my posts

    I keep this blog to write down stuff I ran into along the way.

    WebSEAL LUA http transformation rule for logging

    This is a small follow-up post to my previous post on LUA transformation rules to retrieve external data WebSEAL LUA http transformation rules with external data

    Read more ...

    WebSEAL LUA http transformation rules with external data

    With IBM Security Verify Access 10.0.4 came the possibility to use LUA scripting for HTTP Transformation rules, in addition to the existing XML HTTP Transformation rules.

    Read more ...

    Ansible automation platform gotchas

    Ansible Execution environments come with the big promise that this allows developers to run the same environment (python, OS, …) as would be the case on Ansible Automation Platform.

    Read more ...

    Using the WebSEAL jwt junction to an Open Liberty application in a Container

    This is an overview of some of the options that exist in Open Liberty to consume jwt tokens generated by WebSEAL. It is largely based on the blog post by Shane Weeden (https://community.ibm.com/community/user/security/blogs/shane-weeden1/2016/11/11/isam-902-the-jwt-sts-module-and-junction-sso-to-we), but extended to use the newer capabilities of WebSEAL.

    Read more ...

    Ansible check if a file exists in when statement

    In Ansible, if you have playbooks with variables that are filenames, and that should point to actual files, it’s sometimes necessary to make sure the file exists before continuing.

    Read more ...

    Redis Sentinel for ISVA WebSEAL

    Redis is a key-value in-memory database (Redis.io). You can use Redis since version 10.0.1 in IBM Verify Access Manager as an alternative to the DSC (Distributed Session Cache) in WebSEAL and also in the Federation component as a replacement for the HVDB in some situations. Although it’s not possible yet to store everything in Redis , I think this will be definitely the case in the future!

    Read more ...

    String formatting in Ansible

    This post is about configuring ISAM WebSeal using the IBM Security Ansible Collection https://github.com/IBM-Security/isam-ansible-collection, but it is valid for any string related operation in Ansible yaml files. There are different moving parts in play that impact how your strings will be rendered, and I try to clear that up a bit here.
    It can be a Python, Yaml or Jinja syntax thing.

    Read more ...

    HCL Domino mail export using iNotes

    Since I don’t have a Notes client anymore, I needed a different approach to export some mails from a Domino server.

    Read more ...

    Publishing Jekyll website using Github Actions

    I tend to suffer from the “if you have a hammer, everything starts to look like a nail” syndrome. So I started off with an Ansible deployment for this blog site.

    Read more ...

    Ansible Execution Environment for the IBM ISVA Ansible collection

    In Ansible Automation Platform 2.0 (the new version of Ansible Tower), there’s changes in how you work with custom environments. Instead of creating Python virtual environments, Automation Platform works with “ansible execution environments”.

    Read more ...

    Ansible Collection for Pleasant password retrieval

    Recently I came across Pleasant Password Server in use as a PAM (Privileged Access Management) solution. https://pleasantpasswords.com/info/pleasant-password-server.
    I needed to integrate it with the Ansible playbooks I was using to deploy and configure IBM Verify Security Access Manager. Unfortunately, there was no Ansible plugin available for use as there are for CyberArk or Thycotic or …, so I created one myself.

    Read more ...

    Change ISVA admin password using BeyondTrust BeyondInsight PAM

    Here’s an example on how to change the ISVA/ISAM admin@local password using BeyondTrust’s BeyondInsight PAM (Privileged Access Manager) tool:

    Read more ...
    Share on: