Main config aspects
Main configuration aspects for Kobil AST

The basis for any Kobil AST configuration in Airlock IAM is the connection to the SSMS. The plugin Kobil SSMS Client has trhee main properties:

  • Portal Lib Config
  • Trust Store
  • Key Store

These are 3 files that can be exported from the SSMS installation. The Portal Lib Config is an XML file that contains the connection information.

Make sure that you use authenticated communication with the SSMS server, to avoid interference with other applications communicating with the server. This is achieved by configuring the "Portal Services" on the SSMS and adding the libPortalAstId and portalSharedSecret Properties in the XML file.asdfasdf

A PortalLib configuration XML will look similar to this example:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<portalLib>
    <deviceEventInterval_ms>0</deviceEventInterval_ms>
    <libPortalAstId>myIAM</libPortalAstId>
    <portalSharedSecret>123456</portalSharedSecret>
    <properties>
        <entry>
            <key>com.sun.xml.ws.connect.timeout</key>
            <value xsi:type="xs:int" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">20000</value>
        </entry>
        <entry>
            <key>com.sun.xml.ws.request.timeout</key>
            <value xsi:type="xs:int" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">20000</value>
        </entry>
        <entry>
            <key>javax.xml.ws.session.maintain</key>
            <value xsi:type="xs:boolean" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">true</value>
        </entry>
    </properties>
    <ssmsNode>
        <internalUrl>https://kobilssms.local:8443/ssms-gui</internalUrl>
        <ssmsNodeType>MGT</ssmsNodeType>
    </ssmsNode>
    <keystorePassword>123456</keystorePassword>
    <truststorePassword>123456</truststorePassword>
    <usingExternalLoadBalancer>false</usingExternalLoadBalancer>
</portalLib>

The Kobil SSMS Client plugin is used in various Kobil-related plugins, depending on which feature should be activated:

Feature
Plugin
Where
Options/Comments
Authentication
Kobil AST Authenticator
Authentication settings, typically in the Main Authenticator as second factor.
Most default values should be good. The Message property (Advanced Settings) defines the message that will be displayed on the smartphone app on login.
Administration
Kobil Credential Controller
Adminapp >> Users >> Authentication Tokens settings
Enables common administration tasks (add, migrate, order letter, lock/unlock).
Activation letters
Kobil AST Activation Letter Task
Service Container
Creates letters with activation codes for the initial activation of a Kobil AST device.
Self-registration
Kobil AST Self-Service Configuration
Loginapp >> Self Service Settings
Allows a user to register a Kobil AST device during login.
Migration
Migration Config
Loginapp >> Self-Service Settings >>Migration Hint Page Config
Enables migration from another authentication method to Kobil AST
Device management self-service
Property Enable Device Management
Kobil AST Self-Service Configuration
Device management ist then reachable under the Loginapp URL /kobil-device-management
DB Consistency
Kobil Ssms Consistency
User Persister Plugins (DB, LDAP)
Maintains consistency between user database and SSMS.
Activation Codes
Role-based Access Control
Adminapp >> Access Control (View Kobil Activation Code)
Specifies the admin roles required to view or retrieve (REST service) Kobil AST activation codes