Skip to Main Content
IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Created by Guest
Created on Jan 8, 2018

Better SSH Key matching functionality

Currently in order to perform SSH Key-based SFTP authentication for trading partners using SSP and SEAS we utilize the preconfigured "VerifySSHPublicKey" Attribute Assertion, defined as "{sshPublicKey_b64}" == "{attr[sshPublicKeyQuery].sshPublicKey}"

As a result, in order to perform any key-based validation of users, the user's public key must be manually trimmed to remove the key type and comments before storing it in LDAP. For example, the key
"ssh-rsa AAAAB3NzaC1yc2...qhsNLP user@server1" must be trimmed down to just "AAAAB3NzaC1yc2...qhsNLP"

We are attempting to implement more self-service functionality in configuring new interfaces, and as such we require users to submit their own requests to add SSH keys to their LDAP account. Users regularly forget to perform the manual trimming of keys, or do it incorrectly, requiring additional manual intervention to correct the key in LDAP.

Ideally SEAS should be able to recognize a valid key in either the OpenSSH or SSH2 format and correctly compare only the key-portion of the string to the actual key provided on login. Failing that, it should be possible to configure wildcards in the Attribute assertion definitions, or add a "contains" comparison operator, so that we could create an assertion that would match if the key in LDAP contains the key that is provided at login, without it being an exact match.
DeveloperWorks ID DW_ID104721
RTC ID RTC_ID538144
Link to original RFE http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=104721
  • Admin
    VIJAY CHOUGULE
    Reply
    |
    Sep 9, 2019

    This issue has been addressed in SEAS 2.4.3.0 ifix2 in Dec 2016. You should also be able to access this with latest SEAS 2.4.3.2 ifix or SEAS 6.0.0.1 GA.

  • Guest
    Reply
    |
    Aug 26, 2019

    The status now says delivered, is there any information regarding how it has been implemented (I offered a couple suggestions in my post) or what SEAS version is required?