IBM Security Verify

All,

I was wondering if it is possible to send an email directly from an infomap?  We make HTTP calls directly from infomaps where we post event logs to a webservice using the httpclient object.  Phil Nye had examples of how to do this in the infomap.  However, I was searching the API and I don't see an equivalent object such as an smtpclient that makes a call to exchange server.  My MS Exchange guy said that there is an EWS (Exchange Web Service) that I could use but not familiar with that.  Wondering if this is possible?

The solution I am trying to solve... There is a new requirement that states if a user gets soft locked (30 minute lock) after 5 incorrect login attempts, an email must be sent to the individual that there ID is locked.  Same thing with a hard lock (permanent lock) after the following 5 incorrect attempts.  I sorta got this working through an authorization policy/mechanism, but it causes new problems using this workflow.  So sending the email directly in the infomap would be optimal.

Version:  ISAM 9.0.7.1

------------------------------
Troy Burkle
------------------------------

Hi Troy,

There is no SMTP client helper class in the JavaScript InfoMap context.  If you need to send email from within the logic of the JavaScript then you would have to find a REST service you can use to send e-mail and call this using the HTTPClient helper.  That's what your Exchange guy is offering.

There is an E-mail mechanism within the Authentication Service which can be hooked into an authentication policy - that's how we send emails as part of forgotten username or account registration flows for example.  I wonder if you could create a separate authentication policy using that e-mail mechanism and use that as a pseudo e-mail-sending service.... you could then invoke that policy (via HTTPClient helper) from your InfoMap. ??

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Thu April 08, 2021 09:44 AM
From: Troy Burkle
Subject: Sending Email Directly from InfoMap?


All,

I was wondering if it is possible to send an email directly from an infomap?  We make HTTP calls directly from infomaps where we post event logs to a webservice using the httpclient object.  Phil Nye had examples of how to do this in the infomap.  However, I was searching the API and I don't see an equivalent object such as an smtpclient that makes a call to exchange server.  My MS Exchange guy said that there is an EWS (Exchange Web Service) that I could use but not familiar with that.  Wondering if this is possible?

The solution I am trying to solve... There is a new requirement that states if a user gets soft locked (30 minute lock) after 5 incorrect login attempts, an email must be sent to the individual that there ID is locked.  Same thing with a hard lock (permanent lock) after the following 5 incorrect attempts.  I sorta got this working through an authorization policy/mechanism, but it causes new problems using this workflow.  So sending the email directly in the infomap would be optimal.

Version:  ISAM 9.0.7.1

------------------------------
Troy Burkle
------------------------------

Hi Jon,

I came up with that exact idea this morning after a couple cups of coffee.  I am working on that solution now.

Troy

------------------------------
Troy Burkle
------------------------------

Original Message:
Sent: Thu April 08, 2021 02:41 PM
From: Jon Harry
Subject: Sending Email Directly from InfoMap?

Hi Troy,

There is no SMTP client helper class in the JavaScript InfoMap context.  If you need to send email from within the logic of the JavaScript then you would have to find a REST service you can use to send e-mail and call this using the HTTPClient helper.  That's what your Exchange guy is offering.

There is an E-mail mechanism within the Authentication Service which can be hooked into an authentication policy - that's how we send emails as part of forgotten username or account registration flows for example.  I wonder if you could create a separate authentication policy using that e-mail mechanism and use that as a pseudo e-mail-sending service.... you could then invoke that policy (via HTTPClient helper) from your InfoMap. ??

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Thu April 08, 2021 09:44 AM
From: Troy Burkle
Subject: Sending Email Directly from InfoMap?


All,

I was wondering if it is possible to send an email directly from an infomap?  We make HTTP calls directly from infomaps where we post event logs to a webservice using the httpclient object.  Phil Nye had examples of how to do this in the infomap.  However, I was searching the API and I don't see an equivalent object such as an smtpclient that makes a call to exchange server.  My MS Exchange guy said that there is an EWS (Exchange Web Service) that I could use but not familiar with that.  Wondering if this is possible?

