Hi Colton,
This is some external module to evaluate set of preconditions after authentication. The external module redirects users back to IDP with an acknowledgement. Then IDP reads the acknowledgement, generates the response ex: JWT token and send back to SP.
I was looking into access policy, hopefully It will be useful here. Access Policy -> Custom Policy -> Real Time hooks. Based upon the real time hook response, we can create "Rules" which can be set allow/deny.
------------------------------
Bipin Dash
------------------------------
Original Message:
Sent: Wed January 10, 2024 03:59 PM
From: Colton Williams
Subject: IBM Security Verify (ISV) - SaaS
Hello Bipin,
Could you describe the scenario a little more about what you are trying to achieve?
There could be a few different solutions to this, such as using an advanced rule in attribute mapping to do callouts, but most of these would occur after a response from the IDP and invalidating sessions after callout.
Identity agents could also provide the desired functionality
------------------------------
Colton Williams
Original Message:
Sent: Tue December 12, 2023 12:08 PM
From: Bipin Dash
Subject: IBM Security Verify (ISV) - SaaS
Hello Team,
How can we interrupt an OIDC flow and do some external validation before sending response back to Service Provider/End Application in ISV SaaS?
Login Flow :-
User -> SP application -> IDP -> userid/password verification -> calls external API for validation -> IDP gets response form external provider -> sends back the response to SP application.
I have looked realtime webhooks, identity agents etc.. but how can we integrate with a typical OIDC flow.. Please suggest
------------------------------
Bipin Dash
------------------------------