List of Contributions

Sylvain Gilbert

Contact Details

My Content

1 to 20 of 50+ total
Posted By Sylvain Gilbert Mon May 29, 2023 10:41 AM
Found In Egroup: IBM Security Verify
\ view thread
Hello Verify Access community. We are looking for a way of identifying (from an InfoMap perspective) the HTTP method (GET/POST/HEAD…) of the ISAM Authentication Service URL the user hits. We would like to adjust the behavior of one InfoMap based on the type of HTTP Method received. If we can't ...
Posted By Sylvain Gilbert Thu May 11, 2023 05:32 PM
Found In Egroup: IBM Security Verify
\ view thread
Hello community. Received indication there is likely chance to have a APAR fix for this behavior in next firmware release (10.0.6.0). Cheers ------------------------------ Sylvain Gilbert ------------------------------
Posted By Sylvain Gilbert Fri May 05, 2023 08:27 AM
Found In Egroup: IBM Security Verify
\ view thread
Hi Jacques Without responding directly to your request (locating sample curl collections), here (https://github.com/IBM-Security/ibmsecurity) you can find how the IBM-Security open source project performs in Python all RESTful API calls for managing ISVA appliances (and more, such as ISDS appliances ...
Posted By Sylvain Gilbert Thu March 23, 2023 07:06 PM
Found In Egroup: IBM Security Verify
\ view thread
G'day! In ISVA LMI 10.0.1.0, the OOTB SMTP Server Connection Tuning configuration panel exposes the following fields: · Connection Timeout (seconds) · Max idle time (seconds) · Max pool size Applying some non-empty values in all 3 field yields a odd behavior: only the Connection ...
Posted By Sylvain Gilbert Sat November 19, 2022 12:11 PM
Found In Egroup: IBM Security Verify
\ view thread
In a recent opened (but now closed) case, IBM Support Guru Nick Lloyd has mentioned to us that the HVDB tuning isam_cluster.hvdb.connectionManager.enableSharingForDirectLookups = False would be beneficial because it was found to be better performing in general (default value is true). Now that this ...
Posted By Sylvain Gilbert Mon October 31, 2022 09:02 PM
Found In Egroup: IBM Security Verify
\ view thread
Hi Soum So we know the metric unit is CPU time in "second" but what about its scale ? Is it really seconds, milli-seconds ou micro-seconds ? I'm starting to think that it cannot be 4-6 seconds of GC time on each run. How can we be sure about it ? ------------------------------ Sylvain Gilbert ...
Posted By Sylvain Gilbert Sun October 30, 2022 11:41 AM
Found In Egroup: IBM Security Verify
\ view thread
AAC Runtime JVM Garbage Collection Hi Community Here is a haunting topic for Halloween... When the monitoring is activated on the AAC Runtime, one can extract various performance metrics from the underlying JVM runtime. For reference go to this great 2018 blog post http ...
Posted By Sylvain Gilbert Fri September 30, 2022 12:52 PM
Found In Egroup: IBM Security Verify
\ view thread
Hi The case open with IBM led to the resolution. I needed to add "" around the URL in the case of the HTTP GET and DELETE because the "&" broke the URL line in my shell when testing with curl. Here are the adjusted URLs now returning the expected results: curl -k --user admin:password ...
Posted By Sylvain Gilbert Thu September 29, 2022 06:20 PM
Found In Egroup: IBM Security Verify
\ view thread
Hi Following your suggestion, I have opened a case to clear out the ambiguity and hopefully as a result obtain improved RESTAPI endpoint implementations, or improved documentation. Thanks ------------------------------ Sylvain Gilbert ------------------------------
Posted By Sylvain Gilbert Wed September 21, 2022 12:09 PM
Found In Egroup: IBM Security Verify
\ view thread
Hi I am doing my first baby steps with the IBM Security Verify Governance Management VA RESTAPI (10.0.1.0), and I am encountering 2 odd behaviors: a) Trying to fetch the value of a specific property but obtaining the full list of all properties/values instead for the given property file ...
