IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

ISVA 10.0.8 MFA using Email OTP is getting skipped when the URL is getting modified in the address bar

  • 1.  ISVA 10.0.8 MFA using Email OTP is getting skipped when the URL is getting modified in the address bar

    Posted 17 hours ago
    Hi All ,

    We have MFA using Email OTP enabled in our WebSphere portal application using ISVA 10.0.8  

    Steps to reproduce :
    1 ) Login to the application by giving username and password (Eg:   https//abc.com/Portalhome )
    2) I have access control policy that is attached below on the index.html page 
    3) The MFA screen appears to enter the Email OTP and the email with OTP is triggered .
    4) If the user goes to the browser address bar and wipes out the entire URL and types manually -->  https//abc.com/Portalhome/myportal 
    5) The user lands on the home page , where he has not keyed in the OTP 

    I am also checking the authentication level in the Access Control policy below .


    Could you please help me in resolving this issue ? 

    Thanks and Regards,

    Gomathy Sethusankar
    Security Consultant

    Managed Security Services
    Mobile: +91-9901508141
    gsethusa@in.ibm.com
    IBM Security

     



  • 2.  RE: ISVA 10.0.8 MFA using Email OTP is getting skipped when the URL is getting modified in the address bar

    Posted 3 hours ago

    It seems like perhaps you don't have the access policy attached to the resource you accessing?

    Further this is a very poor (from a performance perspective) way of achieving the use case. Uses a POP instead, with step-up authentication.



    ------------------------------
    Shane Weeden
    IBM
    ------------------------------

    Original Message


  • 3.  RE: ISVA 10.0.8 MFA using Email OTP is getting skipped when the URL is getting modified in the address bar

    Posted 49 minutes ago
    Thank you , Shane ! You were correct , I missed to attach the policy to that particular resource . 

    Could you please let me know how to use POP with step-up authentication ? Please share if any documentation available .

    Thanks and Regards,

    Gomathy Sethusankar
    Security Consultant

    Managed Security Services
    Mobile: +91-9901508141
    gsethusa@in.ibm.com
    IBM Security

     




    Original Message


Related Content