Configuring runtime adapter security-check properties

Learn how to configure adapter security-check properties for a specific MobileFirst Server instance.

About this task

The definition of a custom security check exposes zero or more configuration properties, and defines their default values. You can see the security-check definitions of an adapter that is deployed to MobileFirst Server in the server's copy of the adapter-descriptor XML file. See Defining security checks. The security-check configuration that is set in the definition applies to all instances of MobileFirst Server to which you deploy the adapter that defines the security check. Follow the outlined procedure to dynamically customize the security-check configuration for a specific instance of MobileFirst Server, without changing the original security-check definition, or having to redeploy the adapter.

Note: Runtime adapter customizations of the security-check configuration properties are defined in the adapter runtime-configuration JSON file.

Procedure

Customize the adapter configuration of your selected security check for a specific instance of MobileFirst Server by using one of the following methods:

Using IBM MobileFirst™ Platform Operations Console (the console)
1. In the Adapters section of the console's navigation sidebar, select the adapter that defines the security checks that you want to configure, and then select the Security Checks tab. You can see a list of all the security checks that are defined in the selected adapter. For each security check, you can select View to see a list of the security check's properties and their current values, the default values from the security-check definition (when the default differs from the current value), and the property description (if provided in the definition).
2. Change the values of the properties that you want to customize for this MobileFirst Server instance. Then select Save at the end of the security-check's properties list.
  You can always restore the original property configuration values of the security-check definition by selecting Restore Default Values.
Editing the adapter runtime-configuration file
1. Create a local copy of the adapter runtime-configuration JSON file. You can use either of the following methods to copy the content of the file, and then paste it into a local file:
  - In the Adapters section of the MobileFirst Operations Console navigation sidebar, select the adapter that defines the security checks that you want to configure, and then select the Configuration Files tab. The content of the runtime-configuration file is displayed in the Adapter Runtime-Configuration JSON File section. You can use the file-copy icon next to the displayed file to copy the content.
  - Run the show user-config command of the mfpadm command-line program or Ant task.
2. In your local copy of the configuration file, look for a securityCheckDefinitions object within the adapter object. If the object does not exist, create it. In this object, find or create an object that is named as your selected security check (SecurityCheckName in the following template):
```
"securityCheckDefinitions": {
    "SecurityCheckName": {
        }
    }
}
```
3. In your security-check object (SecurityCheckName), find or add a properties object. For each available configuration property that you want to configure, add within the properties object a pair of configuration-property name and value:
```
"securityCheckDefinitions": {
    "SecurityCheckName": {
        "properties": {
            "property1Name": "property1Value",
            ["property2Name": "property2Value",
             ...]
        }
    }
}
```
  Example
  The following example sets the values of the maxAttempts and failureExpirationSec properties of a custom UserAuthenticationSC security check to 4 and 90:
```
"securityCheckDefinitions": {
    "UserAuthenticationSC": {
        "properties": {
            "maxAttempts": "4",
            "failureExpirationSec: "90"
        }
    }
}
```
4. Deploy your copy of the adapter runtime-configuration JSON file to MobileFirst Server. You can do this by running the set user-config command of the mfpadm command-line program or Ant task.
You can repeat this procedure, at any time, to customize the security-check configuration. You can also deploy the same configuration file to other instances of MobileFirst Server on which the same adapter is deployed, or reuse relevant portions of the configuration in other adapter configuration files.

Results

After completing the configuration changes, you can see your defined property values in the console, both in the adapter Security Checks page and in the Adapter Runtime-Configuration JSON File section on the adapter Configuration Files page.
If you select to customize the configuration of the same security check for a specific application, the console displays your customized property values as the default values for the application configuration. See Configuring application security-check properties.