Posted By Sylvain Gilbert Mon May 09, 2022 10:45 AM
Found In Egroup: IBM Security Verify
\ view thread
Hi Timothy It is only now that I realize that this thread is about the IBM Security Verify SaaS offering. My reply was about the IBM Security Verify Access Appliance offering. Would be interested to find out from the vendor if the Appliance feature "Enable multiple refresh tokens for fault ...
Posted By Sylvain Gilbert Mon May 09, 2022 10:14 AM
Found In Egroup: IBM Security Verify
\ view thread
Hi Does anyone of you reporting the behavior make use of the feature "Enable multiple refresh tokens for fault tolerance" referred here ? https://www.ibm.com/docs/en/sva/10.0.1?topic=protection-api-token-management-properties#api_prot_token_mgmt_props Specifies how refresh tokens are handled. ...
Posted By Sylvain Gilbert Thu April 21, 2022 08:22 AM
Found In Egroup: IBM Security Verify
\ view thread
Hi Jon It just took me 3 years to get the nuance behind your statement: "You don't get any session cookie until you hit a protected object". Yes, you are right (of course), I am not receiving any session PD_x_SESSION_ID cookie in response for unprotected object. Now my question ...
Posted By Sylvain Gilbert Thu March 24, 2022 05:49 PM
Found In Egroup: IBM Security Verify
\ view thread
Hi Here is an interesting technote from IBM support about how lifetime expiration is actually processed: https://www.ibm.com/support/pages/inactive-timeouttimeout-delay-websealdconf-will-have-some-delay-taking-effect Now the question is: did the proposed setting [session] max-timeout-flush-interval ...
Posted By Sylvain Gilbert Tue March 22, 2022 08:42 PM
Found In Egroup: IBM Security Verify
\ view thread
To end the discussion, one last question on this topic. Do the pdweb sescache metrics report only events for authenticated sessions, or both unauth and authenticated session ? You can assume that a single session cache is configured. ------------------------------ Sylvain Gilbert ----------- ...
Posted By Sylvain Gilbert Tue March 22, 2022 05:04 PM
Found In Egroup: IBM Security Verify
\ view thread
Thanks for the quick response. May I ask why we would not include LRU in the proposed computation ? The answer would help us have a more holistic view on all session cache counters. ------------------------------ Sylvain Gilbert ------------------------------
Posted By Sylvain Gilbert Tue March 22, 2022 02:32 PM
Found In Egroup: IBM Security Verify
\ view thread
Hi Use Case : providing visibility over current total number of pdweb valid session. If one wants to display the current count of valid pdweb session, can we assume that simply computing the difference between pdweb.sescache 'add' and 'del' counter would do the trick and provide accurate enough ...
Posted By Sylvain Gilbert Tue March 08, 2022 03:42 PM
Found In Egroup: IBM Security Verify
\ view thread
We have a chain of Authentication Policy. The InfoMap is first ran and URI encodes any returned credential attributes to WebSEAL. That is working fine a stated a while back. Later, a second authentication mechanism is involved (ibm mac-otp), and upon completion of that authentication challenge ...
Posted By Sylvain Gilbert Mon March 07, 2022 08:01 PM
Found In Egroup: IBM Security Verify
\ view thread
Scott, As you stated elsewhere, the pdweb.wan.cache trace (once activated) indicated that the resource could not be saved in webseal content cache because the junction serving the content is likely configured to supply some type of identity header. In this circumstances, caching is disabled. ...
Posted By Sylvain Gilbert Fri March 04, 2022 07:27 PM
Found In Egroup: IBM Security Verify
\ view thread
Hi Our hope is to offload Liberty Runtime from serving static content most of the time. We are trying to have WebSEAL content-cache capability store in memory cache static content for an InfoMap deployed on Liberty Runtime behind a junction (such as /mga/sps/static/IBMSecurityLogo.gif). ...