Overview

For the Mobile Provision user guide see Mobile Provision User Guide

A Mobile Phone user may request a Mobile Provision Code to allow their Mobile Phone Client to download security strings. The Swivel Helpdesk or Administrator can send the user a Site ID email or SMS message from Swivel version 3.9.7.

The User Portal and Reset Utility provide additional functionality of a self provision and re-provision of mobile clients. This document outlines how to configure the reset.war utility that provides Mobile Phone Provision and Re-Provision. Use of the User Portal should be considered over the ResetPIN and Re-Provision utility.

Also see Mobile Provision Code

Mobile Provision, Re-Provision and ResetPIN software

The ResetPIN software can be downloaded from here

Installing ResetPIN

ResetPIN is already installed on the virtual or hardware Appliances in the webapps2 folder. If it is virtual or hardware appliance version 2.0.12 or earlier then the ResetPIN software will need to be upgraded, see ResetPIN upgrade for PINsafe 3.8 How To Guide.

To install extract from the zip file and copy the resetpin.war file to the webapps or for virtual or hardware appliances the webapps2 folder. It will automatically deploy when Tomcat is running.

Connecting to Provision

Virtual or hardware appliance: https://IP:8443/resetpin/provision.jsp

software install: http://IP:8080/resetpin/provision.jsp

Configuring PINsafe to allow Mobile Re-Provision

Swivel must be configured to allow the Mobile Re-Provision utility. On the Swivel Administration console select Policy/Self-Reset then Allow User self-provision of mobile client: to Yes

Send provision code as security string: Yes/No. If set to Yes, then the users provision code will be sent by their security string transport instead of their Alert transport.

Default Configuration files

On a virtual or hardware appliance the file is located at:

/usr/local/apache-tomcat-5.5.20/webapps2/resetpin/WEB-INF/settings.xml

The configuration of ResetPIN is in the file settings.xml with the following default values

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
 <properties>
 <entry key="ssl">false</entry>
 <entry key="server">localhost</entry>
 <entry key="port">8181</entry>
 <entry key="context">pinsafe</entry>
 <entry key="secret">secret</entry>
 <entry key="redirect">http://www.swivelsecure.com</entry>
 </properties>

ResetPIN options explained

The options configure both ResetPIN and the Re-Provision.

ssl: true/false, for communication between ResetPIN and the Swivel server

server: the Swivel server hostname for IP address, for communication between ResetPIN and the Swivelserver

port: the port used to communicate with the PINsafe server for IP address, for communication between ResetPIN and the Swivel server. For software installations use 8080, for virtual or hardware appliances where webapps2 is used, the port 8181 should be used.

context: the install name of the Swivel application, usually pinsafe for IP address, for communication between ResetPIN and the Swivel server

secret: the shared secret, must also be entered under Server/Agent on the Swivel console for IP address, for communication between ResetPIN and the Swivel server

redirect: redirects on completion of ResetPIN, remove the line for no redirect, this must be an address uses can get to

Mobile Re-Provision Sample

Browse to the Provision link

Enter username

Click on Provision

User should receive by their pre-defined transport method a Mobile Provision Code to be entered on the Mobile Phone Applet

Example: Mobile provision code: 4835607192

Known Issues

Troubleshooting Mobile Re-provision

User not set

No username has been entered under options. Enter the username and retry.

Check the Swivel logs

Agent Error Message: Provision Code failedAGENT_ERROR_PROVISION_DISABLED

Swivel log message: Provision code failed for user "username", AGENT_ERROR_PROVISION_DISABLED

The self Provision is not enabled. On the Swivel Administration Console select Policy/Self-Reset then Allow User self-provision of mobile client: to Yes