Age-based login

View Only

Expand all | Collapse all

1. Age-based login

0 Like
Claudio Laganà
Posted Wed November 11, 2020 10:44 AM
Edited by Claudio Laganà Wed November 11, 2020 11:30 AM

Reply
Hello to all,
I was asked to modify an ISAM login page where adult users can access only with a federation, while underage users can access via the classic username / password method.
On the LDAP branch of the organization, the entries have valued the date of birth and I would like in some way to check this value with ISAM in order to allow access if authorized or to be rejected on the other authentication method available.
Which solution approach would you recommend?
Do you have any examples from which I can draw inspiration?

PS: The infrastructure has ISAM 9.0.5 on Docker and the AAC modules are available.

Thanks a lot,
Claudio

------------------------------
Claudio Laganà
------------------------------
2. RE: Age-based login

0 Like
Jon Harry
Posted Wed November 11, 2020 12:23 PM

Reply
Hi Claudio,

To have logic which looks into LDAP and makes decisions about how to authenticate, you will need to use the AAC Authentication Service to control the login flow.

If all users have an entry in the local LDAP (with DoB recorded), you would probably have an initial login page which requests the username. This would then be used in a JavaScript authentication mechanism to perform a lookup in LDAP (using UserLookup Helper) to get the users DoB attribute. If the DoB indicates that the user is an adult, you would "abort" the local login flow and return a page which triggers redirect to the federation flow. If the DoB indicates that the user is underage, you would take them to a page requesting their password so you could perform a local login.

If you also need to validate DoB after federation (to ensure only adult accounts are given access by federation) then you could add this check into the federation mapping rule and reject user that are underage.

This blog on "branching AAC policies" (a version which will work with ISAM 9.0.5) provides some introduction to coding authentication policies with conditional logic:
https://www.ibm.com/blogs/sweeden/branching-authentication-policy-isam-advanced-access-control/

Have a look at these presentations on Security Learning Academy too:
https://www.securitylearningacademy.com/course/view.php?id=3910
https://www.securitylearningacademy.com/enrol/index.php?id=2142

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message
3. RE: Age-based login

0 Like
Yvonne McGinnis
Posted Tue December 01, 2020 03:01 PM

Reply
If anyone from this group sends me A link to a Webinar/video, please document your record that I'm on CST. You can send me a link to an archived version. Thanks!

Yvonne

------------------------------
Yvonne R. McGinnis
DevOps (hopeful), Systems Administration
Obama Foundation, Chicago
Chicago Cato, Illinois
773-886-5579
------------------------------

Original Message

IBM Security Verify

Age-based login

Claudio LaganàWed November 11, 2020 10:44 AM

Jon HarryWed November 11, 2020 12:23 PM

Yvonne McGinnisTue December 01, 2020 03:01 PM

1. Age-based login

2. RE: Age-based login

3. RE: Age-based login