IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  EPAC Viewer

    Posted Thu December 10, 2020 03:03 AM
    Some years ago, Shane published in his blog https://www.ibm.com/developerworks/tivoli/tutorials/tz-tamauthapi/ a way to create the epac viewer.
    But this was on the times that ISAM was implemented as a EAR file, and we could in fact add jsp files and servlets.

    Now that we have ISAM implemented as an appliance, how can we do the same thing?


    ------------------------------
    Joao Goncalves
    Pyxis, Lda.
    Sintra
    +351 91 721 4994
    ------------------------------


  • 2.  RE: EPAC Viewer

    Posted Thu December 10, 2020 03:09 AM
    Joao,
     
    In Verify Access 10.0.0.0 we added two capabilities to WebSEAL which you might be interested in:
     
    1. A REST based authorization API: https://www.ibm.com/support/knowledgecenter/SSPREK_10.0.0/com.ibm.isva.doc/wrp_config/concept/con_authr_rest_api.html
    2. A credential viewer application: https://www.ibm.com/support/knowledgecenter/SSPREK_10.0.0/com.ibm.isva.doc/wrp_config/concept/con_cred_view_app.html
    The credential viewer application is an alternative to Shane's EPAC viewer.
     

    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access
    IBM Master Inventor

     
     
     
     



    Original Message


  • 3.  RE: EPAC Viewer

    Posted Thu December 10, 2020 03:16 AM
    Thanks for the information, but I am still curious whether it is possible to do this kind of thing (adding jsp, and servlets) to the appliance.
    Also, I do not have v10 installed. I'm using 9.0.7 in a virtual appliance. So, would it be possible to do it?

    ------------------------------
    Joao Goncalves
    Pyxis, Lda.
    Sintra
    +351 91 721 4994
    ------------------------------

    Original Message


  • 4.  RE: EPAC Viewer

    Posted Thu December 10, 2020 03:30 AM
    Joao,
     
    It is not really possible, or advisable, to host custom applications on the appliance - you need to host these on your own application server.  The capabilities which I mentioned were only added in 10.0 and are not available in 9.0.7.
     
     
     

    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access
    IBM Master Inventor
    Phone: 61-7-5552-4008
    E-mail: scotte@au1.ibm.com
    1 Corporate Court
    Bundall, QLD 4217
    Australia
     
     



    Original Message


  • 5.  RE: EPAC Viewer

    Posted Thu December 10, 2020 04:55 AM
    Joao,

    Have a look at this blog from Shane Weeden:
    https://www.ibm.com/blogs/sweeden/implementing-isam-credential-viewer-infomap/

    This details how to create a credential viewer within the AAC Authentication Service framework (using JavaScript infomap and Federation trust chain to decode the credential).

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------

    Original Message


  • 6.  RE: EPAC Viewer

    Posted Fri December 11, 2020 09:58 AM
    Hi Joao,

    Here are two useful links for deubgging:

    Manual copy-n-paste of an epac (https://genericeai.mybluemix.net/epac.jsp)
    Import necessary signer cert chain, create a junction which passes iv-creds header (https://ivcred.mybluemix.net/)


    ------------------------------
    Nick
    IBM Security Verify Customer Support
    ------------------------------

    Original Message