• Add a Comment
  • Edit
  • More Actions v
  • Quarantine this Entry

Comments (242)

1 Doug Breaux commented Permalink

Thanks for the nice, clear explanation, Shane.

2 Jim Smith commented Permalink

Hi Shane,

 
Thanks for this example.
 
Actually I landed on this page while searching for a design approach to protect a mobile application ( Rest APIs etc ) with webseal. We have a customer looking at leveraging webseal for protecting a mobile application ( mainly REST APIs ). The application is hosted on a non-IBM back-end and webseal is intended to provide authentication and SSO for the application.
 
The turn around for solution is expected to be fairly quick and hence upgrade to ISAM for mobile is not a preferred option.
 
Here is the application flow -
 
1) User opens the application on a mobile device
2) Webseal prompts for userid/password for the first time. Upon successful authentication, a token is issued with some predefined expiration, say 12 hrs
3) For all subsequent requests, the device uses this token
4) After 12 hrs, the user is asked to enter user/password again
 
We are mainly exploring following options -
 
1) OAuth - which may be an overkill for a simple application and we would need an OAuth provider, using TFIM
2) Use re-authentication feature with some custom cookies to extend the session beyond 30 mins upto 12 hours
 
Would there be any other simpler approach we should consider ? Or, out of the above two options, which one we can prefer ?

3 Shane Weeden commented Permalink

If you are time-constrained on implementing the solution I would see that as a driver to moving to ISAM4Mobile, not a reason to avoid the upgrade. OAuth is far superior in terms of client-programming simplicity than a cookie-based approach. ISAM4Mobile offers a more consumable OAuth solution for your use case out of the box than TFIM 6.2.2 software.

 
-Shane.

4 commented Trackback

[Trackback] Thank you for your good article,and look forward to your better work.\nWelcome To Cheap Hermes Handbags Outlet Online Store

5 commented Trackback

[Trackback] This is a good post. I really like it. This post is quite unique and extraordinary. The author must be very talented.\nRay Ban sunglasses are fashionable for women to wear in the summer, beautiful, when you are driving a car in the summer, wearing Ray ...

6 commented Trackback

[Trackback] Prevent thinking about these folks & obtain these folks. Really worth every dime!\n Tiffany Cuff Links will brings a touch of tough to your daily life. As we know, Tiffany Cufflink designs vary widely. The simplest design consists of a short post or ch...

7 commented Trackback

[Trackback] Pretty! This was a really wonderful article. Thank you for supplying this information.\nRay Ban Aviator sunglasses encompass the shape that started it all. The Ray Ban Aviator is the brand staple originally designed for the U.S. military fighter pilots...

8 commented Trackback

[Trackback] http://www.burtonmorris.com/jordan3lab5infrared.htm nhwewlan http://www.burtonmorris.com/jordan3lab5infrared.htm lhvasvugy [url=http://www.burtonmorris.com/jordan3lab5infrared.htm]http:/...

9 commented Trackback

[Trackback] http://powderblue3s.teenblog.com/ ftiqbhnuf Powder Blue 3s Buy

10 commented Trackback

[Trackback] Dans ce site, vous serez en mesure d'acheter de la collection de r��pliques de\nRay Ban sunglasses are fashionable for women to wear in the summer, beautiful, when you are driving a car in the summer, wearing Ray Ban sunglasses you will get a bette...

Add a Comment Add a Comment