List of Contributions

Paul van den Brink

Contact Details

My Content

1 to 20 of 34 total

RE: User Mapping for LMI Certificate authentication

Posted By Paul van den Brink Thu November 02, 2023 12:13 PM
Found In Egroup: IBM Security Verify \ view thread
Hi Shane, I am trying to make this work, but I am bit confused about which "jsrsasign" to download en use in the mapping rule. When I use the latest version "jsrsasign(all) 10.8.6 (2023-04-26)" I get an error message when the mapping rule is hit: ( "exceptionMsg": "ReferenceError: \"navigator\" ...

RE: Issue with SDI after upgrade

Posted By Paul van den Brink Wed November 01, 2023 02:31 AM
Found In Egroup: IBM Security Verify \ view thread
Hi Franz, Thans for taking an interest in this issue. And yes, my thoughts exactly, so I checked connectivity using jXplorer, this worked. The upgrade of SDI also implied an upgrade to JAVA8: C:\Beheer\SDI\IBM\TDI\V7.2\jvm\jre\bin\java.exe -version java version "1.8.0_351" Java(TM) ...

Issue with SDI after upgrade

Posted By Paul van den Brink Tue October 31, 2023 10:37 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, I am using SDI to update accounts in ISVA using the ISAM v2 Connector. Recently I've upgraded SDI on my windows laptop with FP0010 applyUpdates.bat -queryreg Information from .registry file in: C:\Beheer\SDI\IBM\TDI\V7.2 Edition: Identity Level: 7.2.0.10 License: Full Fixes ...

RE: Is it possible to use encoded data in an eai response header?

Posted By Paul van den Brink Wed July 26, 2023 10:31 AM
Found In Egroup: IBM Security Verify \ view thread
Hi Shane, Ah, bullet 2, yes, sps.httpRequestClaims.enabled = true, that does the trick. Thanks!! Regards, Paul van den Brink ------------------------------ Paul van den Brink ------------------------------

RE: Is it possible to use encoded data in an eai response header?

Posted By Paul van den Brink Wed July 26, 2023 06:08 AM
Found In Egroup: IBM Security Verify \ view thread
Hi Shane, I checked with the cred-viewer: Credential Viewer Username: unauthenticated Attribute Name Attribute Value(s) AZN_CRED_AUTH_EPOCH_TIME 1690365354 AZN_CRED_BROWSER_INFO Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 ...

RE: Is it possible to use encoded data in an eai response header?

Posted By Paul van den Brink Wed July 26, 2023 03:46 AM
Found In Egroup: IBM Security Verify \ view thread
Hi Shane, I changed the setting in the WRP config. There is no session_index is the stsuu. Is there another setting involved here? My mapping rule is part of a federation definition with Federation Protocol "OpenID Connect Relying Party" and Role "Relying Party". When I try to access the ...

RE: Is it possible to use encoded data in an eai response header?

Posted By Paul van den Brink Tue July 25, 2023 07:38 AM
Found In Egroup: IBM Security Verify \ view thread
Hi Shane, Thanks for the suggestions. For now I am going with option 1. I am using this for the encoding: var claim_json_e = java.util.Base64.getUrlEncoder().encodeToString(claim_json.getBytes()); stsuu.addAttribute(new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("claim_json", " ...

Is it possible to use encoded data in an eai response header?

Posted By Paul van den Brink Mon July 24, 2023 09:01 AM
Found In Egroup: IBM Security Verify \ view thread
Hi Team, I am using ISVA10.0.4.0 IF1 For my usecase I need to preserve the claim_json. I decided to put it in the credential by putting it in an am-eai-xattrs header called: claim_json I am using this line in my code in my mapping rule: stsuu.addAttribute(new com.tivoli.am.fim.trusts ...

RE: UserLookupHelper gives issues after upgrade to ISVA10.0.4.0 IF1

Posted By Paul van den Brink Tue April 11, 2023 03:39 AM
Found In Egroup: IBM Security Verify \ view thread
Hi David, Yes and no. After the removal of hlpr.shutdown(); the message HPDAA0278E disappeared, but my original issue was still not solved. I received a fixpack which made it possible to make the following calls with Domain: deleteUserWithDomain() createUserWithDomain() getUserByNativeIdWithDomain() ...

