ISAM

Introduction to QRadar Log Management for WebSEAL Administrators

  My Introduction to QRadar Log Management for WebSEAL Administrators I’ve been working with IBM Security Access Manager for Web, aka WebSEAL, for a very long time now. Most recently I’ve been responsible for deploying and using our WebSEAL technology, in the appliance form called ISAM for Web, as part of IBM’s Platform-as-a-Service offering known […]

Continue reading

SSO Assertion including runtime attributes

In this article I will describe a technique with Tivoli Federated Identity Manager for including attributes in an single sign-on (SSO) assertion that come from a business application at runtime. This example will be in the context of IDP-initiated SAML 1.1 SSO using WebSEAL as the point of contact but the pattern is not restricted […]

Continue reading

Follow the conversation


SSO to Office365

I’ve received several enquiries lately about performing single sign-on (SSO) from on-premise environments, typically intranets or extranets, to Office 365 software-as-a-service (SaaS) subscriptions. Microsoft’s documentation, specifically for directory integration with Office 365 is targeted at customers that utilize Active Directory (AD) in-house and guidance is provided for provisioning users to Office 365 from AD using […]

Continue reading

OAuth 2.0 Musings

My inbox ran hot today with both IBM employees and external contacts asking me for my opinion on a rather scathing article about OAuth 2.0 from former editor Eran Hammer-Lahav. First my disclaimers. I am an architect and senior developer for a product in IBM (Tivoli Federated Identity Manager – aka TFIM) which implements OAuth […]

Continue reading

Mobile Demonstration – Under the Hood

TFIM OAuth Mobile Demonstration – Under the hood In my previous article I presented a demonstration of a mobile application retrieving a protected resource (a set of user profile attributes) from a website using OAuth 2.0. In this article I’ll explain the rationale for using OAuth 2.0, show you the exact message transactions used by […]

Continue reading

Mobile OAuth Application Demonstration

This article includes a demonstration video of the TFIM Mobile Demonstration application using OAuth. To set the scene, a mobile phone application wants access to protected information (or an API) about you that you manage on a third party website (the OAuth service provider). You wish to grant the mobile application read-only access to that […]

Continue reading

Using CURL to send requests to the TFIM Security Token Service

When developing a particular integration or identity mediation which utilizes the Tivoli Federated Identity Manager Security Token Service (TFIM STS), I often test the configured trust chains using a command line driven RequestSecurityToken message with the curl utility. The purpose of this blog entry is to show you how to do the same thing, assuming […]

Continue reading

Advanced TAM Authorization Rules

I was recently involved in an engagement where I was required to re-visit the topic of Tivoli Access Manager authorization rules. For the un-initiated, authorization rules are a form of policy template (just like ACL’s and POP’s) that can be used in Tivoli Access Manager to define an authorization requirement on a protected object (e.g. […]

Continue reading

Using Datapower as a WebSEAL EAI

Not too long ago I wrote a developerworks article on Using Tivoli Access Manager for eBusiness WebSEAL without a user registry. In the article I provided a working Java Servlet which acts as a WebSEAL Enhanced Authentication Interface (EAI) application. The servlet leverages Tivoli Federated Identity Manager (TFIM) to build a Tivoli Access Manager (TAM) […]

Continue reading