Configuring MobileFirst Foundation 8.0 on Bluemix with on-prem custom registry for application authentication
Vinod Appajanna December 05, 2016MobileFirst_Foundation Authentication WebDAV Security
This article walks you through on how a Bluemix liberty app (in particular Mobile foundation) connects to a on premise filebased user repository that is published as a WebDAV resource for authentication.
Basically WebDAV is a set of extensions to the HTTP protocol which allows users to collaboratively edit and manage files on remote web servers. One can access or share the files remotely over the Internet. This can be extended not just for authentication (as explained in this blog) but also for sharing the content across the liberty app instances.
See in action
Here is a YouTube demo that shows how to create/add a custom user registry as a liberty feature, configure a secure gateway & WebDAV for liberty app and login to the registry. I have also briefed the steps that are part of video in the below sections. If you want to skip some sections in the video and move directly to a particular section then you can do so by clicking the [video clip] links.
Full Video Demo - Bluemix liberty app authenticating with on-prem custom userregistry
Create a Custom User registry as liberty feature
- Prerequisite (installations):
- Install Libety buildtools/WebSphere Application developer tools in the eclipse
- Install “WAS Liberty with OSGI Application” in the eclipse
- Create a OSGi Bundle project [video clip]
Import the following packages as a dependency in OSGi bundle project
com.ibm.websphere.security com.ibm.websphere.security.cred org.osgi.framework org.osgi.service.cm
- Copy the sample Activator.java and FileRegistrySample.java to the project
- Create a new liberty Feature and export the bundles created above as .esa file.
- Install the feature to Liberty server [video clip]
- cd “liberty-bin-dir” eg:
sudo ./featureManager install CustUserRegWebDavFeature.esa
- Optional (to uninstall a feature):
sudo ./featureManager uninstall CustUserRegWebDavFeature
- cd “liberty-bin-dir” eg:
- server.xml changes to include the new feature:
<feature>usr:CustUserRegWebDavFeature</feature> <customUserRegistry usersFile="http://cap-sg-stage-5.integration.ibmcloud.com:15217/userregistry/users.props" groupsFile="http://cap-sg-stage-5.integration.ibmcloud.com:15217/userregistry/groups.props"> </customUserRegistry>
So, now we are done with creating the liberty feature and adding it to the server.xml.
Enabling WebDAV on remote machine [video clip]
- Enabling IIS server and WEBDAV on Windows Machine
- Under Windows features turn on the following features
- Internet Information Services
- IIS Management Console
- WebDAV Publishing
- Windows Authentication
- Copy the users and groups file registries and expose the same as a WEBDAV resource.
##Configure Secured Gateway to connect to On-Prem [video clip]
- Create a SG service and add the destination
- On the Client SG
- Connect to the server by entering the SG ID
- Add host and port to the Access list
Update server.xml, prepare, push the liberty app to Bluemix and login [video clip]
- Update the userFile and groupFile attribute to point it to WebDAV resource/Custom user registry
- Zip the App
- Push the App
- Login to the App
Note: To install the app on to Bluemix you need to install cloudfoundry plugin on your system and then login.
Download sample for OSGi Liberty feature
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.