Hi,

We would like to implement a custom authentication using XSLT for DataPower login users.

For some users, we will be making a call to Active Directory(AD) using LDAP protocol to authenticate them.

But for some users, we would like to get them authenticated locally itself by using Local Users on the appliance.

Does DataPower provide any extension function to pass username & password and get them authenticated locally?

------------------------------
sudarshan bandaru
------------------------------

Why not using standard RBM functionalitiy with fallback users?

see https://www.ibm.com/docs/en/datapower-gateway/10.5.x?topic=settings-defining-rbm-ldap-authentication

------------------------------
Jeroen Willems
Integration Architect - Managing Partner
Integration Designers
------------------------------

Well, we have two types of accounts.

One is regular login users who perform day to day activities, the other is Service Accounts which will be used in automation scripts.

For regular login users, after they get authenticated with LDAP, we will be doing second factor authentication(MFA) as well using their mobile phones.

Whereas for Sevice Accounts, there won't be LDAP authentication and MFA, it is just local authentication. 

So, in the custom XSLT that I am writing I want to skip the LDAP authentication for Service Accounts and do local authentication instead.

So, looking for a DataPower extension function that I can use for performing local authentication.

------------------------------
sudarshan bandaru
------------------------------

Original Message:
Sent: Wed November 01, 2023 09:31 AM
From: Jeroen Willems
Subject: DataPower extension function to authenticate users locally

Why not using standard RBM functionalitiy with fallback users?

see https://www.ibm.com/docs/en/datapower-gateway/10.5.x?topic=settings-defining-rbm-ldap-authentication

------------------------------
Jeroen Willems
Integration Architect - Managing Partner
Integration Designers
------------------------------

Hi,

not sure if such an xslt extension exists, but I think you can cover your requirements with the "Defining RBM with custom authentication".
In your xslt you check the regular accounts, when service account the check will fail and the fallback users will be used

see https://www.ibm.com/docs/en/datapower-gateway/10.5.x?topic=settings-defining-rbm-custom-authentication 

------------------------------
Jeroen Willems
Integration Architect - Managing Partner
Integration Designers
------------------------------

Original Message:
Sent: Wed November 01, 2023 12:09 PM
From: sudarshan bandaru
Subject: DataPower extension function to authenticate users locally

Well, we have two types of accounts.

One is regular login users who perform day to day activities, the other is Service Accounts which will be used in automation scripts.

For regular login users, after they get authenticated with LDAP, we will be doing second factor authentication(MFA) as well using their mobile phones.

Whereas for Sevice Accounts, there won't be LDAP authentication and MFA, it is just local authentication. 

So, in the custom XSLT that I am writing I want to skip the LDAP authentication for Service Accounts and do local authentication instead.

So, looking for a DataPower extension function that I can use for performing local authentication.

------------------------------
sudarshan bandaru
------------------------------


Original Message:
Sent: Wed November 01, 2023 09:31 AM
From: Jeroen Willems
Subject: DataPower extension function to authenticate users locally

Why not using standard RBM functionalitiy with fallback users?

see https://www.ibm.com/docs/en/datapower-gateway/10.5.x?topic=settings-defining-rbm-ldap-authentication

------------------------------
Jeroen Willems
Integration Architect - Managing Partner
Integration Designers