RE: isoDateFormat for federation runtime trace.log

Posted By Paul van den Brink Thu January 05, 2023 05:12 AM
Found In Egroup: IBM Security Verify \ view thread
Hi All, This is the answer I received from IBM supprt: The 'isoDateFormat=true' seems to be a wlp server setting so it should be settable. Here is the documentation that details it for Open Liberty: https://openliberty.io/docs/latest/log-trace-configuration.html You could ...

isoDateFormat for federation runtime trace.log

Posted By Paul van den Brink Thu December 22, 2022 02:54 AM
Found In Egroup: IBM Security Verify \ view thread
Hi All, Is there a way to change the date-time format used in the trace.log of the liberty runtime? Maybe in 'System -> Advanced Tuning Parameters' to set the isoDateFormat=true I am running ISVA10.0.3.1 Thanks in advance. Regards, Paul van den Brink ------------------------------ Paul ...

RE: UserLookupHelper gives issues after upgrade to ISVA10.0.4.0 IF1

Posted By Paul van den Brink Thu November 17, 2022 03:54 AM
Found In Egroup: IBM Security Verify \ view thread
Hi All, I had to remove the hlpr.shutdown(); After the introduction it caused the failure of 30% of the calls. All with the following message: [11/17/22, 8:17:44:494 CET] 00074e5a id=00000000 com.ibm.security.access.user.UserLookupHelper I search com.tivoli.pd.rgy.exception.ServerDownRgyException: ...

RE: UserLookupHelper gives issues after upgrade to ISVA10.0.4.0 IF1

Posted By Paul van den Brink Thu November 10, 2022 04:48 AM
Found In Egroup: IBM Security Verify \ view thread
Hi All, I've added hlpr.shutdown(); in every infomap call. This seems to solve the issue I am facing. Regards, Paul van den Brink ------------------------------ Paul van den Brink ------------------------------

UserLookupHelper gives issues after upgrade to ISVA10.0.4.0 IF1

Posted By Paul van den Brink Wed November 09, 2022 05:13 AM
Found In Egroup: IBM Security Verify \ view thread
Hi All, I recently upgraded my appliance from ISVA10.0.3.1 to ISVA10.0.4.0 IF1. After this upgrade I experience issues with the UserLookupHelper. I am using the following function to initialize the UserLookupHelper function initUserLookupHelper(mgmtDomain) ( var fn = "initUserLookupHelper()"; ...

RE: Open ID Connect Relying Party with external user

Posted By Paul van den Brink Mon August 22, 2022 04:42 AM
Found In Egroup: IBM Security Verify \ view thread
Hi Matt, Thanks for pointing me in this direction. I have it working now in my dev box. These are the steps I followed: 1 change the default Point of Contact "Access Manager Username and extended attributes" to also prove a header for the groups fim.groups.response.header.name am-eai-user-groups ...

RE: Open ID Connect Relying Party with external user

Posted By Paul van den Brink Thu August 18, 2022 08:36 AM
Found In Egroup: IBM Security Verify \ view thread
Hi Scott, Good to know that there is an option. I was actually seeking for functionality in the Federation component because I wanted to use a mapping rule to enrich the credential with information from an other external source. Regards, Paul van den Brink ------------------------------ Paul ...

Open ID Connect Relying Party with external user

Posted By Paul van den Brink Thu August 18, 2022 02:14 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, I want to setup an oidc-rp without the need to register all the users. Does someone know if it is possible to treat the users (the sub in the id_token) as external users? I am running ISVA10.0.3.1 Any hint is much appreciated. Regards, Paul van den Brink ------------------------------ ...

RE: ISVA Runtime trace.log and message.log

Posted By Paul van den Brink Mon August 15, 2022 04:21 AM
Found In Egroup: IBM Security Verify \ view thread
Hi Shane, You are my hero! I've added your suggestion to my trace settings: org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor=WARNING This cleaned-up the trace.log The message still appears in the message.log, which is kinda expected, I'll create a case with support for this. ...

RE: ISAM Credential for External Users using Infomap

Posted By Paul van den Brink Wed August 10, 2022 08:14 AM
Found In Egroup: IBM Security Verify \ view thread
Hi Vamsi, I am using the follwing template page to do what Jon Harry suggested. In my case only two macros are set by the infomap, but the possibilities are endless. The group needs to exist in the registry and is defined in the ACL I am using. Hope this helps. Regards, Paul van den ...

ISVA Runtime trace.log and message.log

Posted By Paul van den Brink Wed August 10, 2022 07:59 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, In the trace.log and the message.log I see the following message being logged: [8/10/22, 9:40:27:886 CEST] 0000180c id=00000000 .apache.cxf.binding.soap.interceptor.SoapActionInInterceptor I boi = [BindingOperationInfo: (http://docs.oasis-open.org/ws-sx/ws-trust/200512)RequestSecurityTokenCollection] ...