IBM Security Verify

 View Only

  • 1.  IBM Verify registration error.

    Posted Fri June 26, 2020 12:16 PM
    Hi, I have an ISAM Production environment whose traffic pass through a Web Proxy and a Web Application Firewall, I have configured ISAM for MMFA use with IBM Verify according to IBM guides, but when I start device registration I can scan the QR code without problem, ISAM shows me the registered device but Verify shows an HTTP 400 error, Does anybody had faced the same problem? Any help or advice would be appreciated.
    Thank you in advance. Regards.



    ------------------------------
    David Vicenteño
    ------------------------------


  • 2.  RE: IBM Verify registration error.

    Posted Mon June 29, 2020 04:14 AM
    Hi David,

    There are a few steps involved in registering an IBM Verify app against your account:
      1. Receive OAuth code and Details URL via QRCode
      2. Call Details URL to get other endpoints
      3. Call token endpoint to exchange OAuth code for Access&Refresh Tokens
      4. Call TOTP endpoint to get TOTP secret
      5. Register Public key for User Presence method
      6. (register public key for Finger/Face method)

    It looks like you are reaching at least step (3) because that's where grant is populated with device details.
    I would advise looking at the WebSEAL request log (or pdweb.debug or pdweb.snoop traces ) to see exactly which request is failing.
    You should probably also have a look in the AAC Runtime messages.log and look for an error there.

    My guess is that something is broken in your SCIM configuration.

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------

    Original Message