Hi Joao,
> If I want to copy an existing Mechanism, like "Email One-time Password", how do I do it? Instead of using the existing predefined one, I would like to create my own, equal to the IBM provided one, so I can play around...
> How can I do this?
You can't create new copies of the built-in mechanisms. If you want a bespoke e-mail one-time password mechanism you would have to write it yourself using the JavaScript mechanism (using HTTP Client helper to call out to a service that can send the e-mail).
> Every mechanism has an Identifier, but again, Email One-time Password does not have! Why?
I'm not 100% sure on this but I think it's because the email (and SMS) OTP methods are different from the other mechanisms in the AAC (because they were created earlier than the others). I think that, under the covers, they both inherit somehow from the "One-Time Password" (urn:ibm:security:authentication:asf:mechanism:otp) mechanism.
> Where is the code that is run when these mechanisms are called?
These built-in mechanisms are implemented within the product code and so you can't see it (or change it). This is different from other mechanisms (like some of the USC mechansims) which are built as JavaScript mechanisms.
The e-mail and SMS OTP mechanisms do have some JavaScript code exits which (I think) are called during execution. If you look in mapping rules you'll see:
OTPGetMethods, OTPGenerate, OTPDeliver, OTPVerify.
To be honest I don't really know how these work - maybe someone else on this forum can help with that?
> If I want to create a mechanism that sends a SOAP request with custom Properties saved in the mechanism, and want to process the SOAP response, to do something in ISAM, how can I write the customized code?
You would need to use a JavaScript mechanism. You would have to generate the SOAP body and then send with the HTTP Client helper. You'd then need to parse the response returned. I don't remember if we have any classes available in the JavaScript helpers to assist with parsing XML DOM. Again, someone else may be able to help with that. Maybe
@Jasmine Smith ?
Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------
Original Message:
Sent: Tue April 20, 2021 11:15 AM
From: Joao Goncalves
Subject: Authentication Mechanism Types
When dealing with authentication mechanism in AAC, we have access to a set of predefined mechanisms.
When looking at each one of them, I can see that they have a "Type". These include: "Cloud Identity JavaScript", "Decision JavaScript", and many more.
But if I want to create one of my own, I am restricted to create only a few mechanism types: "InfoMap mechanism", "Email message", "Scim config", "Fido" and "Cloud".
If I want to copy an existing Mechanism, like "Email One-time Password", how do I do it? Instead of using the existing predefined one, I would like to create my own, equal to the IBM provided one, so I can play around...
How can I do this?
Every mechanism has an Identifier, but again, Email One-time Password does not have! Why?
Where is the code that is run when these mechanisms are called?
If I want to create a mechanism that sends a SOAP request with custom Properties saved in the mechanism, and want to process the SOAP response, to do something in ISAM, how can I write the customized code?
------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------