Verify Access (Access Manager) Base

Verify Access (Access Manager) Base Courses:

Configuring and using Access Manager V9 Platform

This lab provides a brief introduction to IBM Security Access Manager (ISAM) V9 Platform administration. You learn how to configure and use the IBM Security Access Manager V9.0.3 Platform module for web access management.

Configuring basic users using Active Directory as a federated directory

In this lab, you set up an Active Directory as a Federated directory. Then, you configure the Active Directory users as Basic users in Access Manager.

Configuring client certificate and step-up authentication

This lab covers how to configure IBM Security Access Manager (ISAM) to use the user certificates issued by a trusted Certificate Authority (CA) for the client certificate-based authentication. The lab also demonstrates the step-up authentication using the client certificate-based authentication.

Configuring External Authentication Interface (EAI)

The External Authentication Interface (EAI) extends the Reverse Proxy also known as WebSEAL, so that a remote application or service can authenticate Access Manager users.

This lab demonstrates steps to configure IBM Access Access Manager (ISAM) Reverse Proxy to redirect the authentication process to an EAI application. The EAI used in this lab is a simple Perl program test_sso.pl which performs a form-based login using user name and password. Then, the EAI posts the user identity using HTTP headers to the check_user.pl program which is configured as a trigger URL. The Reverse Proxy uses the HTTP headers posted in the trigger URL to build user credential internally and grant access to a protected resource.

Configuring HTTP transformation feature

In this lab, you configure HTTP transformation rules in IBM Security Access Manager (ISAM) to modify HTTP requests and responses passing through the Reverse Proxy junctions.

Configuring SSO to WebSphere Liberty using LTPA token

This lab provides a sample configuration that enables WebSphere Liberty application to authenticate and authorize against the IBM Security Access Manager (ISAM) LDAP user registry using an LTPA cookie.

Securing web resources using ACL, POP and Authorization rule policies

IBM Access Manager Platform protects web resources using security policies. Each security policy can be defined with a combination of the following controls: Access Control List (ACL) policies, Protected Object Policies (POPs) and Authorization rules.

In this lab, you use ACLs, POPs, and authorization rules to control access to the web content. You first create a junction for IBM HTTP Server (IHS) resources. Then, you apply various security policies to the web resources protected by that junction.

Configure context-based access (CBA) in Verify Access

IBM Security Verify Access (previously known as IBM Security Access Manager or ISAM) supports context-based access (CBA) control based on the dynamic risk assessment or confidence level of a transaction.

In this lab, you learn how to implement CBA based on a value of a certain a parameter in an HTTP POST request and prompts for step-up authentication. The step-up authentication requires the users to provide a time-based one-time password (TOTP). You generate the OTP by using a mobile App on your phone, for example, IBM Verify or Google Authenticator. This lab uses TOTP for step-up authentication but any other supported method can be used.

Configuring Authentication Service Framework, CBA and OAuth Authorization for REST API access

IBM Security Verify Access (previously known as IBM Security Access Manager or ISAM) provides Authentication Service Framework within the AAC module for policy-based strong and second factor authentication features and functions.

In this lab, you learn how to configure and use the /mga/sps/apiauthsvc endpoint for REST API access. First, configure the integration between the Reverse Proxy and the AAC runtime for context-based access (CBA) control, and OAuth Authorization. Then, create an access policy that detects high-value transactions based on a JSON parameter in the HTTP POST request and prompt the users for second-factor authentication (2FA). Users are required to provide a one-time password (OTP) sent to their email address. The users are allowed access after they provide a valid OTP. This lab uses MAC OTP mechanism for 2FA but other supported method can be used.