MobileFirst security overview
MobileFirst security basics
Authentication elements hierarchy:
- Security test
- A security test is a set of tests used to protect a resource, such as an adapter procedure or application environment. A test includes information about which realm is required to authenticate and other parameters, such as authentication order. A protected resource is accessible only after the client authenticates to all of the tests specified in the security test. If the client is unable to log in to all tests, the request to access the protected resource is denied. Individual adapter procedures or an entire application environment can be protected by a security test. For more information about security tests and the different types of security tests, see Security tests.
- Realm
- A realm creates a relationship between a MobileFirst login module and a MobileFirst authenticator to provide a means of authentication. For more information about realms, see Authentication realms.
- Authenticator
- An authenticator parses incoming requests from a MobileFirst client to search for required credentials when a protected resource is requested. If credentials are not available in the request, the authenticator is responsible for challenging the client to authenticate. The credentials, after received correctly from the client, are formatted to the login module's predefined requirements and sent to the login module. For more information about authenticators, see Authenticators and login modules.
- Login module
- After an authenticator is able to parse credentials from a request, they are sent to a login module that is responsible for validating those credentials. After the credentials are considered valid and the user can be authorized, the login module creates a user identity for the realm. For more information about login modules, see Authenticators and login modules.
- User identity
- After a login module successfully validates a set of user credentials, it creates a user identity. A user identity contains at least a user name and a display name. It can also contain attributes that provide more details the protected resource might need.
- Challenge handlers
- A challenge handler is the client-side JavaScript that is included into a MobileFirst application created by the developer. A challenge handler handles an authentication challenge from the server. A challenge handler can be defined for each realm, and is responsible for the following tasks:
- Determine whether a request is an authentication challenge specific to the realm.
- Perform necessary user interaction if it receives a challenge.
- Send the credentials to the server to complete the authentication.
- Validate that the authentication was successful.
- Determine whether a request is an authentication challenge specific to the realm.
- MobileFirst security configuration
For MobileFirst Server to protect a resource, such as an adapter procedure or an application environment, the administrator must first configure the MobileFirst Server instance. - MobileFirst Security and LTPA
Lightweight Third-Party Authentication (LTPA) is a security token type used by IBM WebSphere Application Server and other IBM products. LTPA can be used to send the credentials of an authenticated user to backend services. It can also be used as a single sign-on (SSO) token between the user and multiple servers. - Configure the MobileFirst Server for Trusteer
Configure the MPF Server to use Trusteer -generated data to protect resources. - Access Trusteer risk assessment
Access Trusteer risk assessment to add Trusteer protection on the client side. - Supported configurations for LTPA
IBM MobileFirst Platform Foundation supports different configuration options to take advantage of LTPA, based on the server configuration and administrative requirements. - Advanced security features
IBM MobileFirst Platform Foundation supports more features that can use LTPA in advanced scenarios, such as user certificate authentication and role-based authentication. - Topologies and use cases
IBM MobileFirst Platform Foundation supports various infrastructure topologies for a set of requirements that can take advantage of LTPA or MobileFirst security.
Parent topic: Deploy MobileFirst applications to test and production environments