[VIP] Setting up VIP Streaming Service

book

Article ID: 224456

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

Follow the full steps below to configure VIP Streaming Service

Environment

Release : 1.0

Component : VIP

Resolution

Before you proceed, you must ensure the VIP Streaming Service is "Enabled" and also "Activated".

To confirm if the Streaming Service is already Enabled, perform the following.
     a. Download VIP Certificate from VIP Manager.

     b. Use openssl to conver the p12 file to PEM format.
         openssl pkcs12 -in vip_cert.p12 -out vip_cert.pem -nodes
         You will be asked to enter the privatekey's passphrase.
         This should create "vip_cert.pem" which should contain the private key AND the certificate.
         The private key is not encrypted anymore so it does not require passphrase.
         Please confirm the vip_cert.pem do contain both. If for some reason you only find the privatekey then manually add the certificate(PEM format) to it.

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3zj3g2WH7illB
EmljQ0J8hsALX4Fd21az/ap4qHB61tvedWkR87EEMzDk8H0ptk64YtgYPbGIE8Il
kJvXMyYGA0oYYgMWiM57hKBIIN+7mQPNe664chLIyNqwKecdPNH/p+kPIcTherQF
JHuXLauoMAaIN2oi+C1xMAGrEUCm9pig60VH9dlyuC5c8jsguWNljXLbUpkfOsm3
VCJbid/b/L/c90dg9/ejejEwtcp/v5nY2Hc9paf5DlkWY6T5AgxVNakpBPha9ZZe
...
Q2OrxTEkXF/R36P7/q3Y4yDctZa/6K8KOXSinmmBAoGAZKblFlS711MLNzB2xfJr
iGygvgonBuUJ/EbQro0Hhc6OWqpy6AzFi4f/LMYnxY1MbRgCGtnAENR3NL84jb9J
l86MRzsrZaRzsH69helsFpqUyZixqVCNehspkKMSGu1DNQYVV/paUwjAqmgvd9Ac
ldCKYwVx41py2C14BXABLeU=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDgzCCAm2gAwIBAgIQCObU9CoL5N5GWcYDhSLvVjALBgkqhkiG9w0BAQswUzEs
MCoGA1UEAwwjVklQIE9yZ2FuaXphdGlvbiBJbnRlcm1lZGlhdGUgQ0EgRzExFjAU
BgNVBAoMDUJyb2FkY29tIEluYy4xCzAJBgNVBAYTAlVTMB4XDTIxMDkyMDAzMzEx
OVoXDTIzMDkyMDAzMzExOVowYTEXMBUGA1UEAwwOc2s2MzExMDgtdGVzdDIxKzAp
...
/UYKrNsadGu9i3Lds8RwpAV/UaWQ/SQxlVmTuXZ7QBxfyPXNs6sIpMI8qyZtSkTR
q1TCbS9sq9UuPeORBbGysTPsbMbxczrteyUbYuUJE+eq9iWFyZxQnHM8B6Mu2lPs
DezQ8Wm8HKmZpPkOLgftqihnIW+ddlmF2fyBtWO9JdjLOl0Kc3q924UWhkR/90bb
N6ZHSlw4UNvDUnltYhwAac/5x+06AkdviPVPB2AG4x3O8sriN8AG
-----END CERTIFICATE-----


  
     c. curl --cert vip_cert.pem https://streaming-auth.vip.symantec.com/activate --request GET
         If your Streaming Service is enabled and activated, you will get the following.
         {"statusCode":0,"statusMessage":"Success","detailMessage":"Streaming service activated successfully for your account"}
         You can proceed to configure the Streaming Client.
        
         If your Streaming Service is enabled but not activated, you will get the following.
         {"statusCode":0,"statusMessage":"Success","detailMessage":"The streaming service is not activated for your account"}
         Then you will need to activate your Streaming Service using the following command.
         curl --cert vip_cert.pem https://streaming-auth.vip.symantec.com/activate --request POST
         If this returns success then you can proceed to configure the Streaming Client.

         If your Streaming Service is not enabled, you will get the following.
         {"statusCode":26631,"statusMessage":"Failure","detailMessage":"Account is not registered for streaming service. Please contact administrator"}
         In this case your VIP Administrator will need to raise a support ticket requesting to enable Streaming Service for your VIP account.
         You need to provide your JHash value when doing so.
         This need to be transferred to engineering and go through evaluation and approval so this can take a few days.

 

Follow the steps below to configure Streaming Service.
1. Logon to VIP Manager and download the following.
    - VIP Certificate
    - VIP Manager - Account - Download Files - VIP Report Streaming Service - StreamingReferenceClient_1_0.zip

2. Note down your Jurisdiction Hash
    - VIP Manager - Account - Jurisdiction Hash

3. Download supported JDK 11
    - https://www.oracle.com/java/technologies/javase-downloads.html
    - https://adoptopenjdk.net/ (this was used in this article)

4. Install JDK and ensure it is added to %PATH% in the System Environment Variable.
    - Open a command and run "java -version" and see if the right version is displayed.

 C:\Users\Administrator> java -version
    openjdk version "11.0.12" 2021-07-20
    OpenJDK Runtime Environment Temurin-11.0.12+7 (build 11.0.12+7)
    OpenJDK 64-Bit Server VM Temurin-11.0.12+7 (build 11.0.12+7, mixed mode)

    - If you use other version of Java(such as 1.6.x or 1.8.x), this referenceclient.jar will not run.


5. Extract the "StreamingReferenceClient_1_0.zip" to desired folder. "C:\StreamingReferenceClient_1_0"

6. Create logs folder. In this sample, following folders were created manually.
    - C:\StreamingReferenceClient_1_0\logs\client
    - C:\StreamingReferenceClient_1_0\logs\events

7. Modify the C:\StreamingReferenceClient_1_0\client.properties file.
    - Use the following filepath format or the path may not be recognized.

    - Enter the filepath to your VIP Certificate.
    - p12FilePath=C:/StreamingReferenceClient_1_0/vip_cert_09-20-2021_01-31PM.p12
   
    - Enter the VIP Certificate's private key passphrase
    - p12Password=passphrase
     You can encrypt this passphrase using the following command.

     C:\StreamingReferenceClient_1_0>java -Dclient_log_dir=C:/StreamingReferenceClient_1_0/logs/client -Devent_log_dir=C:/StreamingReferenceClient_1_0/logs/events -jar referenceclient.jar --encrypt=passphrase
     Encrypted Key:4avbt/cMvgCyj80j92cozw==

     Then update p12Password with the encrypted key value prepending "ENC-" in the value.
     p12Password=ENC-4avbt/cMvgCyj80j92cozw==

   
    - Configure the baseUrl for the streaming service.
    - baseUrl=https://streaming-auth.vip.symantec.com

    - Create logs folder and specify the path for the client.log and event.log. In this sample I created C:\StreamingReferenceClient_1_0\logs\client and C:\StreamingReferenceClient_1_0\logs\events
    - client_log_dir=C:/StreamingReferenceClient_1_0/logs/client
    - event_log_dir=C:/StreamingReferenceClient_1_0/logs/events

    - Enter your JHASH   
    - onBehalfOfAccountId=12345678
   
    - log_level is only for this client program. This is not for "event.log".
    - log_level=INFO

    - You can leave the rest as is.

 

8. Test the reference client.

C:\StreamingReferenceClient_1_0> java -Dclient_log_dir=C:/StreamingReferenceClient_1_0/logs/client -Devent_log_dir=C:/StreamingReferenceClient_1_0/logs/events -Dlog_level=DEBUG -jar referenceclient.jar --spring.config.location=file:client.properties


     WARNING: An illegal reflective access operation has occurred
     WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$2 (jar:file:/C:/StreamingReferenceClient_1_0/referenceclient.jar!/BOOT-INF/lib/spring-core-4.1.5.RELEASE.jar!/) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
     WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils$2
     WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
     WARNING: All illegal access operations will be denied in a future release

  If you see the above message and no ther exceptions then it is working.
  You can check the "C:\StreamingReferenceClient_1_0\logs\client\client.log" for more detail.
  This command would run the reference client just once. If it is working fine then you can use the "TailEvents.class" to have it launch the reference client repeatedly.
  By default, TailEvents.java is coded to repeat the launch every 5 seconds. Please modify it as necessary and compile it.

