IBM Security Verify

 View Only

  • 1.  Changing url in ISAM IGI integration

    Posted Tue July 14, 2020 09:22 AM

    Hello,

     

    I have made the ISAM – IGI integration as instructed in "IBM SECURITY ACCESS MANAGER 9.0 AND IBM SECURITY IDENTITY GOVERNANCE AND INTELLIGENCE 5.2 - Integration CookBook" and everything worked fine.

    But, my customer has some restrictions on his production environment and he would like to change the url used to call the IGI "https://reverseProxy/ideas" into "https://reverseProxy/".

    I managed to change "/ideas" into something else manipulating the "HTTP transformation" rules, but I was not able to make the url "https://reverseProxy/".

    Does anybody know how to turn the path "/ideas" into "/" ?

    Thanks in Advance,
    Rogerio Sachett,
    QRIAR Cybersecurity.



    ------------------------------
    Rogerio Sachett
    ------------------------------


  • 2.  RE: Changing url in ISAM IGI integration

    Posted Wed July 15, 2020 03:46 AM
    Edited by Gianluca Gargaro Wed July 15, 2020 03:46 AM
    Hello Rogerio

    the main problem is that /ideas is a transparenth path junction , so only if WebSeal receives a request to /ideas forwards it to the IGI service desk . Now what you may eventually do is to extend the transformation rule so that when WebSeal receives a request for / it redirects to /ideas.. more or less you can change the login_control.xslt adding the following test node


    <xsl:when test="node()='/'"> <HTTPResponseChange action="replace">

    <Version>HTTP/1.1</Version> <StatusCode>302</StatusCode>
    <Header name="location" action="add">    https://webseal900-

    salinas.usa.north.america.sup/ideas/desk?realm=IDEAS</Header> <Body>%3Chtml%3E%3C%2Fhtml%3E</Body>

    </HTTPResponseChange>
    </xsl:when>



    ------------------------------
    Gianluca Gargaro
    IBM
    Roma
    ------------------------------

    Original Message


  • 3.  RE: Changing url in ISAM IGI integration

    Posted Wed July 15, 2020 05:29 PM

    Hello Gianluca,

    Thanks for your answer.
    I added the transformation that you described before and it is working now.
    But I had to make one additional step: attach the POP "isig-login-pop" to the Object "/WebSEAL/myReverseProxy" instead of "/WebSEAL/myReverseProxy/ideas".
    In this way, when I call in my browser "https://reverseProxy/", the transformation rules are processed, and the connection redirected to the IGI server.
    It also keeps working when calling "https://reverseProxy/ideas".

    Thank you,
    Rogerio Sachett,
    QRIAR Cybersecurity.



    ------------------------------
    Rogerio Sachett
    ------------------------------

    Original Message