IBM Security Verify

In OIDC configuration, I can specify how I want ISAM to behave regarding consents. I have 3 options:

• Always Prompt
• Never Prompt
• Prompt Once and Remember

If I select Prompt Once and Remember, the consent, if given to the Relying Party, will be saved permanently in ISAM for the user.

How can the user list the permits that were issued?
How can the user revoke the consents given?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Hi Joao,

For clients authorized with "prompt once and remember" the information can be seen at:
https://<reverse proxy>/mga/sps/oauth/oauth20/clients

If you connect to this endpoint with a browser you'll get back an HTML template page that shows the clients and a link to revoke each one.
If you connect to this endpoint with a REST client (accept: application/json) then you'll get back a JSON object of the clients.

This endpoint is listed on the OAuth/OIDC endpoints page:
https://www.ibm.com/support/knowledgecenter/SSPREK_10.0.0/com.ibm.isva.doc/config/concept/OAuthEndpoints.htm#oauthendpoints

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Wed October 14, 2020 07:49 AM
From: Joao Goncalves
Subject: OIDC Revoking Permits

In OIDC configuration, I can specify how I want ISAM to behave regarding consents. I have 3 options:

• Always Prompt
• Never Prompt
• Prompt Once and Remember

If I select Prompt Once and Remember, the consent, if given to the Relying Party, will be saved permanently in ISAM for the user.

How can the user list the permits that were issued?
How can the user revoke the consents given?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Thanks Jon.
I knew it was possible, as I saw this before and couldn't remember where.
I also searched in the documentation, although I tried a lot using multiple keywords like "revoke", "remove", but nothing looked suitable.

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: Fri October 16, 2020 01:05 PM
From: Jon Harry
Subject: OIDC Revoking Permits

Hi Joao,

For clients authorized with "prompt once and remember" the information can be seen at:
https://<reverse proxy>/mga/sps/oauth/oauth20/clients

If you connect to this endpoint with a browser you'll get back an HTML template page that shows the clients and a link to revoke each one.
If you connect to this endpoint with a REST client (accept: application/json) then you'll get back a JSON object of the clients.

This endpoint is listed on the OAuth/OIDC endpoints page:
https://www.ibm.com/support/knowledgecenter/SSPREK_10.0.0/com.ibm.isva.doc/config/concept/OAuthEndpoints.htm#oauthendpoints

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed October 14, 2020 07:49 AM
From: Joao Goncalves
Subject: OIDC Revoking Permits

In OIDC configuration, I can specify how I want ISAM to behave regarding consents. I have 3 options:

• Always Prompt
• Never Prompt
• Prompt Once and Remember

If I select Prompt Once and Remember, the consent, if given to the Relying Party, will be saved permanently in ISAM for the user.

How can the user list the permits that were issued?
How can the user revoke the consents given?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------