            System.out.println("Java process exited with code " + exitCode + ". Will wait for 5 seconds and restart.");
            Thread.sleep(5000);

 

   - At the "C:\StreamingReferenceClient_1_0" execute "java -cp C:\StreamingReferenceClient_1_0 TailEvents"

 C:\StreamingReferenceClient_1_0>java TailEvents
     Reading configuration from client.properties
     Client logs will be written under the directory C:\StreamingReferenceClient_1_0\logs\client
     Event logs will be written under the directory C:\StreamingReferenceClient_1_0\logs\events
     Logging level of the client is set to DEBUG
     Starting java process ...
     WARNING: An illegal reflective access operation has occurred
     WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$2 (jar:file:/C:/StreamingReferenceClient_1_0/referenceclient.jar!/BOOT-INF/lib/spring-core-4.1.5.RELEASE.jar!/) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
     WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils$2
     WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
     WARNING: All illegal access operations will be denied in a future release

 


   - Now you can perform VIP Credential Validation and see "C:\StreamingReferenceClient_1_0\logs\events\event.log" getting populated.

client.log (very first successful initialization)
[2021-09-21 05:57:44.745][INFO] Starting ReferenceClientApplication on vip with PID 3532 (started by Administrator in C:\StreamingReferenceClient_1_0)
[2021-09-21 05:57:44.745][DEBUG] Running with Spring Boot v1.2.2.RELEASE, Spring v4.1.5.RELEASE
[2021-09-21 05:57:44.776][INFO] Refreshing org.spring[email protected]2f4948e4: startup date [Tue Sep 21 05:57:44 UTC 2021]; root of context hierarchy
[2021-09-21 05:57:45.323][INFO] Bean 'org.springframework.scheduling.annotation.SchedulingConfiguration' of type [class org.springframework.scheduling.annotation.SchedulingConfiguration$$EnhancerBySpringCGLIB$$64c4cf4d] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
[2021-09-21 05:57:46.166][INFO] Registering beans for JMX exposure on startup
[2021-09-21 05:57:46.166][INFO] Registering beans for JMX exposure on startup
[2021-09-21 05:57:46.166][INFO] Starting beans in phase 0
[2021-09-21 05:57:46.166][INFO] Located managed bean 'environmentEndpoint': registering with JMX server as MBean [org.springframework.boot:type=Endpoint,name=environmentEndpoint]
[2021-09-21 05:57:46.182][INFO] Located managed bean 'healthEndpoint': registering with JMX server as MBean [org.springframework.boot:type=Endpoint,name=healthEndpoint]
[2021-09-21 05:57:46.182][INFO] Located managed bean 'beansEndpoint': registering with JMX server as MBean [org.springframework.boot:type=Endpoint,name=beansEndpoint]
[2021-09-21 05:57:46.182][INFO] Located managed bean 'infoEndpoint': registering with JMX server as MBean [org.springframework.boot:type=Endpoint,name=infoEndpoint]
[2021-09-21 05:57:46.182][INFO] Located managed bean 'metricsEndpoint': registering with JMX server as MBean [org.springframework.boot:type=Endpoint,name=metricsEndpoint]
[2021-09-21 05:57:46.182][INFO] Located managed bean 'traceEndpoint': registering with JMX server as MBean [org.springframework.boot:type=Endpoint,name=traceEndpoint]
[2021-09-21 05:57:46.198][INFO] Located managed bean 'dumpEndpoint': registering with JMX server as MBean [org.springframework.boot:type=Endpoint,name=dumpEndpoint]
[2021-09-21 05:57:46.198][INFO] Located managed bean 'autoConfigurationAuditEndpoint': registering with JMX server as MBean [org.springframework.boot:type=Endpoint,name=autoConfigurationAuditEndpoint]
[2021-09-21 05:57:46.198][INFO] Located managed bean 'shutdownEndpoint': registering with JMX server as MBean [org.springframework.boot:type=Endpoint,name=shutdownEndpoint]
[2021-09-21 05:57:46.198][INFO] Located managed bean 'configurationPropertiesReportEndpoint': registering with JMX server as MBean [org.springframework.boot:type=Endpoint,name=configurationPropertiesReportEndpoint]
[2021-09-21 05:57:46.213][INFO] Started ReferenceClientApplication in 1.64 seconds (JVM running for 2.183)
[2021-09-21 05:57:46.213][ERROR] Unable to read next url from nextUrl file. Probably this is the first time you start this client or that file could be lost.
[2021-09-21 05:57:46.213][DEBUG] sending request to URL [https://streaming-auth.vip.symantec.com/streaming/12345678
[2021-09-21 05:57:48.354][DEBUG] response received: [{"status":{"statusCode":0,"statusMessage":"Success","detailMessage":null},"scrollKey":"0","nextUrl":"https://streaming-auth.vip.symantec.com/streaming/12345678?scrollKey=0","messages":[]}]
[2021-09-21 05:57:48.385][DEBUG] No new message has returned from the server.
[2021-09-21 05:57:48.385][DEBUG] Writing next url: [https://streaming-auth.vip.symantec.com/streaming/12345678?scrollKey=0] to file : [nextUrl.txt]

