This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updateson them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Enable myFileGateway multi-factor authentication. Different fields be added for token and password
Enable different fields to be added in the Login's Page for myFilegateway.
We need to receive an extra field during login authentication on myFileGateway, as a random Token for example.
Using pre-login Exit, User and Pasword are validated against B2Bi core product users. And token (extra field) validated using as user custom code.
If in IUserLoginUserExit_preAuthenticate class, we could pass a "clean" password to B2B (outargs), so the core product could authenticate using the password in outargs, instead of what user has typed.
What is your industry?
How will this idea be used?
When an user access myFileGateway web interface, he will input credencials as below.
User ID: client username Password: password local in user tables + token 6 digits
The Sign In button is already calling a plug-in (external code), that is receiving this credentials. It splits the password, validates the token successfully. This is working fine. The problem is when this code is trying to validate the password on B2B.
SI stores a base64 encoded SHA1 hash of the password into database instead of raw password to protect credentials. Before hashing a password a string of random characters is appended to it (a different random string is used for every password) and the password hashed. It is stored on YFS_USER table.
First, they tried to follow this method and compare the password returned from YFS_USER table. But is not possible because we cant recover the random string that was appended (and for me, doen't make sense try to do this, since the system can not allow this kind of vulnerability, which would basically open the security mode of the application)
So, the second plan, is verify if there is any method or class , which we could pass the credentials, and B2B returns true of false, or validates those credentials.
The perfect solution would be an extra field so we can enable a multi-factor authentication. This extra field could be validate thought pre authentication user exit.
Do not place IBM confidential, company confidential, or personal information into any field.