IBM Security Verify

 View Only
Expand all | Collapse all

ISAM 9 OpenID Connect Provider check user is active

  • 1.  ISAM 9 OpenID Connect Provider check user is active

    Posted Tue May 11, 2021 07:17 PM
    Hello,
    I have OpenID Provider based on Appliance 9.0.7 with authorization code flow.
    When Relying Party send Refresh Token or try to introspect Access Token, I need to check, that user is still active (Access Manager in ISAM).
    I try to use UserLookupHelper class in POST Mapping Rule of the OpenID Provider, but dont` get result.
    Is there any way to check Access Manager status or some kind of instruction how to do this?

    Thanks!


    ------------------------------
    Kirill N
    ------------------------------


  • 2.  RE: ISAM 9 OpenID Connect Provider check user is active

    Posted Wed May 12, 2021 02:27 AM
    Hi Kirill,

    So are you not able to use the UserLookupHelper at all or is it just that you are not able to check if the user is still active?
    It is definitely possible to use the UserLookupHelper in OAuth mapping rules, We use it.

    Did you set the required parameters in ldap.conf?

    [bind-credentials]
    # Optional stanza used to store a set of bind credentials.
    # The ISAM Appliance will use these credentials when consuming the ISAM RTE as
    # an LDAP connection for user lookups. (Currently only via the UserLookupHelper).
    #
    # Bind DN to use when performing user lookups and modifications.
    bind-dn = cn=root

    # The following configuration item is contained within the obfuscated
    # database and as such is obfuscated within this file. If the value is
    # modified within this configuration file the corresponding change will
    # be applied to the obfuscated database.

    bind-pwd = **obfuscated**

    ------------------------------
    Laurent LA Asselborn
    ------------------------------