The solution I am trying to solve... There is a new requirement that states if a user gets soft locked (30 minute lock) after 5 incorrect login attempts, an email must be sent to the individual that there ID is locked.  Same thing with a hard lock (permanent lock) after the following 5 incorrect attempts.  I sorta got this working through an authorization policy/mechanism, but it causes new problems using this workflow.  So sending the email directly in the infomap would be optimal.

Version:  ISAM 9.0.7.1

------------------------------
Troy Burkle
------------------------------

That's also the solution I recommend. We use it to send confirmation mails from OAuth mapping rules.

------------------------------
Laurent LA Asselborn
------------------------------

Original Message:
Sent: Thu April 08, 2021 02:41 PM
From: Jon Harry
Subject: Sending Email Directly from InfoMap?

Hi Troy,

There is no SMTP client helper class in the JavaScript InfoMap context.  If you need to send email from within the logic of the JavaScript then you would have to find a REST service you can use to send e-mail and call this using the HTTPClient helper.  That's what your Exchange guy is offering.

There is an E-mail mechanism within the Authentication Service which can be hooked into an authentication policy - that's how we send emails as part of forgotten username or account registration flows for example.  I wonder if you could create a separate authentication policy using that e-mail mechanism and use that as a pseudo e-mail-sending service.... you could then invoke that policy (via HTTPClient helper) from your InfoMap. ??

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Thu April 08, 2021 09:44 AM
From: Troy Burkle
Subject: Sending Email Directly from InfoMap?


All,

I was wondering if it is possible to send an email directly from an infomap?  We make HTTP calls directly from infomaps where we post event logs to a webservice using the httpclient object.  Phil Nye had examples of how to do this in the infomap.  However, I was searching the API and I don't see an equivalent object such as an smtpclient that makes a call to exchange server.  My MS Exchange guy said that there is an EWS (Exchange Web Service) that I could use but not familiar with that.  Wondering if this is possible?

The solution I am trying to solve... There is a new requirement that states if a user gets soft locked (30 minute lock) after 5 incorrect login attempts, an email must be sent to the individual that there ID is locked.  Same thing with a hard lock (permanent lock) after the following 5 incorrect attempts.  I sorta got this working through an authorization policy/mechanism, but it causes new problems using this workflow.  So sending the email directly in the infomap would be optimal.

Version:  ISAM 9.0.7.1

------------------------------
Troy Burkle
------------------------------

Email service can be defined in "Server Connections".
These server connection, as I understand are used by the policy server, and its services can be made accessible through the localhost:443.
Isn't there a service here that can be used to send email? In this case i could in fact send messages using a sps/??? request!

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: Fri April 09, 2021 03:11 AM
From: Laurent LA Asselborn
Subject: Sending Email Directly from InfoMap?

That's also the solution I recommend. We use it to send confirmation mails from OAuth mapping rules.

------------------------------
Laurent LA Asselborn

Original Message:
Sent: Thu April 08, 2021 02:41 PM
From: Jon Harry
Subject: Sending Email Directly from InfoMap?

Hi Troy,

There is no SMTP client helper class in the JavaScript InfoMap context.  If you need to send email from within the logic of the JavaScript then you would have to find a REST service you can use to send e-mail and call this using the HTTPClient helper.  That's what your Exchange guy is offering.

There is an E-mail mechanism within the Authentication Service which can be hooked into an authentication policy - that's how we send emails as part of forgotten username or account registration flows for example.  I wonder if you could create a separate authentication policy using that e-mail mechanism and use that as a pseudo e-mail-sending service.... you could then invoke that policy (via HTTPClient helper) from your InfoMap. ??

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Thu April 08, 2021 09:44 AM
From: Troy Burkle
Subject: Sending Email Directly from InfoMap?


All,

I was wondering if it is possible to send an email directly from an infomap?  We make HTTP calls directly from infomaps where we post event logs to a webservice using the httpclient object.  Phil Nye had examples of how to do this in the infomap.  However, I was searching the API and I don't see an equivalent object such as an smtpclient that makes a call to exchange server.  My MS Exchange guy said that there is an EWS (Exchange Web Service) that I could use but not familiar with that.  Wondering if this is possible?

