Skip to Main Content
IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Submitted
Categories Security
Created by Guest
Created on Nov 15, 2024

This RFE proposes an enhancement to IBM Sterling Secure Proxy (SSP) to include support for OpenID Connect (OIDC) authentication.

Request for Enhancement (RFE): OpenID Connect (OIDC) Support in IBM Sterling Secure Proxy (SSP)

1. Introduction

This RFE proposes an enhancement to IBM Sterling Secure Proxy (SSP) to include support for OpenID Connect (OIDC) authentication. OIDC is a modern identity layer built on top of the OAuth 2.0 protocol, providing a more secure and flexible approach to authentication than traditional methods.

2. Current Situation

Currently, SSP supports various authentication mechanisms, including LDAP, RADIUS, and SAML. While these methods are widely used, they often lack the modern security features and interoperability offered by OIDC.

3. Proposed Enhancement

We request that SSP be enhanced to support OIDC authentication. This would involve:

  • OIDC Provider Integration: Allow SSP to act as a relying party (RP) and connect to various OIDC providers (e.g., Azure AD, Okta, Auth0).

  • Token Handling: Enable SSP to receive and validate ID tokens, potentially using them for authorization decisions.

  • Configuration: Provide administrators with a user-friendly interface to configure OIDC settings, including provider details, client ID, and scopes.

4. Benefits of OIDC Support

Implementing OIDC support in SSP offers several advantages:

  • Enhanced Security: OIDC leverages modern security standards like JSON Web Tokens (JWT) and provides features like token revocation and refresh, improving overall security posture.

  • Improved User Experience: OIDC enables single sign-on (SSO) and reduces password fatigue, leading to a smoother user experience.

  • Increased Interoperability: OIDC is an open standard, promoting interoperability with a wide range of applications and identity providers.

  • Future-Proofing: OIDC is the industry trend for modern authentication and authorization, ensuring SSP remains relevant and compatible with emerging technologies.

  • Centralized Identity Management: OIDC facilitates centralized identity management, simplifying user provisioning and access control.

5. Use Cases

OIDC support in SSP would benefit various use cases, including:

  • Securing APIs: Protect APIs by requiring OIDC authentication for access.

  • Partner Integration: Enable secure access for partners using their own identity providers.

  • Mobile Application Access: Secure mobile application access through OIDC integration.

  • Cloud-Native Deployments: Support modern cloud-native deployments with OIDC-based authentication.

6. Conclusion

Adding OIDC support to IBM Sterling Secure Proxy is crucial for enhancing its security, usability, and interoperability in today's evolving digital landscape. This enhancement would align SSP with modern authentication standards and provide significant benefits to organizations relying on it for secure access to their applications and data.


What is your industry? Financial Markets
How will this idea be used?

Use Cases

OIDC support in SSP would benefit various use cases, including:

  • Securing APIs: Protect APIs by requiring OIDC authentication for access.

  • Partner Integration: Enable secure access for partners using their own identity providers.

  • Mobile Application Access: Secure mobile application access through OIDC integration.

  • Cloud-Native Deployments: Support modern cloud-native deployments with OIDC-based authentication.

  • Admin
    Kiran Krishnan
    Reply
    |
    Nov 21, 2024

    Thank you for taking the time to provide your ideas to IBM. We appreciate your willingness to share details about your experience and your recommendations. After reviewing this we have decided to consider to implement this idea in one of the future releases based on the roadmap priorities.

    If you have any additional feedback, thoughts or ideas, or if there is anything else I can do, please do not hesitate to reply to this message to continue the conversation. Appreciate your patience.

    Thanks,

    Product Management

  • Guest
    Reply
    |
    Nov 15, 2024

    I can see how this would make it easier for customers who use the IBM Sterling proxy to have it call out to ISV for authentication.