This directory contains code necessary to run a SCIM and NIPC gateway as described in draft-ietf-scim-device-model and draft-brinckman-asdf-nipc.
The gateway also requires a Silabs Dev Kit (EFR32xG21) for the BLE functionality.
Flash the Bluetooth - NCP demo binary using Simplicity Studio.
This was tested using Gecko SDK 4.4.1 and on the EFR32xG21 kit.
The gateway uses TLS for the SCIM and NIPC APIs.
This requires certificates to be generated and placed in the ca_certificates and certs directories.
cd certs
./make-ca-certs.shcd certs
./gen_cert.sh serverOn a linux host, where usb passthrough is supported in docker, you can run:
docker compose up --buildCreate a virtual environment and install the requirements:
python3 -m venv venv
source venv/bin/activate
pip3 install -r requirements.txtBring up the mosquitto and postgres containers:
docker-compose up mosquitto postgresRun the application:
python3 app.pyTo register an onboarding app, run the following command:
flask register-onboarding-app <onboarding_app_name>To register a control or data app, you can use the EndpointApps SCIM APIs.
If you want to use certificates to authenticate the endpoint apps, you can generate them using the same gen_cert.sh script.
cd certs
./gen_cert.sh <client_name>MAC Authentication Bypass is a primative and weak form of authentication that just checks against MAC addresses. Use at your own risk. Any device can fake a MAC address. However, sometimes it is useful for bootstrapping stronger trust.
If you want MAB support, you must indicate that by setting appropriate environment variables in the docker-compose.yml file as follows:
WANT_ETHERNET_MAB=True
ISE_HOST={ISE ERS endpoint hostname}
ISE_USERNAME=user
ISE_PASSWORD={whateversecret}
By default MAB is not supported. If all three of the ISE environment variables are not set, the SCIM database will be updated, but nothing else will be done. In the future, one might expect support for AAA services other than ISE.