The solution I am trying to solve... There is a new requirement that states if a user gets soft locked (30 minute lock) after 5 incorrect login attempts, an email must be sent to the individual that there ID is locked.  Same thing with a hard lock (permanent lock) after the following 5 incorrect attempts.  I sorta got this working through an authorization policy/mechanism, but it causes new problems using this workflow.  So sending the email directly in the infomap would be optimal.

Version:  ISAM 9.0.7.1

------------------------------
Troy Burkle
------------------------------

Hi Troy,

As the team has already suggested the possible solutions using ISAM version 9.0.7, I just wanted to add that if you have an option to upgrade to v10 or have the upgrade in roadmap, then you could consider using the 'Email' and 'EmailSender' classes which are available in v10. These can be utilized to send an email from within an InfoMap directly as per your requirement. I have done it successfully on v10.0.1 using the following classes

You can easily find the details of using these classes in Verify Access v10 Javadoc and you would be able to send an email with 3 or 4 lines of code (excluding import statements) :p

Hope this helps.

Best regards,
Jahanzaib ​

------------------------------
Jahanzaib Sarwar
------------------------------

Original Message:
Sent: Fri April 09, 2021 07:38 AM
From: Joao Goncalves
Subject: Sending Email Directly from InfoMap?

Email service can be defined in "Server Connections".
These server connection, as I understand are used by the policy server, and its services can be made accessible through the localhost:443.
Isn't there a service here that can be used to send email? In this case i could in fact send messages using a sps/??? request!

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Fri April 09, 2021 03:11 AM
From: Laurent LA Asselborn
Subject: Sending Email Directly from InfoMap?

That's also the solution I recommend. We use it to send confirmation mails from OAuth mapping rules.

------------------------------
Laurent LA Asselborn

Original Message:
Sent: Thu April 08, 2021 02:41 PM
From: Jon Harry
Subject: Sending Email Directly from InfoMap?

Hi Troy,

There is no SMTP client helper class in the JavaScript InfoMap context.  If you need to send email from within the logic of the JavaScript then you would have to find a REST service you can use to send e-mail and call this using the HTTPClient helper.  That's what your Exchange guy is offering.

There is an E-mail mechanism within the Authentication Service which can be hooked into an authentication policy - that's how we send emails as part of forgotten username or account registration flows for example.  I wonder if you could create a separate authentication policy using that e-mail mechanism and use that as a pseudo e-mail-sending service.... you could then invoke that policy (via HTTPClient helper) from your InfoMap. ??

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Thu April 08, 2021 09:44 AM
From: Troy Burkle
Subject: Sending Email Directly from InfoMap?


All,

I was wondering if it is possible to send an email directly from an infomap?  We make HTTP calls directly from infomaps where we post event logs to a webservice using the httpclient object.  Phil Nye had examples of how to do this in the infomap.  However, I was searching the API and I don't see an equivalent object such as an smtpclient that makes a call to exchange server.  My MS Exchange guy said that there is an EWS (Exchange Web Service) that I could use but not familiar with that.  Wondering if this is possible?

The solution I am trying to solve... There is a new requirement that states if a user gets soft locked (30 minute lock) after 5 incorrect login attempts, an email must be sent to the individual that there ID is locked.  Same thing with a hard lock (permanent lock) after the following 5 incorrect attempts.  I sorta got this working through an authorization policy/mechanism, but it causes new problems using this workflow.  So sending the email directly in the infomap would be optimal.

Version:  ISAM 9.0.7.1

------------------------------
Troy Burkle
------------------------------

Thanks for that info Jahanzaib.  We will be upgrading to v10 later this year.  But I was successfully able to create a new Authentication Mechanism/Policy workflow and invoked via httpclient.  

Troy

------------------------------
Troy Burkle
------------------------------

Original Message:
Sent: Mon April 12, 2021 07:02 AM
From: Jahanzaib Sarwar
Subject: Sending Email Directly from InfoMap?

Hi Troy,

As the team has already suggested the possible solutions using ISAM version 9.0.7, I just wanted to add that if you have an option to upgrade to v10 or have the upgrade in roadmap, then you could consider using the 'Email' and 'EmailSender' classes which are available in v10. These can be utilized to send an email from within an InfoMap directly as per your requirement. I have done it successfully on v10.0.1 using the following classes

You can easily find the details of using these classes in Verify Access v10 Javadoc and you would be able to send an email with 3 or 4 lines of code (excluding import statements) :p

Hope this helps.

Best regards,
Jahanzaib ​

------------------------------
Jahanzaib Sarwar

Original Message:
Sent: Fri April 09, 2021 07:38 AM
From: Joao Goncalves
Subject: Sending Email Directly from InfoMap?

Email service can be defined in "Server Connections".
These server connection, as I understand are used by the policy server, and its services can be made accessible through the localhost:443.
Isn't there a service here that can be used to send email? In this case i could in fact send messages using a sps/??? request!

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Fri April 09, 2021 03:11 AM
From: Laurent LA Asselborn
Subject: Sending Email Directly from InfoMap?

That's also the solution I recommend. We use it to send confirmation mails from OAuth mapping rules.

------------------------------
Laurent LA Asselborn

Original Message:
Sent: Thu April 08, 2021 02:41 PM
From: Jon Harry
Subject: Sending Email Directly from InfoMap?

Hi Troy,

There is no SMTP client helper class in the JavaScript InfoMap context.  If you need to send email from within the logic of the JavaScript then you would have to find a REST service you can use to send e-mail and call this using the HTTPClient helper.  That's what your Exchange guy is offering.

There is an E-mail mechanism within the Authentication Service which can be hooked into an authentication policy - that's how we send emails as part of forgotten username or account registration flows for example.  I wonder if you could create a separate authentication policy using that e-mail mechanism and use that as a pseudo e-mail-sending service.... you could then invoke that policy (via HTTPClient helper) from your InfoMap. ??

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Thu April 08, 2021 09:44 AM
From: Troy Burkle
Subject: Sending Email Directly from InfoMap?


All,

I was wondering if it is possible to send an email directly from an infomap?  We make HTTP calls directly from infomaps where we post event logs to a webservice using the httpclient object.  Phil Nye had examples of how to do this in the infomap.  However, I was searching the API and I don't see an equivalent object such as an smtpclient that makes a call to exchange server.  My MS Exchange guy said that there is an EWS (Exchange Web Service) that I could use but not familiar with that.  Wondering if this is possible?

The solution I am trying to solve... There is a new requirement that states if a user gets soft locked (30 minute lock) after 5 incorrect login attempts, an email must be sent to the individual that there ID is locked.  Same thing with a hard lock (permanent lock) after the following 5 incorrect attempts.  I sorta got this working through an authorization policy/mechanism, but it causes new problems using this workflow.  So sending the email directly in the infomap would be optimal.

Version:  ISAM 9.0.7.1

------------------------------
Troy Burkle
------------------------------

Hi Jahanzaib,
I'm using v10.0.1 and tried using 'Email' and 'EmailSender' classes to send email out of an InfoMap but it doesn't work for some reason. After doing extensive tracing, I saw the EmailSender.send() method throwing a NullPointerException. It doesn't log the reason for the exception or any other infomation apart from the stack trace that just points out the line in InfoMap JS where exception occurred.

It only a few lines code (pasted below) that I've in the InfoMap.

importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils);
importPackage(Packages.com.tivoli.am.fim.email);
importPackage(Packages.com.ibm.security.access.server_connections);

IDMappingExtUtils.traceString("************* ENTERING INFOMAP *************");

IDMappingExtUtils.traceString("Preparing Email");
var newmail = new Email("MFA","Successful", "noreply@myorg.com", "user@myorg.com");
var connFactory = new ServerConnectionFactory();
var conn = connFactory.getSmtpConnectionById("27043a4c-4ea4-423a-8f97-e9173d4bebdb");
var smtpConn = new SmtpServerConnection(conn) ;
var emailSenderConn = new EmailSender(smtpConn);
emailSenderConn.send(newmail);                 // THIS IS WHERE THE EXCEPTION OCCURS.
IDMappingExtUtils.traceString("Email Sent!");

IDMappingExtUtils.traceString("************* EXITING INFOMAP ************* ");

The SMTP Server Connection settings are pretty simple. It just has connection name, smtp hostname and port number. No username, pwd, SSL or TLS setting used, they are all left blank/false. I tried using getSmtpConnectionByName() method with no luck.

