Login
    Contents x
    Configuring and Deploying Access Broker
      • Print
      • PDF
      Contents

      Configuring and Deploying Access Broker

        • Print
        • PDF
        Article summary

        Make sure to go over the Prerequisites before configuring and installing a broker.

        Configure Access Broker on UI

        1. Log in to your Britive tenant.

        2. In the Admin →  Brokers and Broker Pools → Broker Pools section:

          1. Create a broker pool using the steps mentioned here. This is a mandatory step even if there is a single Access Broker. A broker pool can have a single or multiple accesses.

          2. Click on Actions on the Broker Pools tab and create a broker pool token from the Broker Pool Token tab. This is required for the config.yaml file to connect the broker to the broker pool.

        3. In the AdminResource ManagerResource Types section:

          1. Create a resource type. For more information, see Resource Types.

          2. Click Action, and then go to the Permissions section to create a permission. In this use case, the script is saved and executed from the Access Broker machine/server; hence, the check-in and checkout commands fields on the Permissions page are empty.

        4. In the Resource ManagerProfile Management section:

          1. Create a profile and assign it to the user who would have access to check out this profile.

          2. Select all the default options for the policy and assign a user/member who can execute this in the Policies tab.

        Access Broker Installation and Configuration

        Download and Install Access Broker

        1. The Access Broker software package can be downloaded from the Britive UI. For more information, see Downloading and Installing Broker.

        2. The following folders are created after installing a broker:

          1. bootstrap (to keep files such as broker-name-generator.sh. This script is optional)

          2. cache

          3. config (broker yml config file. The broker gets the configuration, script name, etc. from this file to execute.)

          4. scripts (scripts to control and manage checkout and checkin permissions)

        Configure Access Broker

        Broker Name Generator Script

        It is best practice to dynamically generate the Britive Access Broker name based on something unique to the system on which the broker is running. For lab testing, a static name could be used. In production or at scale deployment, a static name could pose problems.

        In our example, the broker name is picked up from the output of this script.

        Access Broker YAML Configuration File

        The broker-config.yml template file is provided as part of the installation. Rename and keep that file in the folder. Now, create a new file with the same name and copy and paste the following into the broker-config.yml.

        config:
  bootstrap:
     tenant_subdomain: netJoints
     authentication_token: jSn3Tj0inTs5XjheDd4ceK04R0zKShaHzadAlin=
     broker_name_generator: broker-name-generator.sh

resource_types:
  HelloBritive-Resource-Type:
    HelloBritive-Permission:
      max_supported_version: local
      checkout_script: /Users/shahzadali/britive-broker-scripts/checkout_hello_britive_script.sh
      checkin_script: /Users/shahzadali/britive-broker-scripts/checkin_hello_britive_script.sh

        Access Broker UI to YAML\ File Mapping

        The mapping of fields from UI to YAML config file is key to successfully executing scripts. Configure the UI part first, and then update the broker config file.

        In the above broker-config.yaml file, note the resource_types section. The resource type and associated permissions are created using the Configuring Access Broker using UI.

        Test Checkout and Checkin Scripts

        Copy the following test scripts in the folder of your choice and make sure to provide the full path with execution rights.

        checkout_hello_britive_script.sh

        #!/bin/bash
echo "Hello Britive World. JIT permission checkout completed  successfully"

        checkin_hello_britive_script.sh

        #!/bin/bash
echo "Hello Britive World. JIT permission checkin completed  successfully"

        Start Access Broker Software

        $ java -jar britive-broker-0.1.3.jar > britive-access-broker.log

        The active broker is displayed on the AdminBrokers and Broker PoolsBrokers page.

        Checkout and Checkin Testing

        Checkout

        For more information about how to check out a profile, see My Access.

        Check in

        Checkin does not show any output on the screen. If you don’t get any error on the UI, then it means it is working fine.

        Was this article helpful?
        What's Next

        © 2024 Britive Inc. All Rights Reserved.

        Change password!
        Changing your password will log you out immediately. Use the new password to log back in.
        Change profile
        Success!
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.
        Logout