Design and implement OAuth/OIDC authentication process for mobile clients (native/html) using ISAM (IBM Security Access Manager) and authorisation code grant type. Integrate custom “Message Provider Gateway” (MSG) in authentication process (verification of access token) using OIDC JWKS (JSON Web Key Set) and /userinfo endpoints. Products used: IBM Security Access Manager

By default, the WebSphere Application Server SAML Trust Association Interceptor (TAI) supports IdP-initiated SSO only. When custom code is in place, the SAML TAI can be configured to support SP-initiated SSO. Writing a custom java class the authentication process will be intercepted and handled by the SP – a SAML mutual trust relationship between the […]

User account synchronization between internal LDAP and directories of a foreign application domain (e.g. Cloud application), using SCIM (System for Cross-domain Identity Management), alternatively parsers (LDIF, JSON, XML, others) or synchronization with a cloud database. Products used: IBM Security Directory Integrator (SDI), IBM Secure Directory Server (SDS), Amazon Web Services (AWS) DynamoDB, Red Hat.

The intention of this project was to provide a consistent Single-Sign-On (SSO) between an on-premise ISAM (IBM Security Access Manager) and IBM’s Cloud Identity (CI) using SAML by utilising local user accounts for authentication. MMFA (Mobile Multi Factor Authentication) with QR Code and TOTP (Timely One Time Password) was added to provide a 2-factor authentication […]

Design and implement multiple corporate-wide deployments for IBM Sametime 9 including components necessary to provide web conferencing and multi-way audio/video/chat. Products used: IBM Sametime complete v9