Interestingly, just to make sure there are no issues with the SMTP server itself and it is accepting connections/messages, I tried using macotp Authentication Policy with the same SMTP server and it works. I do get an OTP via the email.

Can you think of anything that I might be missing or doing wrong here?

Thanks!


------------------------------
Manish Sethi
------------------------------

Original Message:
Sent: Mon April 12, 2021 07:02 AM
From: Jahanzaib Sarwar
Subject: Sending Email Directly from InfoMap?

Hi Troy,

As the team has already suggested the possible solutions using ISAM version 9.0.7, I just wanted to add that if you have an option to upgrade to v10 or have the upgrade in roadmap, then you could consider using the 'Email' and 'EmailSender' classes which are available in v10. These can be utilized to send an email from within an InfoMap directly as per your requirement. I have done it successfully on v10.0.1 using the following classes

You can easily find the details of using these classes in Verify Access v10 Javadoc and you would be able to send an email with 3 or 4 lines of code (excluding import statements) :p

Hope this helps.

Best regards,
Jahanzaib ​

------------------------------
Jahanzaib Sarwar

Original Message:
Sent: Fri April 09, 2021 07:38 AM
From: Joao Goncalves
Subject: Sending Email Directly from InfoMap?

Email service can be defined in "Server Connections".
These server connection, as I understand are used by the policy server, and its services can be made accessible through the localhost:443.
Isn't there a service here that can be used to send email? In this case i could in fact send messages using a sps/??? request!

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Fri April 09, 2021 03:11 AM
From: Laurent LA Asselborn
Subject: Sending Email Directly from InfoMap?

That's also the solution I recommend. We use it to send confirmation mails from OAuth mapping rules.

------------------------------
Laurent LA Asselborn

Original Message:
Sent: Thu April 08, 2021 02:41 PM
From: Jon Harry
Subject: Sending Email Directly from InfoMap?

Hi Troy,

There is no SMTP client helper class in the JavaScript InfoMap context.  If you need to send email from within the logic of the JavaScript then you would have to find a REST service you can use to send e-mail and call this using the HTTPClient helper.  That's what your Exchange guy is offering.

There is an E-mail mechanism within the Authentication Service which can be hooked into an authentication policy - that's how we send emails as part of forgotten username or account registration flows for example.  I wonder if you could create a separate authentication policy using that e-mail mechanism and use that as a pseudo e-mail-sending service.... you could then invoke that policy (via HTTPClient helper) from your InfoMap. ??

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Thu April 08, 2021 09:44 AM
From: Troy Burkle
Subject: Sending Email Directly from InfoMap?


All,

I was wondering if it is possible to send an email directly from an infomap?  We make HTTP calls directly from infomaps where we post event logs to a webservice using the httpclient object.  Phil Nye had examples of how to do this in the infomap.  However, I was searching the API and I don't see an equivalent object such as an smtpclient that makes a call to exchange server.  My MS Exchange guy said that there is an EWS (Exchange Web Service) that I could use but not familiar with that.  Wondering if this is possible?

The solution I am trying to solve... There is a new requirement that states if a user gets soft locked (30 minute lock) after 5 incorrect login attempts, an email must be sent to the individual that there ID is locked.  Same thing with a hard lock (permanent lock) after the following 5 incorrect attempts.  I sorta got this working through an authorization policy/mechanism, but it causes new problems using this workflow.  So sending the email directly in the infomap would be optimal.

