IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Planned for future release
Workspace Sterling Secure Proxy
Categories Administration & Configuration
Created by Guest
Created on Sep 19, 2022

RELATED IDEAS

Signature parameter to SEASCustomExitInterface class

Hi Team,

To perform actual authentication, the client sends a signature generated using the private key.

It is a SSH signature verification.

To perform signature verification, customer backend generic solution need the following data in the authentication request:

  • Username

  • Service/tenant name

  • Public key

  • Public key algorithm

  • Signature

When the server receives this message, it MUST check whether the supplied key is acceptable for authentication, and if so, it MUST check whether the signature is correct.


For more details on this kindly go-through PMR#TS010510969.


Regards,

Ahmed

SSH_Signature.JPG
SSH_Signature.JPG
Open full size
SSH_Signature.JPG
What is your industry? Banking
How will this idea be used?

As part of the customer implementation we are using IBM Sterling external Authentication Server 6.0.3 and we are using Generic Authentication method.
Here I would like to know how to pass "Signature parameter" to "SEASCustomExitInterface" class.

This class has below list parameters:

String REQKEY_CLIENTID = "clientId";
String REQKEY_CORRELATOR = "correlator";
String REQKEY_IPADDRESS = "ipAddress";
String REQKEY_APPINPUTS = "appInputs";
String REQKEY_APPOUTPUTS = "appOutputs";
String REQKEY_EXITOUTPUTS = "exitOutputs";
String REQKEY_CERTS = "certs";
String REQKEY_ISSERVER = "isServer";
String REQKEY_USERID = "userId";
String REQKEY_PASSWORD = "password";
String REQKEY_NEWPASSWORD = "newPassword";
String REQKEY_SECURITY_CODE = "securityCode";
String REQKEY_MAGIC_NUMBER = "magicnumber";
String REQKEY_DSTSVC = "destinationService";
String REQKEY_SSHPUBLICKEY = "sshpublickey";
String REQKEY_SSHPUBLICKEY_B64 = "sshpublickey_b64";
String RSPKEY_DAYS_UNTIL_PWD_EXPIRES = "daysUntilPwdExpires";
String RSPKEY_PWD_POLICY = "pwdPolicy";

Because of this RFE, we can get to know, which parameter should use or how to pass signature from SSP to SEAS (SEASCustomExitInterface).
  • Guest
    Reply
    |     Apr 12, 2023


    When this feature be available in SSP/SEAS custom exit flow for us to use? Kindly provide release version of SSP/SEAS artifacts that need to be upgraded to enable these additional security parameters values in custom exist flow?

    Thanks,
    Nitin Rane

  • Guest
    Reply
    |     Nov 15, 2022

    Hi Vijay,

    Thanks for the response on this RFE request. We are waiting for your WebEx invite for further discussion on this feature.

    Thanks,

    Nitin Rane

  • Admin
    VIJAY CHOUGULE
    Reply
    |     Nov 10, 2022

    Thank you for taking the time to provide your ideas to IBM. We appreciate your willingness to share details about your experience and your recommendations. After our initial review we understand that currently the check on Sender possesing Private key with respect to Public key is achived via Deamon (Maveric toolkit) We would need further discussion on this with your technical team. Please look forward to the invite on the same. Thanks

    Appreciate your patience.


    Thanks,

    Product Management

  • Guest
    Reply
    |     Oct 28, 2022

    Hi IBM team,

    As per Mastercard's Security standards end to end authentication request which is being processed and validated from SEAS external custom exist interface must contain signature value of incoming user request so that downstream Authentication Service of Mastercard would be able to perform proper authentication of request by validating signature value and generate auth token accordingly.


    Kindly expediate this SSP SEAS feature development at your end and provide us a project delivery timelines for our Mastercard's implementation planning purpose.


    Thanks,

    Nitin Rane

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.