Tag: Computer access control

Can WebSphere Full Profile scope Requiring Client Certificate authentication to certain paths?

IBM Customer Leave a comment
I would like to know whether WebSphere Full Profile (8.5.5.x or 9.x) has any capability to make the SSL Settings QoP “Client authentication” Required for **only** a specific path of an application?

The use-case is that a customer wants to use it for mutual authentication of REST APIs, but not require it for a user interface application that users log in to using a totally different authentication method. Both applications are deployed in the same .ear file.

Currently it appears that the configuration of Client authentication is done at the Cell or Node level through https://www.ibm.com/support/knowledgecenter/en/SSAW57_9.0.0/com.ibm.websphere.nd.multiplatform.doc/ae/csec_ssl_clientauth.html

Related:

  • No Related Posts

Re: Configuring Centrify LDAP Proxy with OneFS 8.0.0.1; HOW TO?

Dell Community Leave a comment

Has anybody successfully setup Centrify LDAP proxy with OneFS?

# isi auth status

ID Active Server Status

——————————————————————————————-

lsa-activedirectory-provider:mycompany.COM mycompanydc99.mycompany.com online

lsa-local-provider:System – active

lsa-local-provider:Private – active

lsa-file-provider:System – active

lsa-ldap-provider:centrifylinux-ldap-proxy.mycompany.com – offline

lsa-ldap-provider:test-proxy – offline

lsa-nis-provider:rhelnis-master.mycompany.com – online

——————————————————————————————-

Total: 7

The LDAP proxy is responding to ldapsearches but the Isilon fails to online for more than a few seconds.

-D

Related:

Building an MS-DFS environment containing NSS4AD volumes and making it available through Filr

Novell Leave a comment

In this ever changing and “Directory Agnostic” to shifting world, we’re sometimes asked to perform awkward tasks. This is one of them, but mixing 2 worlds to please the majority of your users isn’t a bad thing in my book, so here goes. When for various reasons the directory the users authenticate to shifted from …

+read more

The post Building an MS-DFS environment containing NSS4AD volumes and making it available through Filr appeared first on Cool Solutions. BSCHOOFS

Related:

LDAP Authentication returning “bad user” error

Symantec Community Leave a comment
I need a solution

I’m trying to get LDAP authentication to AzureAD set up with a proxysg server, but I can’t get passed a bad user name errors. 

Using the 6.2 admin guide for my steps.  I’ve added, taken down, re-added the details multiple times at this point and not sure what I’m missing.  Are there any known issues connection to an AzureAD?

0

Related:

Cisco ASA Software, FTD Software, and AnyConnect Secure Mobility Client SAML Authentication Session Fixation Vulnerability

Cisco Leave a comment
A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. The authentication would need to be done by an unsuspecting third party.

The vulnerability exists because there is no mechanism for the ASA or FTD Software to detect that the authentication request originates from the AnyConnect client directly. An attacker could exploit this vulnerability by persuading a user to click a crafted link and authenticating using the company’s Identity Provider (IdP). A successful exploit could allow the attacker to hijack a valid authentication token and use that to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asaanyconnect

Security Impact Rating: High

CVE: CVE-2018-0229

Related:

Citrix Gateway displays error “HTTP/1.1 504 Gateway Timeout” while connecting to backend resources

Citrix Leave a comment
When connecting to the Backend in a Citrix Gateway solution. you could face an issue where the Gateway is sending an error to the client when accessing the backend services/resources.

Analyzing the ADC/Gateway traces you could identify that the Gateway has responded with the error without even initiating the connection to the backend server.

Request:

POST /SecureBrowse/https/gateway.reprolab.com/oauth2/token HTTP/1.1

Host: gateway.reprolab.com:444

Content-Type: application/x-www-form-urlencoded;charset=UTF-8

deviceId: 00000000-0000-0000-0000-000000000000

Cookie: NSC_AAAC=bd27ec1fag5b4937a55abc3a06845b260c3a01d41111111158455e445a4a42

Accept: */*

Connection: keep-alive

Content-Length: 143

User-Agent: SO/1.0 (SecureBrowse; build:1.5; iOS 11.4.0)

Accept-Language: en-US;q=1.0

Authorization: Basic abcWEcsdsWs1I1SFZNTF95UGR1aHZ4a111111111111111111112RveFBEZXVDMlVh

Accept-Encoding: gzip;q=1.0, compress;q=0.5

channel=2&deviceId=00000000-0000-0000-0000-000000000000&grant_type=password&password=Pa$$woRD&scope=openid&subChannel=1&username=mytestuser

Response:

HTTP/1.1 504 Gateway Timeout

Content-Length: 58

Connection: close

Cache-Control: no-cache,no-store

Pragma: no-cache

<html><body><b>Http/1.1 Gateway Timeout</b></body> </html>

Related:

CCS-VM User administrator does not work to configure Analytics & Reporting

Symantec Community Leave a comment
I need a solution

We install CCS-Vulnerability Manager without apparent inconveniences, we can authenticate in the web console with the user administrator. When trying to configure Analytics & Reporting, ask for a new authentication, we type the same credentials of the administrator user and the message “You have entered an invalid username and password combination” appears.

Attempting to correct the problem we created users administrators members of the default group “Administrators” in Role Based Access -> Users & Groups importing them from Active Directory. These users are created correctly but do not allow authentication even in the console.

In view of the above, we created a new local user also a member of the Administrators group, this user can authenticate in the console but not when trying to configure Analytics & Reporting, the same thing happens as with the user administrator.

Questions:

What is the valid user to configure Analytics & Reporting and where is it defined?
How do we enable the users imported from AD so that they can authenticate in the web console of CCS-VM?

0

Related: