|Oracle® Fusion Middleware Administrator's Guide for Oracle Access Management
11g Release 2 (11.1.2)
Part Number E27239-03
|PDF · Mobi · ePub|
Contains application-specific configuration details for applications that use Mobile Services. Details contained in Application Profiles include the name of the application, a short application description, and a list of name-value attribute pairs. An Application Profile may be required before allowing an application to obtain services (tokens, user profile information) from Oracle Access Management Mobile and Social.
Authentication Service Provider
Allows a back-end Identity Service Provider to authenticate users, client applications, and access permissions to Mobile and Social by way of a token exchange using Mobile (REST) Services calls. Also called Token Service. Upon successful authentication and verification, a token may be returned to the client application in some operations.
Authentication Service Provider is one of three possible Service Provider configuration options. Also see Authorization Service Provider and User Profile Service Provider.
Authorization Service Provider
Allows Mobile and Social and an Identity Service Provider to make authorization decisions using Mobile (REST) Services calls.
Authorization Service Provider is one of three possible Service Provider configuration options. Also see Authentication Service Provider and User Profile Service Provider.
Internet Identity Services
Provides easy access to cloud-based authentication Service Providers, using standard protocols implemented by these providers, such as OAuth and OpenID. Internet Identity Services provides lightweight infrastructure and preconfigured service implementations that let Mobile and Social function as a relying party (RP) when interacting with popular cloud-based Service Providers, including Google, Yahoo, Facebook, Twitter, and/or LinkedIn. Additional OpenID and OAuth Service Providers can be added to Mobile and Social by implementing a Java interface.
Also see Mobile Services, which is the other core Identity-as-a-Service feature that Mobile and Social provides.
Connects web, mobile, and desktop applications to an existing Identity infrastructure to provide authentication, authorization, and basic user-profile directory services. Mobile Services supports Oracle Identity Access Management (IAM) products and LDAP-compatible back-end directory servers. Mobile Services use simple REST interfaces to connect client applications with the Mobile and Social server.
Also see Internet Identity Services, which is the other core Identity-as-a-Service feature that Mobile and Social provides.
Mobile Single Sign-on Agent App
Installs as a companion application on iOS and Android mobile devices where it serves as a proxy between the remote Mobile and Social server and the business apps that need to authenticate with the back-end Identity service. Mobile single sign-on lets the end-user use multiple mobile apps on the same device without having to provide credentials for each application. Browser-based apps, as well as native device apps, are supported. A mobile single sign-on agent application is not require to use Mobile and Social, but if multiple apps are used on the same mobile device, single sign-on will not work without it. A custom mobile single sign-on agent application can be created using the iOS and Android Mobile Services SDKs, or the Oracle Mobile Security App, an Oracle-branded application for iOS devices, can be downloaded from the iTunes App Store.
Also see Oracle Mobile Security App.
Oracle Access Management Access Manager
An Oracle product that provides secure, personalized access to web applications and includes authentication, authorization, web single sign-on and identity services. Access Manager includes support for various web servers, application servers and portals. Access Manager supports various forms of basic and advanced authentication and includes the ability to define step-up authentication rules.
Oracle Adaptive Access Manager (OAAM)
An Oracle product that provides robust authentication at both the user level and the device level. When installed with Mobile and Social, Oracle Adaptive Access Manager "fingerprints" and authenticates mobile devices after analyzing device attributes, such as the mobile phone number and geolocation data, and verifying that the device is VPN-enabled and is not "jail broken." Device fingerprint data can be used to make runtime authentication decisions, such as blocking authentication if the user is authenticating from an unauthorized country or location. Oracle Adaptive Access Manager can also challenge users with knowledge-based authentication questions or require the user to authenticate using one-time password (OTP) functionality if the user is using the device at unusual hours or if the user is geographically distant from the last authentication. OAAM is also able to register (or white-list) specific devices.
Mobile and Social
Extends Identity-as-a-Service functionality to registered applications by acting as an intermediary between the user running an application, and a trusted authentication and authorization service. Mobile and Social provides two complimentary feature sets : (1) Mobile Services provides interfaces that connect applications to the authentication, authorization, and directory services available in the Oracle Identity Access Management (IAM) product suite, and (2) Internet Identity Services provides functionality that lets Mobile and Social serve as the relying party (RP) when interacting with popular cloud-based identity authentication and authorization services, such as Google, Yahoo, Facebook, Twitter, and/or LinkedIn. Mobile and Social provides software developer kits (SDKs) that enable developers to integrate Mobile Services functionality and Internet Identity Services functionality into their applications. In addition, because simple REST interfaces connect client applications with the Mobile and Social server, developers can write code to send and receive Mobile and Social REST calls to the Mobile and Social server.
Oracle Mobile Security App
The Oracle-branded mobile single sign-on agent application for iOS devices that can be downloaded from the iTunes App Store.
Also see mobile single sign-on agent app.
A website, web service, or application that uses a trusted outside Identity provider to authenticate a user who wants to log in. Mobile and Social can function as the relying party (RP) when interacting with popular cloud-based services.
Also see Internet Identity Services.
A software architectural style that is especially well-suited for web development because HTTP and the World Wide Web adhere to REST principles. REST constraints and principles govern how well-designed websites, web services, or web applications should create, retrieve, update, and delete "resources" that resides on a server. REST is an acronym that stands for REpresentation State Transfer.
Security Handler Plug-in
The Mobile and Social component that applies security logic during device registration. Mobile and Social includes two Security Handler Plug-ins: the OAAMSecurityHandlerPlugin that enables the sophisticated device registration logic in Oracle Adaptive Access Manager, or the default Security Handler Plug-in, which offers much more limited device registration logic
A logical grouping that associates one or more applications with a set of Access management and Identity management services. Each Service Domain specifies how applications are allowed to access services in Mobile and Social. To configure a Service Domain, use the main Mobile Services page to associate an Application Profile with a Service Profile. Typically an organization only needs a single Service Domain but multiple Service Domains are allowed.
The string that denotes a specific Mobile Services (REST) front-end service. The Endpoint is appended to a uniform resource identifier (URI) that the back-end Service Provider and the front-end client application use to communicate.
Defines a Service Endpoint URL for a Service Provider on the Mobile and Social Mobile Services server. A Service Profile is a logical configuration. You can create multiple Service Profiles to define different token capabilities and service endpoints for the Service Provider. Each Service Provider instance requires at least one corresponding Service Profile instance. To view and edit Service Profiles, use the Mobile Services console page.
Any trusted back-end Identity store that provides Identity services to applications, including authentication, authorization, and directory lookup and modification. Use the main Mobile Services page in the Mobile and Social console to configure the following Service Provider components: User Profile (Identity-Store Service Provider), Authentication (Token Service Provider), and Authorization.
User Profile Service Provider
Allows Mobile and Social to query and update an Identity Service Provider using Mobile (REST) Services calls.
User Profile Service Provider is one of three possible Service Provider configuration options. Also see Authentication Service Provider and Authorization Service Provider.