Global Security Forum

Security Global Forum

Our mission is to provide clients with an online user community of industry peers and IBM experts, to exchange tips and tricks, best practices, and product knowledge. We hope the information you find here helps you maximize the value of your IBM Security solutions.

 View Only
Back to threads
Expand all | Collapse all

Which option should we use to filter the Authorization header in ISVA?

  • 1.  Which option should we use to filter the Authorization header in ISVA?

    Posted Fri February 14, 2025 10:15 AM
    Reply

    How to filter the Authorization header in ISVA to prevent it from being visible to backend services under a specific junction?

    If we need to filter the Authorization header so it's not visible to all services hosted under a specific junction (e.g., to ensure sensitive information in the header, such as credentials or tokens, is not exposed to backend services unnecessarily), how can this be done?

    We have checked the options under Junction Management → Identity with the choices: Ignore, Filter, and Supply etc.

    Which option should we use for this?



    ------------------------------
    Banu Priya Gopalakrishnan
    ------------------------------


  • 2.  RE: Which option should we use to filter the Authorization header in ISVA?
    Best Answer

    Posted Mon February 17, 2025 12:50 AM
    Reply

    If you want to ensure that the authorization header is removed from requests which are sent to junctions you need to use the 'filter' option.  The 'supply' option will allow you to construct a new authorization header (for single sign-on), and the 'ignore' option will tell WebSEAL to ignore the header and pass it through to the junctioned server.

    I hope that this helps.



    ------------------------------
    Scott Exton
    IBM
    Gold Coast
    ------------------------------

    Original Message


  • 3.  RE: Which option should we use to filter the Authorization header in ISVA?

    Posted Mon February 17, 2025 11:18 AM
    Reply

    Updates for the IBM i CIS controls are underway. However, I never see anything on the exchange for the IBM I which is not immune to compliance or cybersecurity and an incident was recently reported.

     

    Bruce F. Bading

    CEO/President

    vCISO

    IBM Lab Expert Parner

    BFB Consulting, Inc.

    830-237-6851

    www.bfbsecurity.com

    BFB Security is not Accepting New Clients as of 12/01/2024.

     

    Secure by Design | CISA

     

    Governance, Risk and Compliance

     

    What is GRC (Governance, Risk, and Compliance)? - OCEG

     

                  A blue and white logo Description automatically generated                             A close-up of a logo Description automatically generated

     

             Logo Description automatically generated      A picture containing clipart Description automatically generated

     

    If your organization believes it has been breached you can contact our parent company IBM.

    IBM X-Force Security Services | IBM

     

     

     




    Original Message


Related Content