Articles

The history of support for OpenID Connect in ISAM

Share this post:

The history of support for OpenID Connect in ISAM

Security Access Manager added support for OpenID Connect as a identity provider and as a relying party in version 9.0. These capabilities were introduced as part of the federation offering which was also added in version 9.0.

This OpenID connect solution was capable of satisfying the browser single sign on aspects of OpenID connect, however there were documented limitations with the solution.

In December 2017 version 9.0.4.0 was released, which brought a significant iteration on the OpenID Connect solution. This enhancement came in the form of the API protection features of ISAM having OpenID Connect capabilities added, making the feature a super set of both API protection and the existing OIDC federation offering. A new relying party was also written. In this release most of the known limitations were addressed.

 

The Federations UI in version 9.0.4.0 onwards. Identifying the legacy solution and indicating to the new provider should be used.

When the move to the new OpenID Connect implementation was undertaken, the API protection features were added to federation, such that only either one of the two advanced access control or federation offerings needed to be activated in order to make use of the OpenID Connect provider features. The new relying party remained as part of the federation offering. The version of OpenID Connect initially added in 9.0 was updated to be identified as ‘Legacy’ in both documentation and the user interface of the product.

The updated API protection definition creation panel, including the options for OpenID Connect

In version 9.0.5.0, some new features were added to the OpenID Connect provider, most significantly of these being dynamic client registration, something I’ve written about earlier. Dynamic client registration was the last outstanding issue on the list of documented limitations.

You can find the technote which covers each of the topics and how they’re addressed in here.

In its current form the OpenID Connect services provided by ISAM are key to achieving OpenBanking and PSD2 scenarios, bridging to SaaS services and to secure IoT and mobile channels.  Further refinements to the ISAM OpenID Connect provider are ongoing.

 

Click here to rate this article

Rate this article :

Software Engineer - IBM Security Access Manager

More Articles stories
By Carsten Hagemann on June 20, 2022

Getting started with the IBM Verify SDK

The IBM Verify SDK is a library available for Android and iOS and provide classes to create rich native client mobile applications that interact with IBM Security Verify and IBM Security Verify Access, so that enterprises can easily integrate flexible and intelligent multi-factor authentication into their applications. Multi-factor authentiation (MFA) verifies an indiviual’s identity by […]

Continue reading

By Martin Schmidt on July 11, 2019

Modernizing your B2C Portal Security – LDAP Proxy Deep Dive

In this part of our series we are taking a deeper look on how the LDAP reverse proxy works and what is needed to be done to make it work. Enable CI In this part we look at what needs to be done on the CI side and what information needs to be collected. We […]

Continue reading

By Martin Schmidt on May 4, 2019

Modernizing your B2C Portal Security – Desired End State

Proposition: As we have seen in part one of this series, managing customer identities for a portal can be a challenge and distraction for the business.  In this part of the series we will outline how a modernized solution for a portal security can simplify operations and free your team up to focus on the […]

Continue reading