IBM Security Verify

 View Only

Creating ISVA registry users from mapping rule for dynamic client registrations

  • 1.  Creating ISVA registry users from mapping rule for dynamic client registrations

    InnerCircle
    Posted Tue August 23, 2022 04:53 PM
    I haven't even checked the classes yet, but does anyone know off hand if we can create an ISVA registry user within the pre-mapping rule for an API definition?

    What I am wanting to accomplish is creating a user ID for the client registrations that come in for mTLS authenticated (RFC8705) clients.  WebSEAL needs to have a valid user tied to the cert to authenticate the cert for an mTLS client, so what I am hoping to do is create that user based on the dynamic client registration.  Our DCR process is locked down so that only specific users/clients can use it, so we don't have to worry about the service being abused and creating bogus users.  Likewise, we'd need to remove the user when the registration was removed.

    Has anyone done anything like this, or is it possible to even create and delete a user from the pre-token mapping rule?

    What we are trying to avoid is having developers have to come to a separate team to register their mTLS certs as users.  It is causing a lot of confusion because they expect the client registration process would be all they require (as I said this has approvals in front of it, so only our systems can register, but still the user create process is a totally separate workflow at the moment).

    Thanks for any thoughts on this!

    ------------------------------
    Matt Jenkins
    ------------------------------