Home
MATRIXX Security
Application Security
Application security includes configuring web applications and gateways.
Configuring and Customizing My MATRIXX Security
My MATRIXX leverages the Spring Security Framework. This section describes a sample Spring Security implementation that authenticates with the default My MATRIXX web app or with an LDAP directory.

Welcome
MATRIXX Release Notes
MATRIXX Architecture
MATRIXX Installation and Upgrade
MATRIXX Configuration
MATRIXX Security
- About MATRIXX Security
- Introduction to MATRIXX Cloud Native Security
  The information in MATRIXX Security is best-practice information and identifies MATRIXX-specific security considerations and implementations. For container-specific and Kubernetes security information, see the third-party documentation.
- Cloud Native Security
  The information here addresses cloud native security and includes recommendations for securing your cloud native implementation.
- Managing Certificates
  MATRIXX uses certificates signed by a trusted certificate authority, or validated by other means, to establish secure communications with another party with the corresponding private key.
- Enabling Transport Layer Security
  Transport Layer Security (TLS) provides secure internet connections by encrypting data sent between a browser, a website, and the website server to ensure that data is transmitted privately.
- Network Security
  Network zones are stacked with increasing proximity to the open internet or DMZ. Each zone is traversed by ingress and egress points through an application or server, with appropriate authentication and authorization for connecting system traffic.
- Application Security
  Application security includes configuring web applications and gateways.
  - Tracking Client Information
    For auditing and tracking purposes, Event Detail Records (EDRs) can include security information included in SubMan API requests or information can be derived from the client making the request.
  - Password Encoding
    MATRIXX applications support md5 and Spring Framework supported password encodings.
  - Configuring and Customizing My MATRIXX Security
    My MATRIXX leverages the Spring Security Framework. This section describes a sample Spring Security implementation that authenticates with the default My MATRIXX web app or with an LDAP directory.
    - Configuring Multi-Tenancy Security
      The following information describes how to configure My MATRIXX security in Keycloak for multi-tenancy. For detailed information about configuring roles in Keycloak, see the Keycloak documentation.
    - Configure My MATRIXX for LDAP Authentication
      Configure simple LDAP authentication for My MATRIXX by specifying values for properties in the /opt/mtx/conf/matrixx.yaml file.
    - Configuring the My MATRIXX Security Warning Message
      My MATRIXX administrators can enable and customize a security warning message that displays when logging into My MATRIXX using the following property found in the matrixx.yaml file located at /opt/mtx/conf/. This property is false by default.
  - Configuring MATRIXX Backoffice Customer Tool Security
    MATRIXX Backoffice Customer Tool leverages the Spring Security Framework.
  - Configuring Active Directory LDAP Authentication
    MATRIXX supports Active Directory LDAP authentication using the Active Directory-specific ActiveDirectoryLdapAuthenticationProvider in Spring security.
  - Application Security Checklist
    The following is a list of best practices for application deployment.
  - SNMP User-Based Security Model V3
    In the configuration file for the component for which you are gathering statistics, configure the parameters listed in security/c_snmp_security.html#concept_fd3_sbr_3qb__table_l1d_3cr_3qb.
- Database Security
  Depending on your MATRIXX environment, you can use multiple external databases.
- OAuth 2.0 Identity and Access Management
  MATRIXX supports third-party identity and access management application integration.
MATRIXX Integration
MATRIXX Diameter Integration
MATRIXX Call Control Framework Integration
MATRIXX TM Forum Integration
MATRIXX 5G Integration
MATRIXX 5G Event Streaming
MATRIXX Event Streaming
MATRIXX Administration
MATRIXX Web App Administration
MATRIXX Monitoring and Logging
MATRIXX Policy
MATRIXX Kafka CDR Consumer
MATRIXX Pricing and Rating
MATRIXX Pay Now
MATRIXX Subscriber Management
MATRIXX Subscriber Management API
MATRIXX Business API SDK
My MATRIXX Help
MATRIXX Backoffice Customer Tool Help
MATRIXX Third-Party Licenses
Glossary

Configuring and Customizing My MATRIXX Security

My MATRIXX leverages the Spring Security Framework. This section describes a sample Spring Security implementation that authenticates with the default My MATRIXX web app or with an LDAP directory.

Note: For information about enabling TLS, see the discussion about enabling Transport Layer Security (TLS).

My MATRIXX administrators can enable and customize a security warning message that displays when logging into My MATRIXX. For more information, see the discussion about configuring the My MATRIXX security warning message.

Default Authentication

The Spring Security Framework can be used to enable different types of authentication, including X509 public key certificates and LDAP authentication.

Note: For more information about X509 support, see the discussion about authentication with X509 certificates in MATRIXX Security.

By default, MATRIXX web apps use passwords encrypted with a MATRIXX encoding algorithm to authenticate users and establish web sessions. The default encoding algorithm can be adapted using a custom encoder to allow the continued use of existing passwords in the LDAP implementation. Authentication for My MATRIXX uses the default configuration, and if that authentication attempt fails, the authentication process tries to authenticate using an LDAP server, if one is configured and running, before returning authentication success or failure.

Default authentication is controlled by user definitions that are configured in the My MATRIXX UI.

LDAP Authentication

For information about implementing a simple LDAP authentication for My MATRIXX using the Apache Directory Server™ Software, see the discussion about how to configure My MATRIXX for LDAP authentication.

Filters

The matrixxLoginFilter custom filter handles login requests. It calls a the default Spring Security Framework AuthenticationManager class method, which references the customerManagerLdapProvider method to authenticate users, and then calls the matrixxAuthenticationSuccessHandler, matrixxAuthenticationFailureHandler, and matrixxSessionAuthenticationStrategy methods to handle validation of the authentication. The LDAP implementation for this service binds to the LDAP server using the username and password provided in the URL. If the bind is successful, all the groups where the user is a member are identified and the role name is obtained.