 

event.log
{"jurHash":"12345678","credId":"SYMC4xxxxxx4","msaId":"e62811b7a9060_1K","clientIp":"60.xxx.xxx.34","originIp":"192.168.0.241","txnId":"vipusE5955A6A697B2672","ts":"2021-09-21 06:03:43.836 +0000","result.statusMessage":"Success","challengeSupported":"true","source":"EG","firstFactorType":"NONE","requestId":"9_9_0_w_192_168_0_8_2470846318","extUserId":"user1","action":"BEGIN_AUTHENTICATION","durationMillis":8,"operation":"mobilePushSent","_id":"sedvip-prod-userservices-v3-be-w-8.1632204223836.16250105","result.status":"0000","transactionId":"99d995fa69115_1K"}
{"jurHash":"12345678","clientIp":"60.xxx.xxx.34","msaId":"e62811b7a9060_1K","result.requestParams":"{enforceLocalAuth=false, request.timeout=58}","result.pushCredentials":["SYMC4xxxxxx4"],"originIp":"192.168.0.241","txnId":"vipusE5955A6A697B2672","ts":"2021-09-21 06:03:43.744 +0000","result.statusMessage":"Mobile push request sent","challengeSupported":"true","source":"EG","firstFactorType":"NONE","requestId":"9_9_0_w_192_168_0_8_2470846318","extUserId":"user1","action":"BEGIN_AUTHENTICATION","durationMillis":104,"operation":"authenticateUserWithPush","_id":"sedvip-prod-userservices-v3-be-w-8.1632204223744.16250100","result.status":"6040","result.pushTransactionId":"99d995fa69115_1K","result.displayParams":"{display.message.profile=Remote Access Service Name, display.message.title=Sign In Request, display.message.text=Approve your Sign In request}"}
{"jurHash":"12345678","clientIp":"60.xxx.xxx.34","msaId":"e62811b7a9060_1K","result.requestParams":"{request.timeout=58}","originIp":"192_168_0_8","txnId":"vipusAD3056EE614B6DEB","ts":"2021-09-21 06:03:44.573 +0000","result.statusMessage":"Mobile push request in progress","challengeSupported":"true","source":"EG","firstFactorType":"NONE","requestId":"9_9_0_w_192_168_0_8_3761332365","extUserId":"user1","action":"POLL_PUSH_STATUS","durationMillis":0,"operation":"pollPushStatus","_id":"sedvip-prod-userservices-v3-be-w-7.1632204224573.25367238","result.status":"7001","result.pushTransactionId":"99d995fa69115_1K","result.displayParams":"{display.message.profile=Remote Access Service Name, display.message.title=Sign In Request, display.message.text=Approve your Sign In request}"}
{"jurHash":"12345678","clientIp":"60.xxx.xxx.34","msaId":"e62811b7a9060_1K","result.requestParams":"{request.timeout=58}","originIp":"192_168_0_8","txnId":"vipusD027AB8DE8CE0FA9","ts":"2021-09-21 06:03:46.751 +0000","result.statusMessage":"Mobile push request in progress","challengeSupported":"true","source":"EG","firstFactorType":"NONE","requestId":"9_9_0_w_192_168_0_8_3761332366","extUserId":"user1","action":"POLL_PUSH_STATUS","durationMillis":0,"operation":"pollPushStatus","_id":"sedvip-prod-userservices-v3-be-w-7.1632204226751.25367292","result.status":"7001","result.pushTransactionId":"99d995fa69115_1K","result.displayParams":"{display.message.profile=Remote Access Service Name, display.message.title=Sign In Request, display.message.text=Approve your Sign In request}"}
