Mobile Re-Provision How to Guide
From Swivel Knowledgebase Wiki
Overview
For the Mobile Provision user guide see Mobile Provision User Guide
A Mobile Phone user may request a Mobile Provision Code to allow their Mobile Phone Client to download security strings. The Reset Utility provides additional functionality of a self provision and re-provision of mobile clients. This document outlines how to configure the reset.war utility that provides Mobile Phone Provision and Re-Provision.
Mobile Provision, Re-Provision and ResetPIN software
The ResetPIN software can be downloaded from here
Installing ResetPIN
ResetPIN is already installed on the Appliances in the webapps2 folder. If it is appliance version 2.0.12 or earlier then the ResetPIN software will need to be upgraded, see ResetPIN upgrade for PINsafe 3.8 How To Guide.
To install extract from the zip file and copy the resetpin.war file to the webapps or for appliances the webapps2 folder. It will automatically deploy when Tomcat is running.
Connecting to Provision
Appliance: https://IP:8443/resetpin/provision.jsp
software install: http://IP:8080/resetpin/provision.jsp
Configuring PINsafe to allow Mobile Re-Provision
PINsafe must be configured to allow the Mobile Re-Provision utility. On the PINsafe Administration console select Policy/Self-Reset then Allow User self-provision of mobile client: to Yes
Default Configuration files
On an appliance the file is located at:
/usr/local/apache-tomcat-5.5.20/webapps2/resetpin/WEB-INF/settings.xml
The configuration of ResetPIN is in the file settings.xml with the following default values
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> <properties> <entry key="ssl">false</entry> <entry key="server">localhost</entry> <entry key="port">8181</entry> <entry key="context">pinsafe</entry> <entry key="secret">secret</entry> <entry key="redirect">http://www.swivelsecure.com</entry> </properties>
ResetPIN options explained
The options configure both ResetPIN and the Re-Provision.
ssl: true/false, for communication between ResetPIN and the PINsafe server
server: the PINsafe server hostname for IP address, for communication between ResetPIN and the PINsafe server
port: the port used to communicate with the PINsafe server for IP address, for communication between ResetPIN and the PINsafe server. For software installations use 8080, for appliances where webapps2 is used, the port 8181 should be used.
context: the install name of the PINsafe application, usually pinsafe for IP address, for communication between ResetPIN and the PINsafe server
secret: the shared secret, must also be entered under Server/Agent on the PINsafe console for IP address, for communication between ResetPIN and the PINsafe server
redirect: redirects on completion of ResetPIN, remove the line for no redirect, this must be an address uses can get to
Mobile Re-Provision Sample
Browse to the Provision link
Enter username
Click on Provision
User should receive by their pre-defined transport method a Mobile Provision Code to be entered on the Mobile Phone Applet
Example: Mobile provision code: 4835607192
Known Issues
Troubleshooting Mobile Re-provision
Check the PINsafe logs
Agent Error Message: Provision Code failedAGENT_ERROR_PROVISION_DISABLED
PINsafe log message: Provision code failed for user "username", AGENT_ERROR_PROVISION_DISABLED
The self Provision is not enabled. On the PINsafe Administration Console select Policy/Self-Reset then Allow User self-provision of mobile client: to Yes
