IBM Security Verify

Expand all | Collapse all

OIDC Revoking Permits

  • 1.  OIDC Revoking Permits

    Posted 17 days ago
    In OIDC configuration, I can specify how I want ISAM to behave regarding consents. I have 3 options:
    • Always Prompt
    • Never Prompt
    • Prompt Once and Remember

    If I select Prompt Once and Remember, the consent, if given to the Relying Party, will be saved permanently in ISAM for the user.

    How can the user list the permits that were issued?
    How can the user revoke the consents given?

    ------------------------------
    Joao Goncalves
    Pyxis, Lda.
    Sintra
    +351 91 721 4994
    ------------------------------


  • 2.  RE: OIDC Revoking Permits

    Posted 15 days ago
    Hi Joao,

    For clients authorized with "prompt once and remember" the information can be seen at:
    https://<reverse proxy>/mga/sps/oauth/oauth20/clients

    If you connect to this endpoint with a browser you'll get back an HTML template page that shows the clients and a link to revoke each one.
    If you connect to this endpoint with a REST client (accept: application/json) then you'll get back a JSON object of the clients.

    This endpoint is listed on the OAuth/OIDC endpoints page:
    https://www.ibm.com/support/knowledgecenter/SSPREK_10.0.0/com.ibm.isva.doc/config/concept/OAuthEndpoints.htm#oauthendpoints

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------



  • 3.  RE: OIDC Revoking Permits

    Posted 15 days ago
    Thanks Jon.
    I knew it was possible, as I saw this before and couldn't remember where.
    I also searched in the documentation, although I tried a lot using multiple keywords like "revoke", "remove", but nothing looked suitable.

    ------------------------------
    Joao Goncalves
    Pyxis, Lda.
    Sintra
    +351 91 721 4994
    ------------------------------