IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

ISVA 10.0.8 MFA using Email OTP is getting skipped when the URL is getting modified in the address bar

  • 1.  ISVA 10.0.8 MFA using Email OTP is getting skipped when the URL is getting modified in the address bar

    Posted Wed June 25, 2025 11:18 AM
    Hi All ,

    We have MFA using Email OTP enabled in our WebSphere portal application using ISVA 10.0.8  

    Steps to reproduce :
    1 ) Login to the application by giving username and password (Eg:   https//abc.com/Portalhome )
    2) I have access control policy that is attached below on the index.html page 
    3) The MFA screen appears to enter the Email OTP and the email with OTP is triggered .
    4) If the user goes to the browser address bar and wipes out the entire URL and types manually -->  https//abc.com/Portalhome/myportal 
    5) The user lands on the home page , where he has not keyed in the OTP 

    I am also checking the authentication level in the Access Control policy below .


    Could you please help me in resolving this issue ? 

    Thanks and Regards,

    Gomathy Sethusankar
    Security Consultant

    Managed Security Services
    Mobile: +91-9901508141
    gsethusa@in.ibm.com
    IBM Security

     



  • 2.  RE: ISVA 10.0.8 MFA using Email OTP is getting skipped when the URL is getting modified in the address bar

    Posted Thu June 26, 2025 01:23 AM

    It seems like perhaps you don't have the access policy attached to the resource you accessing?

    Further this is a very poor (from a performance perspective) way of achieving the use case. Uses a POP instead, with step-up authentication.



    ------------------------------
    Shane Weeden
    IBM
    ------------------------------

    Original Message


  • 3.  RE: ISVA 10.0.8 MFA using Email OTP is getting skipped when the URL is getting modified in the address bar

    Posted Thu June 26, 2025 03:34 AM
    Thank you , Shane ! You were correct , I missed to attach the policy to that particular resource . 

    Could you please let me know how to use POP with step-up authentication ? Please share if any documentation available .

    Thanks and Regards,

    Gomathy Sethusankar
    Security Consultant

    Managed Security Services
    Mobile: +91-9901508141
    gsethusa@in.ibm.com
    IBM Security

     




    Original Message


  • 4.  RE: ISVA 10.0.8 MFA using Email OTP is getting skipped when the URL is getting modified in the address bar

    Posted Fri June 27, 2025 10:01 AM

    Hi Gomathy

    Go to LMI → Access Control → POPs.
     
    Click Add POP, name it (e.g., stepup_pop).
    Authentication Level: Set a higher value (5) than the default login POP (1).
     
    Add Authentication Mechanism: Attach the step-up authentication policy you created.
    pdadmin> object modify /WebSEAL/hostname/resource_name set pop stepup_pop


    ------------------------------
    SathishKumar Natarajan
    ------------------------------

    Original Message


  • 5.  RE: ISVA 10.0.8 MFA using Email OTP is getting skipped when the URL is getting modified in the address bar

    Posted Thu July 03, 2025 10:45 PM

     Hi SathishKumar,
    i already make pop via policy administration like this and already attach to my protected resource:

    But when i tried it, it just keep logged in without any step-up authentication happening? Do i miss some step in here?? 



    ------------------------------
    Anugrah Wibowo
    ------------------------------

    Original Message


Related Content