{"jurHash":"12345678","clientIp":"60.xxx.xxx.34","msaId":"e62811b7a9060_1K","result.requestParams":"{request.timeout=58}","originIp":"192_168_0_8","txnId":"vipusD2EBE387ED5D9C29","ts":"2021-09-21 06:03:48.937 +0000","result.statusMessage":"Mobile push request in progress","challengeSupported":"true","source":"EG","firstFactorType":"NONE","requestId":"9_9_0_w_192_168_0_8_3761332367","extUserId":"user1","action":"POLL_PUSH_STATUS","durationMillis":1,"operation":"pollPushStatus","_id":"sedvip-prod-userservices-v3-be-w-9.1632204228937.10219636","result.status":"7001","result.pushTransactionId":"99d995fa69115_1K","result.displayParams":"{display.message.profile=Remote Access Service Name, display.message.title=Sign In Request, display.message.text=Approve your Sign In request}"}
{"jurHash":"12345678","credId":"SYMC4xxxxxx4","clientIp":"60.xxx.xxx.34","pushCredentials":"[SYMC4xxxxxx4]","txnId":"vipusCE9C59410A4F2C51","ts":"2021-09-21 06:03:49.424 +0000","result.statusMessage":"Success","source":"Mobile Client","deviceType":"ANDROID","requestId":"23954E7B8278010E","extUserId":"user1","result.status":"0000","durationMillis":7,"operation":"mobilePushApproved","_id":"sedvip-prod-userservices-v3-be-w-2.1632204229424.26439628","transactionId":"99d995fa69115_1K"}
{"challengeSupported":"true","result.credId":"SYMC4xxxxxx4","operation":"pollPushStatus","originIp":"192_168_0_8","ts":"2021-09-21 06:03:51.128 +0000","source":"EG","firstFactorType":"NONE","requestId":"9_9_0_w_192_168_0_8_3761332368","jurHash":"12345678","result.requestParams":"{request.timeout=58}","txnId":"vipusBAC6AA0C919593CE","result.displayParams":"{display.message.profile=Remote Access Service Name, display.message.title=Sign In Request, display.message.text=Approve your Sign In request}","extUserId":"user1","result.status":"7000","msaId":"e62811b7a9060_1K","clientIp":"60.xxx.xxx.34","result.credType":"STANDARD_OTP","result.statusMessage":"Mobile push request approved by user","durationMillis":2,"action":"POLL_PUSH_STATUS","result.pushTransactionId":"99d995fa69115_1K","_id":"sedvip-prod-userservices-v3-be-w-6.1632204231128.25616708"}

 

Additional Information

client.properties sample file attached.

Attachments

1632277231632__client.properties-sample get_app