Home
MATRIXX Security
Application Security
Application security includes configuring web applications and gateways.
Configuring MATRIXX Backoffice Customer Tool Security
MATRIXX Backoffice Customer Tool leverages the Spring Security Framework.
Configure MATRIXX Backoffice Customer Tool for LDAP Authentication
This example demonstrates a simple LDAP authentication for MATRIXX Backoffice Customer Tool. You configure LDAP authentication for MATRIXX Backoffice Customer Tool in the /opt/mtx/conf/matrixxbct.yaml configuration file.
PKI Certificates for LDAPS
If you are using LDAPS, you must import the customer-provided X.509 digital certificate chain that will be used for user, computer, or identity verification and store the chain inside a Java keystore file.

Welcome
MATRIXX Release Notes
MATRIXX Architecture
MATRIXX Installation and Upgrade
MATRIXX Configuration
MATRIXX Security
- About MATRIXX Security
- Introduction to MATRIXX Cloud Native Security
  The information in MATRIXX Security is best-practice information and identifies MATRIXX-specific security considerations and implementations. For container-specific and Kubernetes security information, see the third-party documentation.
- Cloud Native Security
  The information here addresses cloud native security and includes recommendations for securing your cloud native implementation.
- Managing Certificates
  MATRIXX uses certificates signed by a trusted certificate authority, or validated by other means, to establish secure communications with another party with the corresponding private key.
- Enabling Transport Layer Security
  Transport Layer Security (TLS) provides secure internet connections by encrypting data sent between a browser, a website, and the website server to ensure that data is transmitted privately.
- Network Security
  Network zones are stacked with increasing proximity to the open internet or DMZ. Each zone is traversed by ingress and egress points through an application or server, with appropriate authentication and authorization for connecting system traffic.
- Application Security
  Application security includes configuring web applications and gateways.
  - Tracking Client Information
    For auditing and tracking purposes, Event Detail Records (EDRs) can include security information included in SubMan API requests or information can be derived from the client making the request.
  - Password Encoding
    MATRIXX applications support md5 and Spring Framework supported password encodings.
  - Configuring and Customizing My MATRIXX Security
    My MATRIXX leverages the Spring Security Framework. This section describes a sample Spring Security implementation that authenticates with the default My MATRIXX web app or with an LDAP directory.
  - Configuring MATRIXX Backoffice Customer Tool Security
    MATRIXX Backoffice Customer Tool leverages the Spring Security Framework.
    - MATRIXX Backoffice Customer Tool Access Control
      MATRIXX Backoffice Customer Tool can be deployed on the same server as the other web apps or on a remote server that communicates with MATRIXX Engine through Gateway Proxy and RS Gateway.
    - Configure MATRIXX Backoffice Customer Tool for LDAP Authentication
      This example demonstrates a simple LDAP authentication for MATRIXX Backoffice Customer Tool. You configure LDAP authentication for MATRIXX Backoffice Customer Tool in the /opt/mtx/conf/matrixxbct.yaml configuration file.
      - PKI Certificates for LDAPS
        If you are using LDAPS, you must import the customer-provided X.509 digital certificate chain that will be used for user, computer, or identity verification and store the chain inside a Java keystore file.
    - Define the MATRIXX Backoffice Customer Tool Users
      Access to MATRIXX Backoffice Customer Tool is restricted by the matrixxbct_users.yaml file. Users must be defined in this file before they can access MATRIXX Backoffice Customer Tool. For information about defining users when using a third-party identity and access management application, see the discussion about OAuth 2.0 identity and access management.
    - Configure MATRIXX Backoffice Customer Tool Roles
      You can configure MATRIXX Backoffice Customer Tool roles to add or remove permissions for each role.
    - Default MATRIXX Backoffice Customer Tool Security File
      The following code shows the default /WEB-INF/matrixx-security-app-context.xml security context file.
  - Configuring Active Directory LDAP Authentication
    MATRIXX supports Active Directory LDAP authentication using the Active Directory-specific ActiveDirectoryLdapAuthenticationProvider in Spring security.
  - Application Security Checklist
    The following is a list of best practices for application deployment.
  - SNMP User-Based Security Model V3
    In the configuration file for the component for which you are gathering statistics, configure the parameters listed in security/c_snmp_security.html#concept_fd3_sbr_3qb__table_l1d_3cr_3qb.
- Database Security
  Depending on your MATRIXX environment, you can use multiple external databases.
- OAuth 2.0 Identity and Access Management
  MATRIXX supports third-party identity and access management application integration.
MATRIXX Integration
MATRIXX Diameter Integration
MATRIXX Call Control Framework Integration
MATRIXX TM Forum Integration
MATRIXX 5G Integration
MATRIXX 5G Event Streaming
MATRIXX Event Streaming
MATRIXX Administration
MATRIXX Web App Administration
MATRIXX Monitoring and Logging
MATRIXX Policy
MATRIXX Kafka CDR Consumer
MATRIXX Pricing and Rating
MATRIXX Pay Now
MATRIXX Subscriber Management
MATRIXX Subscriber Management API
MATRIXX Business API SDK
My MATRIXX Help
MATRIXX Backoffice Customer Tool Help
MATRIXX Third-Party Licenses
Glossary

PKI Certificates for LDAPS

If you are using LDAPS, you must import the customer-provided X.509 digital certificate chain that will be used for user, computer, or identity verification and store the chain inside a Java keystore file.

When a client connects to the LDAPS server, the server should send the whole certificate chain (including the server certificate and root Certificate Authentication (CA) certificate). The entire certificate chain should be stored in the Java keystore file.

Import the certificate chain as follows:

keytool -import -v -trustcacerts -alias ldaps -file ldap_server.crf -keystore /opt/mtx/conf/keystore.jks

where ldap_server.crf is the signed certificate for the LDAPS server.

Then update the /etc/default/mtx_matrixxbct file as follows:

export MTX_MATRIXXBCT_START_ARGS=" -j  -Djavax.net.ssl.trustStore=/opt/mtx/conf/keystore.jks"

Note: You must restart the MATRIXX Backoffice Customer Tool for the changes to take effect.