publish the configuration and then restart the WebSEAL container so that it has the latest copy of the embedded user registry.  I suspect that you have missed this step.

     

    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access
    IBM Master Inventor

    cid4122760825*<a href=image002.png@01D85F83.85516C50">

     

     

     




    Original Message


Related Content