Hi Jon,
Thank you for the announcement.
We just installed 10.0.2 in our development environment, and we noticed a behavior change that does not seem documented.
In some of our InfoMap Authentication mecanisms we are using:
success.endPolicyWithoutCredential();
Until 10.0.2, AAC was returning HTTP 200 even when calling the endPolicyWithoutCredential.
In 10.0.2 AAC is returning HTTP 400 when there is a call to endPolicyWithoutCredential.
I understand the logic behind this change, but as I am unable to find any documentation about this, I wanted to confirm it with you.
Are you (or one of your colleageas) able to confirm that you have "fixed" this behavior in 10.0.2 , by making ISVA return HTTP 400 in this cases ?
Thank you
------------------------------
André Leruitte
------------------------------
Original Message:
Sent: Wed July 14, 2021 12:48 PM
From: Jon Harry
Subject: Verify Access v10.0.2.0 released
Hi All,
Just a quick post to make sure everyone is aware that IBM Security Verify Access v10.0.2.0 was released at the end of June.
This support note describes the highlights of the v10.0.2.0 release:
https://www.ibm.com/support/pages/node/6470203
The IBM Documentation for the v10.0.2.0 release is here:
https://www.ibm.com/docs/en/sva/10.0.2
If you have Verify Access deployed in containers (or you're thinking about it), you might be interested that there are now "lightweight" versions of the Reverse Proxy, Runtime, and DSC containers which start more quickly, use less resources, and can run with little or no privileges. I've updated my "container deployment" assets to use these new containers. You'll find my assets on GitHub here:
https://github.com/iamexploring/container-deployment
The README.md of the repo includes instructions on using the assets for docker, docker compose, Kubernetes, Helm, OpenShift 3.x, and OpenShift 4.x. There's also a link there to an updated docker and docker compose cookbook.
One last thing: Verify Access customers are now also entitled to use the IBM Application Gateway. It's a super-lightweight version of our Reverse Proxy that can bridge between an OIDC Provider and applications that don't support federation protocols. If you're interested, check that out here:
https://docs.verify.ibm.com/gateway/docs
OK, I think that's enough links for now. Thanks for reading.
Cheers... Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------