my posts

    I keep this blog to write down stuff I ran into along the way.

    Using the WebSEAL jwt junction to an Open Liberty application in a Container

    This is an overview of some of the options that exist in Open Liberty to consume jwt tokens generated by WebSEAL. It is largely based on the blog post by Shane Weeden (https://community.ibm.com/community/user/security/blogs/shane-weeden1/2016/11/11/isam-902-the-jwt-sts-module-and-junction-sso-to-we), but extended to use the newer capabilities of WebSEAL.

    Read more ...

    Ansible check if a file exists in when statement

    In Ansible, if you have playbooks with variables that are filenames, and that should point to actual files, it’s sometimes necessary to make sure the file exists before continuing.

    Read more ...

    Redis Sentinel for ISVA WebSEAL

    Redis is a key-value in-memory database (Redis.io). You can use Redis since version 10.0.1 in IBM Verify Access Manager as an alternative to the DSC (Distributed Session Cache) in WebSEAL and also in the Federation component as a replacement for the HVDB in some situations. Although it’s not possible yet to store everything in Redis , I think this will be definitely the case in the future!

    Read more ...

    String formatting in Ansible

    This post is about configuring ISAM WebSeal using the IBM Security Ansible Collection https://github.com/IBM-Security/isam-ansible-collection, but it is valid for any string related operation in Ansible yaml files. There are different moving parts in play that impact how your strings will be rendered, and I try to clear that up a bit here.
    It can be a Python, Yaml or Jinja syntax thing.

    Read more ...

    HCL Domino mail export using iNotes

    Since I don’t have a Notes client anymore, I needed a different approach to export some mails from a Domino server.

    Read more ...

    Publishing Jekyll website using Github Actions

    I tend to suffer from the “if you have a hammer, everything starts to look like a nail” syndrome. So I started off with an Ansible deployment for this blog site.

    Read more ...

    Ansible Execution Environment for the IBM ISVA Ansible collection

    In Ansible Automation Platform 2.0 (the new version of Ansible Tower), there’s changes in how you work with custom environments. Instead of creating Python virtual environments, Automation Platform works with “ansible execution environments”.

    Read more ...

    Ansible Collection for Pleasant password retrieval

    Recently I came across Pleasant Password Server in use as a PAM (Privileged Access Management) solution. https://pleasantpasswords.com/info/pleasant-password-server.
    I needed to integrate it with the Ansible playbooks I was using to deploy and configure IBM Verify Security Access Manager. Unfortunately, there was no Ansible plugin available for use as there are for CyberArk or Thycotic or …, so I created one myself.

    Read more ...

    Change ISVA admin password using BeyondTrust BeyondInsight PAM

    Here’s an example on how to change the ISVA/ISAM admin@local password using BeyondTrust’s BeyondInsight PAM (Privileged Access Manager) tool:

    Read more ...

    Jekyll is dead

    So I’m in the process of migrating my HCL Domino based blog to Jekyll, but apparently it’s been dead for a while already .

    Read more ...

    IBM Security Verify Access monitoring and alerting with Zabbix

    This is a “How-to” on using the opensource Zabbix monitoring tool for monitoring IBM Security Verify Access appliances. This document includes instructions to install Zabbix on your own machine, and Ansible playbooks to configure both Zabbix and an IBM ISVA Appliance.

    Read more ...

    Binance referal code

    Use this referal code to get 10% off on crypto orders, on binance.

    Read more ...
    Share on: