IBM Security Verify

 View Only
Expand all | Collapse all

Mobile demo app on containers and appropriate settings

  • 1.  Mobile demo app on containers and appropriate settings

    IBM Champion
    Posted Tue March 19, 2024 09:37 AM
    Edited by Matt Jenkins Tue March 19, 2024 09:38 AM

    Does the mobile-demo app (RTSS advanced setting live.demos.enabled=true) work on containers with regards to being able to pull some of info from the LMI?  If so, what settings should be used for the lmi, runtime, and wrp?

    I was planning on setting them in the live.demos.settings to make it easier.  i.e.:

    lmiHostAndPort=isam-config:443,lmiAdminId=admin,lmiAdminPwd=supersecret,acHostAndPort=localhost:443,websealHostNameAndPort=localhost:443
    I've used values that the runtime containers should be able to reach, tried pointing them all at isam-config which is reachable, etc. and nothing seems to work.  Granted, I didn't restart anything, and I was setting them on the mobile demo GUI right now to test things, and those values are lost during a container restart.  So I'm wondering if this even still works on the containers or maybe it has to be set via the advanced live.demos.settings parameter since the app loses the settings on a container restart.  In any case, does anyone have any recommended settings for a quick lab if this is supposed to work?
    PS:  On a side note, if anyone can recommend any other "demo" apps that could be easily spun up as a container (especially on OCP/K8s) that would demonstrate things like OAuth, OIDC, SAML, maybe FIDO2, etc. that would be extremely helpful to know.  I know there are some online test sites out there for things like SAML, but anything I use has to be local to the network.
    Thanks!
    This is what I see on the mobile-demo/diag/ page when regardless of what I set those values to:
    Context-based Access Session Attributes:
There was an error retrieving the context-based attributes: class java.lang.Exception - java.lang.IllegalStateException: TrustManagerFactoryImpl is not initialized
Either the Attribute Collect Service host and port isn't working, get GET interface (attributeCollection.enableGetAttributes) in the advanced property isn't enable or the hostname and port wasn't provided.

.Please provide the hostname:port below which ports to the application interface of the Verify Access server in the setting page.

There was an error retrieving the behavior attributes: class java.lang.Exception - java.lang.IllegalStateException: TrustManagerFactoryImpl is not initialized
Either the Attribute Collect Service host and port isn't working, get GET interface (attributeCollection.enableGetAttributes) in the advanced property isn't enable or the hostname and port wasn't provided.

.Please provide the hostname:port below which ports to the application interface of the Verify Access server in the setting page.



    ------------------------------
    Matt Jenkins
    ------------------------------



  • 2.  RE: Mobile demo app on containers and appropriate settings

    Posted Tue March 19, 2024 05:22 PM

    Matt,

     

    The demo application isn't something which has been specifically tested – but it should work OK.  The fact that it looks like the error is coming from the trust manager factory leads me to think that it could be a 'trust' issue with connecting to the LMI.  Have you added the certificate of the CA which signed the LMI server certificate to the 'rtprofile_keys' key file?

     

    Thoughts?

     

    Thanks.

     

    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access
    IBM Master Inventor

    cid4122760825*<a href=image002.png@01D85F83.85516C50">

    Phone: 61-7-5552-4008
    E-mail: scotte@au1.ibm.com

    1 Corporate Court
    Bundall, QLD 4217
    Australia

     

     

     




    Original Message