Version:  ISAM 9.0.7.1

------------------------------
Troy Burkle
------------------------------

Hi Manish,

There seems to be an issue in your code where you are creating an SMTP server connection. You are creating a new connection factory instance, consequently there is no SMTP server connection in that connection factory with that ID. You just need to call existing server connection factory which will be having the connections defined in ISAM and get the server connection from there. This is one of the reasons you might be getting NullPointerException. So, firstly, you need to change below code

from
var connFactory = new ServerConnectionFactory();
var conn = connFactory.getSmtpConnectionById("27043a4c-4ea4-423a-8f97-e9173d4bebdb");
var smtpConn = new SmtpServerConnection(conn) ;

to
var smtpConn = ServerConnectionFactory.getSmtpConnectionById("27043a4c-4ea4-423a-8f97-e9173d4bebdb");

Secondly, please add below for the import of EmailSender class in the import section, which I don't see

importClass(Packages.com.tivoli.am.fim.email.EmailSender);

Please try the above two changes and let us know the results.

Best regards,
Jahanzaib

------------------------------
Jahanzaib Sarwar
------------------------------

Original Message:
Sent: Mon April 25, 2022 01:38 PM
From: Manish Sethi
Subject: Sending Email Directly from InfoMap?

Hi Jahanzaib,
I'm using v10.0.1 and tried using 'Email' and 'EmailSender' classes to send email out of an InfoMap but it doesn't work for some reason. After doing extensive tracing, I saw the EmailSender.send() method throwing a NullPointerException. It doesn't log the reason for the exception or any other infomation apart from the stack trace that just points out the line in InfoMap JS where exception occurred.

It only a few lines code (pasted below) that I've in the InfoMap.

importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils);
importPackage(Packages.com.tivoli.am.fim.email);
importPackage(Packages.com.ibm.security.access.server_connections);

IDMappingExtUtils.traceString("************* ENTERING INFOMAP *************");

IDMappingExtUtils.traceString("Preparing Email");
var newmail = new Email("MFA","Successful", "noreply@myorg.com", "user@myorg.com");
var connFactory = new ServerConnectionFactory();
var conn = connFactory.getSmtpConnectionById("27043a4c-4ea4-423a-8f97-e9173d4bebdb");
var smtpConn = new SmtpServerConnection(conn) ;
var emailSenderConn = new EmailSender(smtpConn);
emailSenderConn.send(newmail);                 // THIS IS WHERE THE EXCEPTION OCCURS.
IDMappingExtUtils.traceString("Email Sent!");

IDMappingExtUtils.traceString("************* EXITING INFOMAP ************* ");

The SMTP Server Connection settings are pretty simple. It just has connection name, smtp hostname and port number. No username, pwd, SSL or TLS setting used, they are all left blank/false. I tried using getSmtpConnectionByName() method with no luck.

Interestingly, just to make sure there are no issues with the SMTP server itself and it is accepting connections/messages, I tried using macotp Authentication Policy with the same SMTP server and it works. I do get an OTP via the email.

Can you think of anything that I might be missing or doing wrong here?

Thanks!


------------------------------
Manish Sethi

Original Message:
Sent: Mon April 12, 2021 07:02 AM
From: Jahanzaib Sarwar
Subject: Sending Email Directly from InfoMap?

Hi Troy,

As the team has already suggested the possible solutions using ISAM version 9.0.7, I just wanted to add that if you have an option to upgrade to v10 or have the upgrade in roadmap, then you could consider using the 'Email' and 'EmailSender' classes which are available in v10. These can be utilized to send an email from within an InfoMap directly as per your requirement. I have done it successfully on v10.0.1 using the following classes

You can easily find the details of using these classes in Verify Access v10 Javadoc and you would be able to send an email with 3 or 4 lines of code (excluding import statements) :p

Hope this helps.

Best regards,
Jahanzaib ​

------------------------------
Jahanzaib Sarwar

Original Message:
Sent: Fri April 09, 2021 07:38 AM
From: Joao Goncalves
Subject: Sending Email Directly from InfoMap?

Email service can be defined in "Server Connections".
These server connection, as I understand are used by the policy server, and its services can be made accessible through the localhost:443.
Isn't there a service here that can be used to send email? In this case i could in fact send messages using a sps/??? request!

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Fri April 09, 2021 03:11 AM
From: Laurent LA Asselborn
Subject: Sending Email Directly from InfoMap?

That's also the solution I recommend. We use it to send confirmation mails from OAuth mapping rules.

------------------------------
Laurent LA Asselborn

Original Message:
Sent: Thu April 08, 2021 02:41 PM
From: Jon Harry
Subject: Sending Email Directly from InfoMap?

Hi Troy,

There is no SMTP client helper class in the JavaScript InfoMap context.  If you need to send email from within the logic of the JavaScript then you would have to find a REST service you can use to send e-mail and call this using the HTTPClient helper.  That's what your Exchange guy is offering.

There is an E-mail mechanism within the Authentication Service which can be hooked into an authentication policy - that's how we send emails as part of forgotten username or account registration flows for example.  I wonder if you could create a separate authentication policy using that e-mail mechanism and use that as a pseudo e-mail-sending service.... you could then invoke that policy (via HTTPClient helper) from your InfoMap. ??

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Thu April 08, 2021 09:44 AM
From: Troy Burkle
Subject: Sending Email Directly from InfoMap?


All,

I was wondering if it is possible to send an email directly from an infomap?  We make HTTP calls directly from infomaps where we post event logs to a webservice using the httpclient object.  Phil Nye had examples of how to do this in the infomap.  However, I was searching the API and I don't see an equivalent object such as an smtpclient that makes a call to exchange server.  My MS Exchange guy said that there is an EWS (Exchange Web Service) that I could use but not familiar with that.  Wondering if this is possible?

The solution I am trying to solve... There is a new requirement that states if a user gets soft locked (30 minute lock) after 5 incorrect login attempts, an email must be sent to the individual that there ID is locked.  Same thing with a hard lock (permanent lock) after the following 5 incorrect attempts.  I sorta got this working through an authorization policy/mechanism, but it causes new problems using this workflow.  So sending the email directly in the infomap would be optimal.

Version:  ISAM 9.0.7.1

------------------------------
Troy Burkle
------------------------------

Thanks for your help, Jahanzaib! That was the issue. After I change the code to retrieve existing smtp connection, it worked!


------------------------------
Manish Sethi
------------------------------

Original Message:
Sent: Tue April 26, 2022 04:29 PM
From: Jahanzaib Sarwar
Subject: Sending Email Directly from InfoMap?

Hi Manish,

There seems to be an issue in your code where you are creating an SMTP server connection. You are creating a new connection factory instance, consequently there is no SMTP server connection in that connection factory with that ID. You just need to call existing server connection factory which will be having the connections defined in ISAM and get the server connection from there. This is one of the reasons you might be getting NullPointerException. So, firstly, you need to change below code

from
var connFactory = new ServerConnectionFactory();
var conn = connFactory.getSmtpConnectionById("27043a4c-4ea4-423a-8f97-e9173d4bebdb");
var smtpConn = new SmtpServerConnection(conn) ;

to
var smtpConn = ServerConnectionFactory.getSmtpConnectionById("27043a4c-4ea4-423a-8f97-e9173d4bebdb");

Secondly, please add below for the import of EmailSender class in the import section, which I don't see

importClass(Packages.com.tivoli.am.fim.email.EmailSender);

Please try the above two changes and let us know the results.

Best regards,
Jahanzaib

------------------------------
Jahanzaib Sarwar

Original Message:
Sent: Mon April 25, 2022 01:38 PM
From: Manish Sethi
Subject: Sending Email Directly from InfoMap?

Hi Jahanzaib,
I'm using v10.0.1 and tried using 'Email' and 'EmailSender' classes to send email out of an InfoMap but it doesn't work for some reason. After doing extensive tracing, I saw the EmailSender.send() method throwing a NullPointerException. It doesn't log the reason for the exception or any other infomation apart from the stack trace that just points out the line in InfoMap JS where exception occurred.

