IBM Security & IBM Collaboration Solutions Notes

Tips & tricks for installing and running IBM products
Tom Bosmans Tags 32bit 9.0.5.0 9.0.6 ansible apache applet atom authorization autostart bash basic-authentication bat bonding Brave caching ccm centos centos6 centos7 certbot certbot-auto certificates chartjs chat cicd cognos communities community connections connections-4.0 connections-4.5 connections-5.0 connections-5.5 connections-6 connections-Pink connections container crypto crypto-mining customization datapower db2 distinguished name dkim dmgr dns dnsmasq docker domino dynamic dns edgerouter editor encrypt ethereum exporter federation filebeat free ibm icp ids ihs impress infomap installation-manager interservice-url isam java javascript jquery junction jvm jython kerberos kubernetes kudos lacp ldap letsencrypt Liberty linux logging logout meetings metrics mga multidisplay netinstall network nodeagent non-root notepad++ notes formula oauth oidc openid openoffice oracle OrientMe password performance perl pkce profiles proxy puppet pxe python quickr recording regex rememberme renderer renew rest reverse-proxy rhel6 router sametime sametime-9 sametime-meetings screen-sharing search setup single-signoff-uri spnego ssc ssl stellent stiab stmobile stproxy synology tam tdi tds themes tip tls tpj ttfp ubiquity ubuntu Ubuntu_1210 ubuntu_1304 Ubuntu_1404 udev userlookuphelper vagrant vhj virtualbox vm vmrun vmware was855 wasservice.sh webseal websphere windows xml xquery	IBM Security & IBM Collaboration Solutions Notes federation isam oauth oidc openid webseal OAuth and OpenID Connect provider configuration for reverse proxy instances - reuse acl option Tom Bosmans 10 October 2018 10:12:04 I have multiple reverse proxy instances configured on an appliance, and recently added a new one. I performed the "Oauth and OpenID Connect Provider configuration", and did not select the options "Reuse ACL" nor "Reuse Certificates" . After that, I noticed that my OpenID authentication no longer worked correctly on the other instances. The reason was that the ACL's for the objects in /mga/sps/oauth/oauth20/ disappeared . So if you already have configured other instances on your appliance for "Oauth and OpenID connect", always enable "Reuse ACL" ! What actually happens is easy to follow in the autocfg__oauth.log file in the Reverse Proxy log files: If reuse acl is not checked, it will first detach the ACL's from all objects , delete the ACL and then add it again, but only for the reverse proxy where your run the configuration ..... So you loose all configuration that uses the isam_oauth_* ACL's in the other instances . Moral of the story : always enable "Reuse ACL" when running the "Oauth and OpenID Connect Provider configuration" Comments [0]	Feeds Content Feed Comment Feed Recent Entries ISAM Do not use LACP Bond ISAM SPNEGO configuration Virtual host junctions an The only correct way to s Download the Brave browse Recent Comments Orient-Me pods Domino 9 setup for Sameti Server ID stored in Domin Let’s encrypt TLS c Let’s encrypt TLS c Archives October 2019 (1) September 2019 (1) August 2019 (2) April 2019 (1) March 2019 (1) February 2019 (1) January 2019 (1) October 2018 (1) August 2018 (1) July 2018 (3) June 2018 (3) May 2018 (1) January 2018 (2) December 2017 (1) November 2017 (1) June 2017 (2) April 2017 (2) October 2016 (1) September 2016 (1) June 2016 (2) May 2016 (1) April 2016 (1) December 2015 (1) September 2015 (1) May 2015 (1) March 2015 (2) December 2014 (2) August 2014 (3) March 2014 (1) February 2014 (3) January 2014 (15) December 2013 (1) September 2013 (2) June 2013 (1) May 2013 (2) April 2013 (1) January 2013 (3) December 2012 (4) November 2012 (1) More information ISAM technical stuff A collection of articles and practitioner tips for access management and federation Social Collaboration by Vincent Perrin Software Engineer Leo Farrell - IBM Security Access Manager Martijn’s Blog A Portal to a Portal Ora et Collabora Urs-o--Log Michael Urspringer’s wiki on connections A fortune in tuppence The Sametime Blog Thoughts on Web Content Manager from Level 2 Support Socialize Me Roberto Boccadoro’s blog Social IBM’er