For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.

Configure application security-check properties

Learn how to customize the security-check configurations for a specific application version.


We can make application-specific changes to the default values of any predefined or custom security-check property that is exposed on the same MobileFirst Server instance as your application. The documentation of the predefined security checks lists the properties that are supported for each check, and their default values. See Predefined MobileFirst security checks. For custom security checks, the basic configuration is defined in the adapter descriptor file, and can be overridden for a specific server instance in the adapter runtime-configuration file. See Security-checks configuration. In addition, for the custom security checks the MobileFirst security framework provides an application-specific property for enabling device SSO. See device single sign-on (SSO) to share the state of a security check among multiple applications on the same device.">Configuring device single sign-on (SSO). The IBM MobileFirstâ„¢ Platform Operations Console for our MobileFirst Server instance displays the available security checks and their properties, including the property values, default values, and descriptions (if provided in the definition). Follow the outlined procedure to customize the property values for our application.

Note: Application customizations of the security-check configuration properties are defined in the application-descriptor JSON file. See Application configuration.


Configure the security checks that are used by your application by using one of the following alternative methods:


After completing the configuration changes, we can see in the Security-Check Configurations table on the application Security console page a list of the properties that you configured and their current and default values. In addition, we can see your property configurations in the application descriptor: in the console, go to the application Configuration Files tab. In the Application-Descriptor JSON File section, we can see a copy of the application-descriptor JSON file. Search for the name of the configured security check within the securityCheckConfigurations object. The nested security-check object should contain the names and values of your configured properties. In the following template, replace SecurityCheckName with the name of the security check that you configured:

"SecurityCheckConfigurations": { "SecurityCheckName": { "property1Name": "property1Value", ["property2Name": "property2Value", ...] } } }

Parent topic: Security-checks configuration