It only a few lines code (pasted below) that I've in the InfoMap.

importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils);
importPackage(Packages.com.tivoli.am.fim.email);
importPackage(Packages.com.ibm.security.access.server_connections);

IDMappingExtUtils.traceString("************* ENTERING INFOMAP *************");

IDMappingExtUtils.traceString("Preparing Email");
var newmail = new Email("MFA","Successful", "noreply@myorg.com", "user@myorg.com");
var connFactory = new ServerConnectionFactory();
var conn = connFactory.getSmtpConnectionById("27043a4c-4ea4-423a-8f97-e9173d4bebdb");
var smtpConn = new SmtpServerConnection(conn) ;
var emailSenderConn = new EmailSender(smtpConn);
emailSenderConn.send(newmail);                 // THIS IS WHERE THE EXCEPTION OCCURS.
IDMappingExtUtils.traceString("Email Sent!");

IDMappingExtUtils.traceString("************* EXITING INFOMAP ************* ");

The SMTP Server Connection settings are pretty simple. It just has connection name, smtp hostname and port number. No username, pwd, SSL or TLS setting used, they are all left blank/false. I tried using getSmtpConnectionByName() method with no luck.

Interestingly, just to make sure there are no issues with the SMTP server itself and it is accepting connections/messages, I tried using macotp Authentication Policy with the same SMTP server and it works. I do get an OTP via the email.

Can you think of anything that I might be missing or doing wrong here?

Thanks!


------------------------------
Manish Sethi

Original Message:
Sent: Mon April 12, 2021 07:02 AM
From: Jahanzaib Sarwar
Subject: Sending Email Directly from InfoMap?

Hi Troy,

As the team has already suggested the possible solutions using ISAM version 9.0.7, I just wanted to add that if you have an option to upgrade to v10 or have the upgrade in roadmap, then you could consider using the 'Email' and 'EmailSender' classes which are available in v10. These can be utilized to send an email from within an InfoMap directly as per your requirement. I have done it successfully on v10.0.1 using the following classes

You can easily find the details of using these classes in Verify Access v10 Javadoc and you would be able to send an email with 3 or 4 lines of code (excluding import statements) :p

Hope this helps.

Best regards,
Jahanzaib ​

------------------------------
Jahanzaib Sarwar

Original Message:
Sent: Fri April 09, 2021 07:38 AM
From: Joao Goncalves
Subject: Sending Email Directly from InfoMap?

Email service can be defined in "Server Connections".
These server connection, as I understand are used by the policy server, and its services can be made accessible through the localhost:443.
Isn't there a service here that can be used to send email? In this case i could in fact send messages using a sps/??? request!

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Fri April 09, 2021 03:11 AM
From: Laurent LA Asselborn
Subject: Sending Email Directly from InfoMap?

That's also the solution I recommend. We use it to send confirmation mails from OAuth mapping rules.

------------------------------
Laurent LA Asselborn

Original Message:
Sent: Thu April 08, 2021 02:41 PM
From: Jon Harry
Subject: Sending Email Directly from InfoMap?

Hi Troy,

There is no SMTP client helper class in the JavaScript InfoMap context.  If you need to send email from within the logic of the JavaScript then you would have to find a REST service you can use to send e-mail and call this using the HTTPClient helper.  That's what your Exchange guy is offering.

There is an E-mail mechanism within the Authentication Service which can be hooked into an authentication policy - that's how we send emails as part of forgotten username or account registration flows for example.  I wonder if you could create a separate authentication policy using that e-mail mechanism and use that as a pseudo e-mail-sending service.... you could then invoke that policy (via HTTPClient helper) from your InfoMap. ??

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Thu April 08, 2021 09:44 AM
From: Troy Burkle
Subject: Sending Email Directly from InfoMap?


All,

I was wondering if it is possible to send an email directly from an infomap?  We make HTTP calls directly from infomaps where we post event logs to a webservice using the httpclient object.  Phil Nye had examples of how to do this in the infomap.  However, I was searching the API and I don't see an equivalent object such as an smtpclient that makes a call to exchange server.  My MS Exchange guy said that there is an EWS (Exchange Web Service) that I could use but not familiar with that.  Wondering if this is possible?

The solution I am trying to solve... There is a new requirement that states if a user gets soft locked (30 minute lock) after 5 incorrect login attempts, an email must be sent to the individual that there ID is locked.  Same thing with a hard lock (permanent lock) after the following 5 incorrect attempts.  I sorta got this working through an authorization policy/mechanism, but it causes new problems using this workflow.  So sending the email directly in the infomap would be optimal.

Version:  ISAM 9.0.7.1

------------------------------
Troy Burkle
------------------------------