SSD
Contents
Overview
Swivel Mobile Clients allow security strings to be provided for remote authentication. The Swivel server details can be automatically configured through the use of a Site ID or Server ID which will then pull the settings for their Swivel server from the Swivel Server Details (SSD) allowing them to enter their username and a Mobile Provision Code. This service is provided to all Swivel customers with a valid maintenance agreement.
Prerequisites
Swivel Mobile Phone Client with Server ID option.
Swivel > 3.9.6
In order for the Security Strings or OTC to be downloaded from the Swivel server then the Swivel server needs to be accessible usually through a Network Address Translation or Proxy.
SSD server settings
Requesting a Site ID
To configure the SSD server the following information must be provided to Swivel Secure Support (supportdesk@swivelsecure.com):
| Attribute | Example Settings |
|---|---|
| Instance Name | Your Company Name |
| Hostname | Public IP/Hostname |
| SSL | Yes |
| Port | 443 |
| Context | proxy |
| Push | Yes |
Instance Name A descriptive name, example Acme Company
Hostname The Webservice URL, being Swivel Server hostname as accessible by mobile clients, example swivel.acme.com
SSL If SSL is enabled or not. A typical test install may have a self signed certificate, so may need to set the Swivel server to use a non SSL connection with HTTP over port 443 or 8443.
Port The web service port used by the client to connect to the Swivel server. For a Swivel virtual or hardware appliance this is usually 8443, for a software install it is usually 8080. Port address translation may allow different ports to be used. For Port Address Translation on Swivel hardware or virtual appliances see PAT
Context The installation name of the Swivel application, the web service context. For a Swivel virtual or hardware appliance this is usually proxy, for a software install it is usually pinsafe.
Push This is used by mobile clients to use the OneTouch Mobile, if it isnot specified then it will default to No.
You will then receive a Site ID which can be sent to users to automatically enter these fields on their Mobile Phone Client.
Configuring the Swivel Server
After submitting the SSD settings to Swivel, enter the returned Site ID under Server/Name
Sending the Site ID to users
Swivel version 3.9.6 onwards allows the Site ID to be sent to the users as part of an automated provisioning service, and can be sent as a number or as a link, see Provision URL.
The Site ID can be sent to the user upon account creation or as part of their Provision process.
Transport Message settings
Each transport has the following fields from Swivel version 3.9.7 onwards for Provisioning and may be edited as required:
Site Id subject: The Site Id subject
Site Id body: The Site Id message body
The default message is:
Server Id: %SITE_ID To get the server settings automatically click the following URL: %URL_SETTINGS%SITE_ID
Where %SITE_ID is the site ID information and %URL_SETTINGS the Site ID URL for the Provision URL.
For older versions prior to 3.9.7, it can be entered manually.
The Credentials alert message: or Mobile Provision Message: can be configured to add the Site ID. Also the URL for the Mobile Provision Code could be added, see Mobile Re-Provision How to Guide
Use %SITE_ID to specify the Site ID entered into the Swivel server.
Your new PINsafe credentials are:%CR%LFUsername: %NAME%CR%LFPassword: %PASSWORD%CR%LFPIN: %PIN %CR%LFSite ID %SITE_ID Site ID 1234567890 %CR%LF Mobile provision code: %CODE
For version 3.9.5 the Site ID must be entered manually
Your new PINsafe credentials are:%CR%LFUsername: %NAME%CR%LFPassword: %PASSWORD%CR%LFPIN: %PIN %CR%LFSite ID 1234567890 Site ID 1234567890 %CR%LF Mobile provision code: %CODE
Mobile Phone Clients
SSD Client Server ID
On the Mobile Phone client select Settings, ensure the Swivel version is 3.8 and above, then select Get Server Settings and enter the Server ID, then click on Done.
Testing
Enter Server ID information into mobile phone client, and ensure server details are correct.
Known Issues
Troubleshooting
Is the provision request reaching the Swivel server, check the Swivel logs.
Is a SSL connection being specified for a non SSL sever, this can be verified using tcpdump and monitoring the connection:
tcpdump -i eth0 port 443
tcpdump -i eth0 port 8443
