Reflections on just how strong passwords really need to be…

Misc Technical

Reflections on just how strong passwords really need to be…

I’m sure we’ve all heard that Bill Burr, the man who wrote the book on password management while working at NIST, has changed his mind about the password guidelines that he devised. “Much of what I did I now regret,” Burr, who is now retired,

Read More
Challenges with Audi music interface and MP3 ID3 tags…

Misc Technical

Challenges with Audi music interface and MP3 ID3 tags…

Earlier this year I bought a 2016 Audi A3. With any new car one of my top priorities is being able to play music: the car has two SD card sockets so I dutifully copied all of my music collection to a 64 GB SD card

Read More
IBM Cloud Identity Connect

IBM

IBM Cloud Identity Connect

IBM recently released IBM Cloud Identity Connect, which is a great employee productivity tool: it enables end users to find the approved SaaS applications that they need (rather than risking going down the ‘shadow IT’ route); having done that it provides a launch pad which

Read More
ISAM now supports FIDO U2F devices

ISAM

ISAM now supports FIDO U2F devices

ISAM Version 9.0.3 was released recently. One of the cool features is that it includes support for authenticators which conform to the FIDO (“Fast IDentity Online”) Alliance Universal 2nd Factor (U2F) standard. These are specialised hardware devices that perform cryptographic operations and which communicate using

Read More
Experimenting with IBM Bluemix

Bluemix

Experimenting with IBM Bluemix

I’ve been having a fascinating time playing with IBM Bluemix – it makes it very easy to throw together an Internet-facing application running, say, Java or Node.js together with persistent storage. But the real magic comes with access to Watson APIs (such as Watson Personality

Read More
LDAP – how to enable/configure audit logging

ISDS

LDAP – how to enable/configure audit logging

The LDAP audit log can be the most helpful mechanism that I have found for investigating what LDAP requests a client is issuing, so I thought that it would be useful to explain how to enable/configure audit logging with IBM Security Directory Suite Version 8

Read More
ISAM: Setting up ECSSO, tag-value data propagation and EAI authentication…

ISAM

ISAM: Setting up ECSSO, tag-value data propagation and EAI authentication…

I recently had a requirement to propagate a third party session ID (set by an EAI server) from one ISAM system to another, so that a user can be automatically logged in to the target third party system based on its session ID. So ECSSO

Read More
How to set up ISAM for step-up authentication using SMS OTP

ISAM

How to set up ISAM for step-up authentication using SMS OTP

It is possible to configure IBM Security Access Manager (ISAM) including its Advanced Access Control (AAC) module to support step-up authentication using One Time Passwords (OTPs) sent by SMS to a mobile phone (cell phone) using an SMS gateway. Here is an outline guide to the

Read More
SSL junctions and ‘mutual authentication’

ISAM

SSL junctions and ‘mutual authentication’

I recently learned something about SSL junctions and ‘mutual authentication’ so I thought that it would be worth writing about it.
1. Starting with the basics, in order to set up any SSL junction, the certificate of the Certification Authority that has signed the server certificate for

Read More
ISAM error “Terminated by the signal, 11” when setting up E-community single signon

ISAM

ISAM error “Terminated by the signal, 11” when setting up E-community single signon

I was recently setting up ISAM E-community single signon (ECSSO) and wanted to set ‘e-community-sso-auth = http’ in the reverse proxy configuration file – but after that, when I tried to restart the reverse proxy it crashed repeatedly with the following messages in the webseal

Read More