IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
  • 1.  IBM Security Verify (ISV) - SaaS

    Posted Tue December 12, 2023 12:09 PM
    Edited by Bipin Dash Tue December 12, 2023 05:01 PM

    Hello Team,

    How can we interrupt an OIDC flow and do some external validation before sending response back to Service Provider/End Application in ISV SaaS?

    Login Flow :-

    User -> SP application -> IDP -> userid/password verification -> calls external API for validation -> IDP gets response form external provider -> sends back the response to SP application.

    I have looked realtime webhooks, identity agents etc.. but how can we integrate with a typical OIDC flow.. Please suggest



    ------------------------------
    Bipin Dash
    ------------------------------



  • 2.  RE: IBM Security Verify (ISV) - SaaS

    Posted Wed January 10, 2024 04:00 PM

    Hello Bipin,

    Could you describe the scenario a little more about what you are trying to achieve?


    There could be a few different solutions to this, such as using an advanced rule in attribute mapping to do callouts, but most of these would occur after a response from the IDP and invalidating sessions after callout.

    Identity agents could also provide the desired functionality



    ------------------------------
    Colton Williams
    ------------------------------



  • 3.  RE: IBM Security Verify (ISV) - SaaS

    Posted Thu January 11, 2024 09:37 AM

    Hi Colton,

    This is some external module to evaluate set of preconditions after authentication. The external module redirects users back to IDP  with an acknowledgement. Then IDP reads the acknowledgement, generates the response ex: JWT token and send back to SP.

    I was looking into access policy, hopefully It will be useful here. Access Policy -> Custom Policy -> Real Time hooks. Based upon the real time hook response, we can create "Rules" which can be set allow/deny.



    ------------------------------
    Bipin Dash
    ------------------------------