I am new to IBM ISAM and webseal.
How do backend web applications verify that the IV headers (e.g. iv-user) is created by webseal and not some malicious third party?
Asked
Active
Viewed 536 times
1 Answers
0
It doesn't :)
Generally a sort of IP filter or similar is the best to use here, so the application can ensure that the request originates from a known webseal server.
An alternative to iv-* headers is to create some sort of signed token such as a JWT token that can be verified by the application.
kimras
- 16
- 1
-
seems like there's no validation. i decided to do mutual ssl. – happymeal Jan 09 '19 at 10:54
-
i am also new at IBM Webseal is there any turotial how to implement & configure IBM Webseal with spring boot ?? – Jony Mittal Oct 12 '20 at 06:53