New Trusteer integration in IBM Worklight 6.2
Christian Karasiewicz 270005XS4E Comments (2) Visits (3839)
This blog post is contributed by Nathan Hazout, a developer for the web and for mobile who does customer oriented R&D for IBM Worklight.
In April, I wrote a post named "Prevent malware-ridden devices from accessing IBM Worklight adapters" that discussed integration techniques between Trusteer and IBM Worklight 6.1.
Trusteer, an IBM company, provides the Trusteer Mobile SDK, which collects multiple mobile device risk factors and provides them to the mobile app, enabling organizations to restrict mobile app functionality based on risk levels.
In Worklight Foundation 6.2 the integration is easier than before, because parts covered in my previous blog post are now integrated directly into the product. Here I will explain the basic steps needed to use Trusteer in your Worklight application.
Installing the Trusteer Mobile SDK
As before, the Trusteer Mobile SDK is provided separately from Worklight, so ask your sales representative. The process may be easier if you ask for a WLC file (Worklight Component). The WLC file can only help for hybrid applications. For native projects, you will still need to install manually.
In all cases, see step-by-step instructions in the Worklight documentation.
Using the Trusteer Mobile SDK
In Worklight 6.2, you no longer need to manually call Trusteer’s C functions to get the calculated risk assessments. The entire process is abstracted for you by a new Worklight application programming interface (API).
In any case, as you’ll see next, using the client-side API is completely optional since all of this information is automatically sent to the server without your intervention. However, the client-side API is still useful since you may want to update the user interface depending on the current risk assessments.
As soon as the Trusteer Mobile SDK is installed and active, every HTTP request to the Worklight Server will contain the Trusteer risk assessments. You no longer need to manually add global HTTP headers. Worklight will do that for you automatically.
Also in 6.2, you no longer need to write your own custom authenticator. Worklight provides an authenticator for you (com
New projects come with a sample (commented-out) login module and realm for Trusteer protection. You will be able to specify which scenarios are acceptable and which are not. For example, you can choose to block malware devices and alert rooted devices. See all the options and examples here.
You’ll also need to write a security test that will use your new Trusteer realm and protect the resources as needed.
If the Worklight server sends a block or alert event according to your Trusteer realm options, you’ll want to notify the user or change the application behavior.
To do so, you need to write a challenge handler that follows the special Worklight protocol. The challenge handler will receive a reason code that you can show to the customer or use to make a decision.
See simple examples in the documentation.
To learn more I recommend following the sample guides and sample projects provided here. And feel free to leave a comment or a question below.