List of Contributions

Mikael Lindblad

Contact Details

My Content

1 to 20 of 50+ total

RE: inactive timeout and access tokens

Posted By Mikael Lindblad Thu June 15, 2023 03:25 AM
Found In Egroup: IBM Security Verify \ view thread
This part in you blog was interesting, i think this is what we are after. This means that inactivity is important to consider, such that you may have an access token valid for 60 mins, but an inactivity of 10mins. If you would like to modify this dynamically, modify the OAuth response in the Post ...

RE: inactive timeout and access tokens

Posted By Mikael Lindblad Thu June 15, 2023 03:09 AM
Found In Egroup: IBM Security Verify \ view thread
Hello Philip, "Where you are using ISVA Reverse Proxy as the enforcement point, you can have the RP invalidate the Access Token when the inactivity timer fires (session ends). " Does this mean that there is some kind of inactivity timer on the token and if so, is this based on the am_eai_x ...

RE: inactive timeout and access tokens

Posted By Mikael Lindblad Thu June 15, 2023 03:01 AM
Found In Egroup: IBM Security Verify \ view thread
Hello Jack, I was thinking in the same directions at first, but the issue is then that the refresh token is kind of "am_eai_xattr_session_lifetime" so while that one is active you can always get a new access token without needing to authenticate again, which you would need to do in a cookie flow. ...

inactive timeout and access tokens

Posted By Mikael Lindblad Wed June 14, 2023 09:12 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, Do you have any design recommendation on how to solve an inactive timeout with access token. Let's say that you have a token that is valid for 60 minutes, but show be revoked if it has not been used for 5 minutes. Is this possible to solve in a mapping rule? And are there any examples on ...

Bug? OAuth token clean-up

Posted By Mikael Lindblad Wed January 25, 2023 06:44 AM
Found In Egroup: IBM Security Verify \ view thread
I was looking into another issue i found this in the create table script that comes with ISVA, i removed everything except the STATE_ID which cause a problem when i try to follow this guide -> OAuth token clean-up - IBM Documentation CREATE TABLE OAUTH20_TOKEN_CACHE ( STATE_ID VARCHAR2(64) NOT ...

RE: AccessPolicy

Posted By Mikael Lindblad Wed November 16, 2022 08:29 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, I remembered the solution i had to fix the acl so now it works. ------------------------------ Regards Mikael ------------------------------

AccessPolicy

Posted By Mikael Lindblad Mon November 14, 2022 04:54 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, I did something for 5 years ago and trying to implement it in docker containers but i can't get it to work. I have implemented what's described in these two articles with some own customizing's. * https://philipnye.com/2015/02/23/isam-for-mobile-ropc-oauth-username-and-password-validation/ ...

How to ISVA decide if iv-user should be in upper lower case.

Posted By Mikael Lindblad Wed July 27, 2022 04:58 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, I wonder how the iv-user decision to use upper lower case of the user. For example. if a user is provisioned as uid=123L (not writing out the complete dn here) If you login using the standard form based login with 123l the iv-user becomes 123l and the same if you write 123L in the login ...

LMI Breaks after creating csr.

Posted By Mikael Lindblad Tue March 15, 2022 12:28 PM
Found In Egroup: IBM Security Verify \ view thread
Hi, Could someone verify if this is only me who has this issue or if it's a bug. Download isva_10.0.3.1_20220216-2245.iso from Fix Central Install Login and accept the defaults. (no license is required to reproduce this) Go to system->ssl certificates and choose the lmi keystore. ...

RE: DPWIV1061E Could not write to socket - errors

Posted By Mikael Lindblad Fri November 19, 2021 05:47 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, I'm also interested on how to find out the cause for these errors and i have ongoing pmr for this. If you look on coding against a socket it feels like it should be possible to output more information that just an error. https://www.geeksforgeeks.org/socket-programming-cc/ ---------- ...

RE: ISVA act as a idp without userstore?

Posted By Mikael Lindblad Wed October 13, 2021 12:06 PM
Found In Egroup: IBM Security Verify \ view thread
Thanks Piyush, We use it already, i was just wondering if there is some part of isva that does not support it. ------------------------------ Regards Mikael ------------------------------

RE: Machine Learning/AI functionality in ISVA.

Posted By Mikael Lindblad Wed October 13, 2021 12:02 PM
Found In Egroup: IBM Security Verify \ view thread
Thanks for the answer Shane, as you know this is a hot topic right now so that's why i'm asking. ------------------------------ Regards Mikael ------------------------------

ISVA act as a idp without userstore?

Posted By Mikael Lindblad Tue October 12, 2021 12:54 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, Is there some functionality in isva that requires/must have that the user exist in the user store or can you go all in with the external user pattern? ------------------------------ Regards Mikael ------------------------------

Machine Learning/AI functionality in ISVA.

Posted By Mikael Lindblad Tue October 12, 2021 12:49 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, Do ISVA have machine learning capabilities or is it something you look at for future releases. For example it could look at user behavior, traffic patterns and so on. ------------------------------ Regards Mikael ------------------------------

ISAM on Openshift > 4.4.x

Posted By Mikael Lindblad Mon August 17, 2020 06:00 AM
Found In Egroup: IBM Security Verify \ view thread
Hi Jon, When the guys in the Openshift 4.4.x was going to upgrade the clustered it failed due to the security constrains done when installing ISAM. * Is ISAM 9.0.7.1 fp4, OpenShift 4.x compatible ? * Are you planing to release an operator for the next release of isam? ----------- ...

RE: JWT Module issue mode

Posted By Mikael Lindblad Fri August 14, 2020 02:44 AM
Found In Egroup: IBM Security Verify \ view thread
Hi Dries, Thanks for the reply. I solved it in a similar way. I was just hoping in this case that ISAM would follow the rfc so you only code where you need custom stuff. ------------------------------ Regards Mikael ------------------------------

JWT Module issue mode

Posted By Mikael Lindblad Thu August 13, 2020 08:10 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, Regarding the claim aud in the jwt it says in the RFC https://tools.ietf.org/html/rfc7519#section-4.1.3 In the general case, the "aud" value is an array of case-sensitive strings, each containing a StringOrURI value But when you generate the jwt it's always a string. Is there some magic separator ...

Automating Exporting Importing/Updating junction config.

Posted By Mikael Lindblad Mon May 04, 2020 07:48 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, If you export/call the endpoint https://(appliance_hostname)/wga/reverseproxy/(reverseproxy_id)/junctions?junctions_id=(junctions_id) You get a response that look like this. ( "junction_point":"/test", "description":"Test application point of contact", "active_worker_threads":"0", ...

Infrastructure as Code

Posted By Mikael Lindblad Fri January 03, 2020 04:47 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, The trend seems to be IaC, Automation, Ansible and Cloud right now. It would be interesting if anyone in the community has done something in this area around ISAM. The f5 product has the possibility to use a declarative model for managing the software. Is that coming to ISAM? https://w ...

RE: ISAM content aware server responses

Posted By Mikael Lindblad Tue November 19, 2019 10:58 AM
Found In Egroup: IBM Security Verify \ view thread
Have you set the accept: application/json header? ------------------------------ Regards Mikael ------------------------------