|Oracle® Fusion Middleware Administrator's Guide for Oracle Access Management
11g Release 2 (11.1.2)
Part Number E27239-03
|PDF · Mobi · ePub|
This chapter discusses system configuration tasks for Oracle Access Management Mobile and Social. It contains the following sections.
Use the Mobile and Social Settings page in the Oracle Access Management Console to configure system level settings.
You can perform many Mobile and Social configuration tasks from the command line using the WebLogic Scripting Tool (WLST). For more information, see the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
Follow this procedure to access the Mobile and Social Settings page.
Log in to the Oracle Access Management Console.
Click the System Configuration tab at the top of the page.
Click Mobile and Social on the left side of the page.
Click Mobile and Social Settings.
The Mobile and Social Settings tab opens in the main frame. Configure the following Internet Identity Services settings if a proxy server is in place between the Mobile and Social server and an Identity Provider.
Proxy URL: Choose the protocol to use to connect to the proxy server (HTTP or HTTPS), then type the proxy server host name and port number.
Proxy Authentication: Type the user name and password required to authenticate with the proxy server.
SAE Token Validity Period: Type the number of seconds that the system should wait before expiring the Secured Attribute Exchange token. SAE is the default scheme used to secure communication between the Mobile and Social server and any application integrating directly with Internet Identity Services.
For information about Fusion Middleware logging, see the "Monitoring Oracle Fusion Middleware" chapter in the Oracle Fusion Middleware Administrator's Guide.
For information about Fusion Middleware auditing, see the "Configuring and Managing Auditing" chapter in the Oracle Fusion Middleware Application Security Guide.
Mobile and Social can be configured for use with either Oracle Access Manager 10g or 11gR1 PS1. For this to work, however, Oracle Access Manager and Mobile and Social need to be installed on different servers in different domains. Mobile and Social and Oracle Access Manager then need to be configured to work together. The following procedure documents how to do this using Oracle Access Manager 11gR1 PS1. Before you Begin - Install Mobile and Social on Host 1 and Oracle Access Manager 11gR1 PS1 on Host 2.
Log on to the Oracle Access Management Console on Host 2 and create a WebGate profile for Mobile and Social using the default settings.
In Mobile and Social, create an Authentication Service Provider for Oracle Access Manager 22.214.171.124.
See Section 126.96.36.199, "Creating an Authentication Service Provider," for instructions.
Set the Attributes as described in the following table.
In Mobile and Social, create a Service Profile for the Authentication Service Provider that you created in the previous step.
See Section 38.4, "Defining Service Profiles," for instructions.
In Mobile and Social, create a Service Domain.
See Section 38.7.1, "Creating a Service Domain," for instructions.
cwallet.sso file on Host 2 with the
cwallet.sso file on Host 1 as follows:
cwallet.sso from Host 2 to Host 1.
On Host 1 type
# mkdir /tmp/oam /tmp/oic# cp <host>/cwallet.sso /tmp/oam # cp config/fmwconfig/cwallet.sso /tmp/oic
<?xml version="1.0" encoding="UTF-8" standalone='yes'?> <jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" schema-major-version="11" schema-minor-version="1"> <serviceProviders> <serviceProvider class="oracle.security.jps.internal.credstore.ssp.SspCredentialStoreProvider" name="credstoressp" type="CREDENTIAL_STORE"> <description>File-based credential provider</description> </serviceProvider> </serviceProviders> <serviceInstances> <!-- Source file-based credential store instance --> <serviceInstance location="/tmp/oam" provider="credstoressp" name="credential.file.source"> </serviceInstance> <!-- Destination file-based credential store instance --> <serviceInstance location="/tmp/oic" provider="credstoressp" name="credential.file.destination"> </serviceInstance> </serviceInstances> <jpsContexts> <jpsContext name="FileSourceContext"> <serviceInstanceRef ref="credential.file.source"/> </jpsContext> <jpsContext name="FileDestinationContext"> <serviceInstanceRef ref="credential.file.destination"/> </jpsContext> </jpsContexts> </jpsConfig>
Set the path variable to include
Execute the command to merge the
# wlst.shwlst:/> migrateSecurityStore(type="credStore", configFile="/tmp/mergecreds.xml",src="FileSourceContext",dst="FileDestinationContext")
Copy the merged file to
# cp /tmp/oic/cwallet.sso /scratch/kerwin/wls10/user_projects/domain/base_domain/cfnfig/fmwconfig
Restart the OAM Server on Host 1.
When moving Mobile and Social from a test environment to a production environment, complete the following configuration steps on each production machine after running the Test-to-Production scripts.
Launch the Oracle Access Management Console.
On the Policy Configuration tab, choose Shared Components > Authentication Schemes > OIC Scheme and click Open.
The Authentication Schemes configuration page opens.
Update the Challenge Redirect URL value to point to the production machine (not the test machine) and click Apply.
Run the following WLST command to update the Mobile and Social credential store framework (CSF) entry to point from the test machine to the production machine.
createCred(map="OIC_MAP", key=" https://<production machine host>:<production machine port>/oam/server/dap/cred_submit ", user="="<description>", password=" DCC5332B4069BAB4E016C390432627ED", desc="<description>");
password, use the value from the
TapCipherKey attribute in
oam-config.xml, located in the domain home
/config/fmwconfig directory on the production machine.
In the Oracle Access Management Console, do the following:
Select the System Configuration tab.
Choose Mobile and Social > Internet Identity Services.
In the Application Profiles section, select OAMApplicaton and click Edit. (If using an application profile name other than OAMApplication, edit that instead.)
Update the Registration URL field host name and port to point to the production machine.