Using Federated-SSO Access Policies for Conditional Two-Factor Authentication

In the ongoing effort for digital enterprises to reduce online identity fraud, two-factor authentication (2FA) of end users is becoming mainstream. Two-factor authentication can be achieved using a wide variety of methods, such as (but not limited to): Using a verified email address or phone number to deliver and validate a one-time password Using a […]

Continue reading

Running ISAM on IBM Cloud

ISAM 9.0.4, released in December 2017 introduces several new capabilities for ISAM customers. One of these is the ability to run ISAM in containerized environments using Docker.   This article is all about showing you how to get IBM Security Access Manager (ISAM) running on a small Kubernetes cluster on IBM Cloud. With a bit of […]

Continue reading

Some more Infomap examples

Earlier this year I posted about a feature introduced in ISAM 9.0.2 called the Infomap authentication mechanism: An Introduction to the InfoMap Authentication Mechanism in ISAM 9.0.2 This post is a quick plug for another article on the same topic – this time using Infomap to achieve social login for Facebook, LinkedIn and Instagram on […]

Continue reading

Linking Client Certificates to an ISAM Account

As a part of my job I am frequently contacted by technologists that use IBM Security Access Manager (ISAM) trying to build a solution for identity and access management scenarios. In fact, it’s one of the fun parts of what I do – it gives me a chance to problem solve and dabble with one of […]

Continue reading

Announcing ISAM 9.0.2.1 and the IBM Verify Cookbook

One of the interesting and advanced new features of ISAM 9.0.2.1 is mobile multi-factor authentication. This technology allows you to perform step-up authentication (or in fact direct login) using an application on you mobile, known as IBM Verify, which can prompt for user-presence or fingerprint authentication. A few of us here at IBM have been […]

Continue reading

An Introduction to the InfoMap Authentication Mechanism in ISAM 9.0.2

For some time now the IBM Security Access Manager (ISAM) appliance has offered a pluggable authentication service in it’s Advanced Access Control (AAC) module. This authentication service is really just an advanced form (or framework) of External Authentication Interface (EAI) application for the ISAM WebSEAL reverse proxy, allowing you to programmatically interact with a user-agent […]

Continue reading

ISAM 9.0.2: The JWT STS Module and Junction SSO to WebSphere Liberty

Today we at IBM have released the latest version of IBM Security Access Manager – ISAM 9.0.2. This release has several new and improved capabilities, particularly in the space of mobile multi-factor authentication, however in this particular article I plan to discuss a new Security Token Service module that supports the generation and validation of […]

Continue reading

Using Custom Access Tokens in the ISAM OAuth Server

ISAM has provided a general-purpose OAuth 2.0 server since version 8 of the ISAM appliance (and earlier than that in Tivoli Federated Identity Manager). In that OAuth server implementation, access tokens are generated as random-value strings (pass-by-reference), and are completely opaque to both clients and resource servers. Resource servers must call the ISAM STS to perform access […]

Continue reading

My first Docker and IBM Containers Experience

Like most technical experimenters, from time to time I want a simple lightweight internet-facing linux box to test things from. There are lots of ways to get one of these, but in this case I also wanted to experiment with Docker, and IBM Containers on Bluemix, so decided to combine the goals into a self-education […]

Continue reading