Configuring application security-check properties

Learn how to customize the security-check configurations for a specific application version.

About this task

You can make application-specific changes to the default values of any predefined or custom security-check property that is exposed on the same MobileFirst Server instance as your application. The documentation of the predefined security checks lists the properties that are supported for each check, and their default values. See Predefined MobileFirst security checks. For custom security checks, the basic configuration is defined in the adapter descriptor file, and can be overridden for a specific server instance in the adapter runtime-configuration file. See Security-checks configuration. In addition, for the custom security checks the MobileFirst security framework provides an application-specific property for enabling device SSO. See Configuring device single sign-on (SSO). The IBM MobileFirst™ Platform Operations Console for your MobileFirst Server instance displays the available security checks and their properties, including the property values, default values, and descriptions (if provided in the definition). Follow the outlined procedure to customize the property values for your application.

Note: Application customizations of the security-check configuration properties are defined in the application-descriptor JSON file. See Application configuration.

Procedure

Configure the security checks that are used by your application by using one of the following alternative methods:

Using IBM MobileFirst Platform Operations Console (the console)
1. Select your application version from the Applications section of the console's navigation sidebar, and then select the application Security tab.
2. In the Security-Check Configurations section, select Create New, or select the edit icon for an existing security-check configuration (if exists).
3. In the Configure Security-Check Properties dialog window, select the security check that you want to configure from among the displayed list of available predefined and custom security checks. The dialog window displays a list of the supported properties of your selected security check, their current values, the default values (if they differ from the current values), and their descriptions (if provided). Edit the values that you want to change, and select OK to submit your changes.
  Note: In some cases, the dialog window spawns multiple pages. Use the arrow keys to change pages and see all the supported properties.
You can delete or edit your security-check configuration, at any time, by selecting the relevant action icon for your security check in the security-check configurations table.
Editing the application-descriptor file
1. Create a local copy of the application-descriptor JSON file. See Application configuration.
2. In your local copy of the descriptor file, look for a securityCheckConfigurations object. If the object does not exist, create it. In this object, find or create an object that is named as your selected security check (SecurityCheckName in the following template). Within the security-checks object, add a pair of configuration-property name and value for each available configuration property that you want to configure:
```
"SecurityCheckConfigurations": {
    "SecurityCheckName": {
        "property1Name": "property1Value",
        ["property2Name": "property2Value",
         ...]
       }
    }
}
```
  Example
  The following example sets the values of the maxAttempts and failureExpirationSec properties of a custom UserAuthenticationSC security check to 2 and 60:
```
"SecurityCheckConfigurations": {
    "UserAuthenticationSC": {
        "properties": {
            "maxAttempts": "2",
            "failureExpirationSec: "60"
        }
    }
}
```
3. Deploy your copy of the application-descriptor JSON file to MobileFirst Server. See Application configuration.
You can repeat this procedure, at any time, to customize the security-check configuration. You can also deploy the same descriptor file to other instances of MobileFirst Server on which the same application is registered, or reuse relevant portions of the configuration in other application-descriptor files.

Results

After completing the configuration changes, you can see in the Security-Check Configurations table on the application Security console page a list of the properties that you configured and their current and default values. In addition, you can see your property configurations in the application descriptor: in the console, go to the application Configuration Files tab. In the Application-Descriptor JSON File section, you can see a copy of the application-descriptor JSON file. Search for the name of the configured security check within the securityCheckConfigurations object. The nested security-check object should contain the names and values of your configured properties. In the following template, replace SecurityCheckName with the name of the security check that you configured:

"SecurityCheckConfigurations": {
    "SecurityCheckName": {
        "property1Name": "property1Value",
        ["property2Name": "property2Value",
         ...]
       }
    }
}