The basis for any Kobil AST configuration in Airlock IAM is the connection to the SSMS. The plugin Kobil SSMS Client has trhee main properties:
- ●Portal Lib Config
- ●Trust Store
- ●Key Store
These are 3 files that can be exported from the SSMS installation. The Portal Lib Config is an XML file that contains the connection information.
Make sure that you use authenticated communication with the SSMS server, to avoid interference with other applications communicating with the server. This is achieved by configuring the "Portal Services" on the SSMS and adding the libPortalAstId and portalSharedSecret Properties in the XML file.asdfasdf
A PortalLib configuration XML will look similar to this example:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <portalLib> <deviceEventInterval_ms>0</deviceEventInterval_ms> <libPortalAstId>myIAM</libPortalAstId> <portalSharedSecret>123456</portalSharedSecret> <properties> <entry> <key>com.sun.xml.ws.connect.timeout</key> <value xsi:type="xs:int" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">20000</value> </entry> <entry> <key>com.sun.xml.ws.request.timeout</key> <value xsi:type="xs:int" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">20000</value> </entry> <entry> <key>javax.xml.ws.session.maintain</key> <value xsi:type="xs:boolean" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">true</value> </entry> </properties> <ssmsNode> <internalUrl>https://kobilssms.local:8443/ssms-gui</internalUrl> <ssmsNodeType>MGT</ssmsNodeType> </ssmsNode> <keystorePassword>123456</keystorePassword> <truststorePassword>123456</truststorePassword> <usingExternalLoadBalancer>false</usingExternalLoadBalancer> </portalLib>
The Kobil SSMS Client plugin is used in various Kobil-related plugins, depending on which feature should be activated:
Feature | Plugin | Where | Options/Comments |
Authentication | Kobil AST Authenticator | Authentication settings, typically in the Main Authenticator as second factor. | Most default values should be good. The Message property (Advanced Settings) defines the message that will be displayed on the smartphone app on login. |
Administration | Kobil Credential Controller | Adminapp >> Users >> Authentication Tokens settings | Enables common administration tasks (add, migrate, order letter, lock/unlock). |
Activation letters | Kobil AST Activation Letter Task | Service Container | Creates letters with activation codes for the initial activation of a Kobil AST device. |
Self-registration | Kobil AST Self-Service Configuration | Loginapp >> Self Service Settings | Allows a user to register a Kobil AST device during login. |
Migration | Migration Config | Loginapp >> Self-Service Settings >>Migration Hint Page Config | Enables migration from another authentication method to Kobil AST |
Device management self-service | Property Enable Device Management | Kobil AST Self-Service Configuration | Device management ist then reachable under the Loginapp URL /kobil-device-management |
DB Consistency | Kobil Ssms Consistency | User Persister Plugins (DB, LDAP) | Maintains consistency between user database and SSMS. |
Activation Codes | Role-based Access Control | Adminapp >> Access Control (View Kobil Activation Code) | Specifies the admin roles required to view or retrieve (REST service) Kobil AST activation codes |