IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Device Fingerprint registration

    Posted Mon February 10, 2020 04:51 PM
    Is there a way in ISAM 9.0.6 or 9.0.7 to use REST APIs to store the device fingerprint that would be generated via the AAC info.js?  The device fingerprint is an integral part of our access policy to determine if we need to prompt for MFA.

    Let me know if you need any further info.

    ------------------------------
    Angela Klein
    ------------------------------


  • 2.  RE: Device Fingerprint registration

    Posted Tue February 11, 2020 09:17 AM
    Hi Angela,

    There is not a RAPI to just create a device signature.  The only way to register a device is by using the AAC flow and satisfying the "Register Device" obligation.

    The info.js script itself does not necessary need to be used but the basics of what it does needs to be implemented.  That is, issue the call to create the ac.uuid cookie (session), POST the attributes, access a resource which has an Access Control policy that has "Permit with Obligation / Register Device".  The ac.uuid cookie is required so it must be stored somehow.


    ------------------------------
    Nick
    ISAM Level II Support
    ------------------------------

    Original Message


  • 3.  RE: Device Fingerprint registration

    Posted Thu May 21, 2020 11:33 PM
    Hi Angela,

    Not sure if you still need it, but I just created a blog entry describing the steps to perform a device registration using REST API's.

    See the post here:

    https://community.ibm.com/community/user/security/blogs/enio-padilla1/2020/05/20/isam-rest-device-registration

    ------------------------------
    Enio Padilla
    ------------------------------

    Original Message