ibmcom/verify-bridge

By ibmcom

Updated over 2 years ago

IBM Security Verify Bridge

Image
2

100K+

Future images have moved to the IBM Container Registry (docker://icr.io/isv-saas/verify-bridge:latest, version 1.0.13.1). https://cloud.ibm.com/docs/Registry?topic=Registry-getting-started

IBM Security Verify Bridge

The IBM Security Verify Bridge establishes connectivity from IBM Cloud environment to on premises and thus providing:

  • Access to on premises LDAP authentication and user attributes from IBM Cloud components.
  • Management of on-premises endpoints by assisting in provisioning and reconciliation.
  • Future expandability to on premises resources through external module support.

The main connection between the Verify Bridge and the IBM® Security Verify tenant employs either an HTTP or an HTTPS Long-Poll. This connection is initiated by the Verify Bridge and requires an authorized access token which the Bridge obtains during startup and refreshes periodically. After the long-poll connection is established, traffic flows from Verify to the Verify Bridge.

System requirements:
  • CPU: Four cores reserved.
  • System memory: 8 GB reserved.
  • Disk space: At least 50 GB free hard disk space
  • Operating System: Linux based operating system having support for Linux based containers. See https://docs.docker.com/install/.
  • Docker engine 17.05.0-ce or higher.
  • Docker Compose: See https://docs.docker.com/compose/install/.
  • Must: Connectivity to a IBM® Security Verify tenant with Identity Governance subscription.
Deploying IBM Security Verify Bridge:
  1. Pull the image from the docker hub to View the license.
docker pull ibmcom/verify-bridge:latest

docker run --rm  ibmcom/verify-bridge:latest license

Note : It is mandatory to accept the license for deploying IBM Security Verify Bridge with [parameter - LICENSE_ACCEPT: "yes"] in docker-compose.yml file.

  1. Create a file docker-compose.yml with the following content:
version: "3"
services:
    verify-bridge:
         image: ibmcom/verify-bridge:latest
         container_name: verify-bridge
         environment:
                TRACE: "false"
                LICENSE_ACCEPT: "yes"
                TENANT_URI: "<tenantURL>"
                CLIENT_ID: "<clientID>"
                OBF_CLIENT_SECRET: "<obfClientSecret>"
         restart: always

Note: Update TENANT_URI, CLIENT_ID, OBF_CLIENT_SECRET and optionally adding TENANT_PROXY with appropriate values that will be generated once the agent configuration is done in IBM Security Verify configuration panel. OBF_CLIENT_SECRECT can be generated by encrypting the CLIENT_SECRET using

docker run -e "LICENSE_ACCEPT=yes" --rm ibmcom/verify-bridge:latest  obfuscate "<clientSecret>"

For example:

docker run -e "LICENSE_ACCEPT=yes" --rm ec014e9d24a7 obfuscate "passw0rd"
INFO: Found end user license acceptance.
ccxDMMPSE62AYi3o7y+cNCE+xCtTLOyEHZ5MCw4IUzA=

The final line of output contains the obfuscated secret value, , for OBF_CLIENT_SECRET.

For backward compatibility the CLIENT_SECRET environment variable with the clear text value is supported as an alternative to OBF_CLIENT_SECRET.

TENANT_PROXY is optional environment value that allows the tenant to be accessed via a proxy server. The proxy type is determined by the proxyURL scheme. "http", "https", and "socks5" are supported.

  1. Run the following commands to deploy the IBM Security Verify Bridge:
docker-compose -f docker-compose.yml up -d
  1. If you are upgrading, run the following commands:
docker stop verify-bridge

docker rm verify-bridge

docker-compose -f docker-compose.yml pull

docker-compose -f docker-compose.yml up -d
  1. Verify the containers have started properly by typing the following command and observe the state of the container by executing the following command:
docker ps
  1. For viewing of logs and troubleshooting, execute a command:
docker logs -f  verify-bridge

Docker Pull Command

docker pull ibmcom/verify-bridge