ibmcom/verify-bridge
Future images have moved to the IBM Container Registry (docker://icr.io/isv-saas/verify-bridge:latest, version 1.0.13.1). https://cloud.ibm.com/docs/Registry?topic=Registry-getting-started
The IBM Security Verify Bridge establishes connectivity from IBM Cloud environment to on premises and thus providing:
The main connection between the Verify Bridge and the IBM® Security Verify tenant employs either an HTTP or an HTTPS Long-Poll. This connection is initiated by the Verify Bridge and requires an authorized access token which the Bridge obtains during startup and refreshes periodically. After the long-poll connection is established, traffic flows from Verify to the Verify Bridge.
docker pull ibmcom/verify-bridge:latest
docker run --rm ibmcom/verify-bridge:latest license
Note : It is mandatory to accept the license for deploying IBM Security Verify Bridge with [parameter - LICENSE_ACCEPT: "yes"] in docker-compose.yml file.
version: "3"
services:
verify-bridge:
image: ibmcom/verify-bridge:latest
container_name: verify-bridge
environment:
TRACE: "false"
LICENSE_ACCEPT: "yes"
TENANT_URI: "<tenantURL>"
CLIENT_ID: "<clientID>"
OBF_CLIENT_SECRET: "<obfClientSecret>"
restart: always
Note: Update TENANT_URI, CLIENT_ID, OBF_CLIENT_SECRET and optionally adding TENANT_PROXY with appropriate values that will be generated once the agent configuration is done in IBM Security Verify configuration panel. OBF_CLIENT_SECRECT can be generated by encrypting the CLIENT_SECRET using
docker run -e "LICENSE_ACCEPT=yes" --rm ibmcom/verify-bridge:latest obfuscate "<clientSecret>"
For example:
docker run -e "LICENSE_ACCEPT=yes" --rm ec014e9d24a7 obfuscate "passw0rd"
INFO: Found end user license acceptance.
ccxDMMPSE62AYi3o7y+cNCE+xCtTLOyEHZ5MCw4IUzA=
The final line of output contains the obfuscated secret value, , for OBF_CLIENT_SECRET.
For backward compatibility the CLIENT_SECRET environment variable with the clear text value is supported as an alternative to OBF_CLIENT_SECRET.
TENANT_PROXY is optional environment value that allows the tenant to be accessed via a proxy server. The proxy type is determined by the proxyURL scheme. "http", "https", and "socks5" are supported.
docker-compose -f docker-compose.yml up -d
docker stop verify-bridge
docker rm verify-bridge
docker-compose -f docker-compose.yml pull
docker-compose -f docker-compose.yml up -d
docker ps
docker logs -f verify-bridge
docker pull ibmcom/verify-bridge