List of Contributions

Pierre Passin

Contact Details

My Content

1 to 10 of 10 total

RE: Knowledge question issue in implementation

Posted By Pierre Passin Sat January 12, 2019 05:11 AM
Found In Egroup: IBM Security Verify \ view thread
Hi, Since this is just using the native authentication mechanisms and REST APIs available for Knowledge Questions. I guess there should be others getting this issue? At least 9.0.5 has this issue. Anyone who can shed light to this? Or at least encountered it but found a workaround? ------------------------------ ...

RE: U2F Register and Authenticate Policy

Posted By Pierre Passin Mon October 29, 2018 04:52 AM
Found In Egroup: IBM Security Verify \ view thread
@Shane Weeden​ So right now registration of push notification/totp/u2f is centrally managed by a web application that does REST calls to AAC instead of using the default template pages of AAC. If we do u2f via this route it gets registered under that specific hostname alone. It was originally hoped ...

RE: U2F Register and Authenticate Policy

Posted By Pierre Passin Thu October 25, 2018 04:45 AM
Found In Egroup: IBM Security Verify \ view thread
@Shane Weeden​ ISAM doesn't support U2F's Multi-facet AppId? Seems that u2f should be able to specify a trusted list of facets (hostnames) within a json file. -- https://developers.yubico.com/U2F/App_ID.html ------------------------------ Pierre Passin ------------------------------

RE: Native ISAM TOTP Not working when SPNEGO Desktop SSO is turned on

Posted By Pierre Passin Thu October 18, 2018 09:44 PM
Found In Egroup: IBM Security Verify \ view thread
Exactly the issue. As a workaround we just did a trigger on the DB to force it to lowercase then at the AAC policy level set userid to lowercase before totp gets invoked. ------------------------------ Pierre Passin ------------------------------

RE: Native ISAM TOTP Not working when SPNEGO Desktop SSO is turned on

Posted By Pierre Passin Thu October 18, 2018 12:01 AM
Found In Egroup: IBM Security Verify \ view thread
nevermind. forms auth sends to AAC whatever is placed in the forms (whether lowercase/all caps). Users place lowercaps on their usernames most of the time. The DB has usernames all in lowercase. While kerb, relies on AD's sAMAccountName that's all upper case thus DB call fails. We'll just adjust ...

RE: Native ISAM TOTP Not working when SPNEGO Desktop SSO is turned on

Posted By Pierre Passin Wed October 17, 2018 11:08 AM
Found In Egroup: IBM Security Verify \ view thread
We got to compare the decoded iv-creds username value between the request from webseal to aac of the forms auth vs kerb auth. forms auth has the full DN while kerberos only has the CN. is there a way to make webseal send the same when doing kerb? @Jon harry​ ------------------------------ Pierre ...

Native ISAM TOTP Not working when SPNEGO Desktop SSO is turned on

Posted By Pierre Passin Wed October 17, 2018 04:43 AM
Found In Egroup: IBM Security Verify \ view thread
We're using version 9.0.5 for this and we notice that we're getting a ton of reports from our users getting " FBTOTP330E Unable to locate the HMAC secret key" after entering their OTP. So you'd think that from the error that the secret key from the DB somehow got deleted but no, it's there. This ...

RE: WebSocket

Posted By Pierre Passin Wed September 19, 2018 09:52 PM
Found In Egroup: IBM Security Verify \ view thread
Interesting. However, we're using completely trusted certificates. Checked our devices and root certificate is there. Also we can see that the web socket connection reaches webseal from request.log and pdweb.debug and even reaches AAC. thread(44) trace.pdweb.debug:2 /home/webseal/20180530-230 ...

RE: WebSocket

Posted By Pierre Passin Tue September 18, 2018 11:14 PM
Found In Egroup: IBM Security Verify \ view thread
Yes, FP 5 I meant FP5 of ISAM 9.0. We've opened a case TS001374326 2 days ago. And yes, we've tested the same iPhones and iPads on verify.securitypoc.com which worked. We figured that verify.securitypoc.com either is not on 9.0.5 or it is but is beefed up with different kinds of fixes. ----- ...

RE: WebSocket

Posted By Pierre Passin Mon September 17, 2018 02:56 AM
Found In Egroup: IBM Security Verify \ view thread
Hey Nick and Jon, We just upgraded to FP5 and the strangest thing is, websocket isn't working on iPAD and Iphone devices. WE get this in the trace logs: [9/17/18 9:13:40:395 MYT] 00005718 id= i.am.fim.war.runtime.liberty.websocket.MmfaWebSocketEndpoint 1 onClose Reason phrase: 'Connection ...