Skip to Main Content
IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Functionality already exists
Categories Security
Created by Guest
Created on Jul 22, 2019

Enable myFileGateway multi-factor authentication. Different fields be added for token and password

Enable different fields to be added in the Login's Page for myFilegateway.

Ex:

Username:

Password:

Token:

 

We need to receive an extra field during login authentication on myFileGateway, as a random Token for example.

 Using pre-login Exit, User and Pasword are validated against B2Bi core product users. And token (extra field) validated using as user custom code.

 

Sugestion: 

If in IUserLoginUserExit_preAuthenticate class, we could pass a "clean" password to B2B (outargs), so the core product could authenticate using the password in outargs, instead of what user has typed.

What is your industry? Banking
How will this idea be used?

When an user access myFileGateway web interface, he will input credencials as below.
 
User ID: client username
Password: password local in user tables + token 6 digits
 

The Sign In button is already calling a plug-in (external code), that is receiving this credentials.
It splits the password, validates the token successfully. This is working fine.
The problem is when this code is trying to validate the password on B2B.
 
SI stores a base64 encoded SHA1 hash of the password into database instead of raw password to protect credentials. Before hashing a password a string of random characters is appended to it (a different random string is used for every password) and the password hashed. 
It is stored on YFS_USER table.
 
First, they tried to follow this method and compare the password returned from YFS_USER table. But is not possible because we cant recover the random string that was appended (and for me, doen't make sense try to do this, since the system can not allow this kind of vulnerability, which would basically open the security mode of the application)
 
So, the second plan, is verify if there is any method or class , which we could pass the credentials, and B2B returns true of false, or validates those credentials.

 

The perfect solution would be an extra field so we can enable a multi-factor authentication. This extra field could be validate thought pre authentication user exit.

  • Guest
    Reply
    |
    Nov 7, 2023

    Even if there is a workaround with SSP an SEAS, there is still a mitigaton for the need of MFA. A clean solution would be an extra field so we can enable a multi-factor. A world class solution should have it

    Multiple customers are requiring for this feature

  • Guest
    Reply
    |
    Feb 10, 2021

    Thank you for participating in the RFE communnity. We provide this functionnality with Sterlinng External Authentication Server (SEAS) and IBM Sterling Secure Proxy (SSP) over the SAML 2.0 protocol. Please contact your IBM sales team for more information.

  • Guest
    Reply
    |
    Dec 11, 2020

    More firms are requiring this due to stricter security standards