IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Data privacy & consent - Advanced

    Posted Mon March 21, 2022 05:35 PM

    Hello Team,

    I have updated "Ask for consent" in Single-Sign-On option for an Open ID application. I was getting the default consent templates. The moment I clicked "To migrate Advanced Consent Type", am not getting any prompts. Tried create a purpose, EULA nothing works. It's not prompting anything, it use to do before migrating to advanced consent type .

    Please suggest

    Thanks,

    Bipin



    #Support
    #SupportMigration
    #Verify


  • 2.  RE: Data privacy & consent - Advanced

    Posted Mon March 21, 2022 05:51 PM

    You should still see the standard OAuth/OIDC scope consent prompts. For example, when you request for "profile".

    For Data Privacy purpose etc., did you add these to the Privacy tab of the application? Prior to migrating, requesting for those as, say, marketing/email.default would have simply treated it like any other scope consent record. With the migration, once you add the purpose in the Privacy tab, you will see that the consent record is actually "unpacked".



    #Support
    #SupportMigration
    #Verify


  • 3.  RE: Data privacy & consent - Advanced

    Posted Mon March 21, 2022 06:00 PM

    Thanks for the response.

    Yes, I created a purpose and added to privacy tab. No luck. Did tried EULA as well.

    Also thought of any API access issue, so gave permission in API access to Read all privacy and consents for that application, no luck. And I see there is no default Pupose, I had to create a new one and add a conditions as geography - north america. Added some generic attributes like preferred_username. No luck



    #Support
    #SupportMigration
    #Verify


  • 4.  RE: Data privacy & consent - Advanced

    Posted Mon March 21, 2022 06:04 PM

    Can you please open a ticket and add the following to it:

    1. Tenant
    2. Application name/ID: The ID is in the URL in the admin console. The client_id would also work.
    3. Authorization request details, particularly the scope you pass in. If you can generate a HAR file from the browser trace, even better. Please remember to scrub any passwords from the HAR file.


    #Support
    #SupportMigration
    #Verify


  • 5.  RE: Data privacy & consent - Advanced

    Posted Mon March 21, 2022 06:06 PM

    yes, the PMR number is TS008760985.

    Looks like I just got response and it's missing some scope parameters for EULA



    #Support
    #SupportMigration
    #Verify


  • 6.  RE: Data privacy & consent - Advanced

    Posted Mon March 21, 2022 06:59 PM

    Hi Shankar,

    The issue has been resolved and the cause was missing EULA/Purpose id from scope parameter. The client was also set up to use restrict scope.

    There is another outstanding queries. Though SAML app has option to add EULA/Purpose in privacy section. Is it supported now ? How can we enable it for SAML apps?

    Thanks,

    Bipin



    #Support
    #SupportMigration
    #Verify