Hi Rodrigo,
My understanding is that a 'natural' place to run the IAG is close to the integrated application(s). You can view the IAG as being an add-on to an application that allows for integration with OIDC-based IdPs.
The IAG could run in the same pod as the integrated app(s) - provided this app already runs in a containerized environment. It's a discussion you should have with your infra folks too.
Look at this page in the documentation where the deployment options in K8S are discussed: https://www.ibm.com/docs/en/iag/24.09.0?topic=deployment-kubernetes-models
Hope this helps.
Cheers, Peter.
------------------------------
Peter Volckaert
Technical Subject Matter Expert
Authentication and Access
IBM Security
------------------------------
Original Message:
Sent: Thu October 17, 2024 03:36 PM
From: Rodrigo Xavier
Subject: Using Form Authentication with Verify SaaS
Great, Peter!
And about architecture? Where do you recommend install the IAG, in the same environment where is the legacy web app our can be in some cloud service as AWS or Azure?
Thanks a lot for your help.
Original Message:
Sent: 10/17/2024 11:01:00 AM
From: Peter Volckaert
Subject: RE: Using Form Authentication with Verify SaaS
Hi Rodrigo,
Hi Rodrigo,
Yes you can. The integration with the legacy app is distinct from the authentication part in the front.
The IBM Application Gateway support any IdP as long as it's talking OIDC.
So you'll need to configure your IdP (you probably mean Entra ID instead of O365 here?) to talk OIDC (more spefically the authzn code flow) to the IBM Application Gateway.
Kind regards,
------------------------------
Peter Volckaert
Technical Subject Matter Expert
Authentication and Access
IBM Security
Original Message:
Sent: Thu October 17, 2024 10:45 AM
From: Rodrigo Xavier
Subject: Using Form Authentication with Verify SaaS
Hi Peter,
Yes, almost that.
The IdP will be the Microsoft 365.
Even so, can I forward with IAG and forms authentication?
Regards,
Rodrigo
Original Message:
Sent: 10/17/2024 1:32:00 AM
From: Peter Volckaert
Subject: RE: Using Form Authentication with Verify SaaS
Hi Rodrigo,
I guess you want:
- to integrate a legacy web app that uses a username/password form to sign in
- Verify SaaS to be the IdP where authentication is done
If so, then 'yes' this is possible. You need something in front of the web legacy app that integrates with Verify SaaS to handle the federation. I recommend you to use our IBM Application Gateway, and configure it for forms single sign-on. The IBM Application Gateway is included as a supporting program for Verify SaaS, so it's not an extra cost. Here's are 2 links to IAG documentation: https://docs.verify.ibm.com/gateway and https://www.ibm.com/docs/en/iag/24.03.0?topic=overview-getting-started
To learn about forms single sign-on, please see this link: https://www.ibm.com/docs/en/iag/24.03.0?topic=tasks-credential-service
Cheers, Peter
------------------------------
Peter Volckaert
Technical Subject Matter Expert
Authentication and Access
IBM Security
Original Message:
Sent: Wed October 16, 2024 02:06 PM
From: Rodrigo Xavier
Subject: Using Form Authentication with Verify SaaS
Hi all,
Is possible to use Forms authentication with Verify Saas and a legacy web app?
If yes, can you share how?
Regareds,
Rodrigo
------------------------------
Rodrigo Xavier
------------------------------