my posts

    I keep this blog to write down stuff I ran into along the way.

    content-security-policy with nonce in ISAM/ISVA for junction cookie

    UPDATE 27/4/2022 : CSP is greatly enhanced in the upcoming 10.0.4 release, so doing this yourself will no longer be necessary.

    Read more ...

    JSON.stringify in ISAM

    When using JSON.stringify, I get a lot these errors:

    Caused by: org.mozilla.javascript.EvaluatorException: Access to Java class "java.lang.reflect.Constructor" is prohibited
    
    Read more ...

    Fedora 31 and Notes Client

    My Notes client failed to start on my new Fedora Linux with an error

    Read more ...

    Do not use LACP Bonding on the management interface in ISAM

    The isam appliances allow you to use bonding or network aggregation. (https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.0/com.ibm.isam.doc/admin/task/tsk_cfg_aggregated_int.html).

    Read more ...

    ISAM SPNEGO configuration

    SPNEGO challenge when reverse dns lookup does not match the requested hostname. The challenge with SPNEGO or rather the Kerberos implementation on ISAM is that it depends on reverse DNS lookups (on the ip address) by default to verify that the hostname you want to connect to.

    Read more ...

    Virtual host junctions and federation on ISAM

    I recently struggled with a setup of an OIDC federation setup on IBM Security Access Manager. Instead of using standard, transparent path junctions, I was now using Virtual Host Junctions. And I could not get the federation to work.

    Read more ...

    The only correct way to setup the ISAM RTE with basic users for the UserLookupHelper

    I’ve been struggling a bit to get the UserLookupHelper work correctly in a custom authentication mechanism I am building for Username / Password authentication. I am using the ISAM “all-in-one” deployment pattern, that is becoming quite popular these days.

    Read more ...

    Download the Brave browser and earn BAT tokens

    The Brave browser promises better privacy ; and to directly pay the user for the ads they’re looking at .

    Read more ...

    How to run ISAM on Virtual Box (and how to run it using Vagrant)

    The goal of this post is to get IBM Security Access Manager running on Virtual Box ( https://www.virtualbox.org/ ), on my local machine. This will allow me to test the Ansible playbooks I’m preparing locally before committing them onto the Git repository.
    As a small addition, I have Vagrant , to quickly set up a new clean instance. Vagrant does not really bring a whole lot of value in this case, because ISAM is a locked down appliance and Vagrant can’t really do a lot.

    Read more ...

    Using Atom as text editor - let’s say I’m not convinced

    I’m working with Atom (https://www.atom.io) since a few days , because it has integrated Git/Github support and it is available cross-platform, but boy … I hate it.

    It does not do any of the basic stuff I expect an editor to do

    • why is searching so hard ?
    • when I open a file again in the tree , it OPENS THE FILE AGAIN instead of going to the Tab where the file is already open . Other (free) editors give at least a warning if you try to do that.
    • because of that (?), it overwrites my changes from time to time, seemingly at random
    • sloooow
    Read more ...

    Logout everywhere for OIDC/OAuth2 on ISAM

    We have an environment where multiple websites are configured to use OIDC authentication (authorization code flow) to an IBM ISAM acting as the Idp (Identity Provider).
    All these websites expect different scopes in their tokens (eg. access tokens and id tokens). Of course, the user can also use multiple devices (browsers) to access the sites.

    Read more ...

    OAuth and OpenID Connect provider configuration for reverse proxy instances - reuse acl option

    I have multiple reverse proxy instances configured on an appliance, and recently added a new one.

    Read more ...
    Share on: