1 JD Edwards EnterpriseOne Mobile Applications Overview

Important:

Before continuing, read the Preface of this guide for important information about the documentation for the different EnterpriseOne mobile application solutions.

This chapter contains the following topics:

Note:

This chapter has been updated to support the release of EnterpriseOne 9.1.2 mobile applications.

1.1 Understanding EnterpriseOne Mobile Applications

JD Edwards EnterpriseOne mobile applications are applications built for the following mobile devices:

  • Apple iOS-based mobile devices, such as iPhone and iPad

  • Blackberry

    Note:

    The photo attachment feature that is available with EnterpriseOne mobile applications 9.1.2 is not supported on Blackberry.

  • Android

EnterpriseOne mobile applications provide users in the field access to timely and critical data to meet their business needs and quickly and efficiently perform tasks, such as:

  • Entering expense reports

  • Reviewing and approving expense reports

  • Reviewing and approving purchase orders

  • Reviewing and approving requisitions entered through Requisition Self Service

  • Reviewing current and historical sales orders

  • Querying item price and availability information

The mobile applications were developed using Oracle Application Development Framework Mobile (ADF Mobile), a component of Oracle Fusion Middleware.

Deploying EnterpriseOne mobile applications requires installing ADF Runtime, EnterpriseOne Mobile Foundation, and EnterpriseOne mobile applications on Oracle WebLogic Server. See Prerequisites - Mobile Application Downloads (Release 9.1.2 Update) in this guide for a list of components that you must download to install EnterpriseOne mobile applications.

1.2 Understanding the EnterpriseOne Mobile Applications Environment

The following illustration shows the EnterpriseOne mobile applications environment:

This image is described in surrounding text.

This list describes each of the components in the EnterpriseOne mobile applications environment:

  • Oracle WebLogic Server

    The application server for installing and deploying EnterpriseOne Mobile Foundation and mobile applications. The Mobile Foundation contains scripts that ensure that the applications render properly on the mobile device, as well as an Authentication Provider, which provides user sign-in security for deployed mobile applications.

    ADF runtime must be installed on WebLogic Server before installing EnterpriseOne Mobile Foundation and mobile applications.

  • EnterpriseOne Enterprise Server and database

    The EnterpriseOne Enterprise Server processes logic and requests data from the database.

  • Business Services Server

    This server contains a business services package built with mobile applications business services that enable data transfer between the mobile applications and EnterpriseOne.

    The Business Services Server can run on WebLogic Server or IBM WebSphere Application Server. It does not have to run on the same server as the mobile applications, which can only be deployed on WebLogic Server with ADF runtime. If both are installed on the same WebLogic Server, the Business Services Server must be installed in a separate domain. If the Business Services Server is on a separate machine, you have to configure a certificate to enable the transmission of requests from WebLogic Server to the Business Services Server. See Configuring Web Service Requests Between a WebLogic Server and a Business Services Server Deployed on Separate Machines.

    Important:

    Starting with EnterpriseOne mobile applications release 9.1.2, JAX-WS based business services are supported with a minimum EnterpriseOne Tools release 9.1.2.4.

    For 9.1 and earlier releases, JD Edwards EnterpriseOne mobile applications support only JAX-RPC based business services; they do not support JAX-WS based business services. Therefore, the business services server in the mobile applications environment must contain a package built with JAX-RPC based business services.

  • Mobile device

    EnterpriseOne mobile applications can run on Apple iOS, Blackberry, and Android mobile devices.

1.3 Understanding EnterpriseOne Mobile Applications Security

Note:

Starting with EnterpriseOne mobile applications release 9.1.2, in addition to authentication security and business services security described in this section, mobile applications support EnterpriseOne application security. The support of EnterpriseOne application security does not supplant, but is in addition to, the security described in this section. See Configuring Support for EnterpriseOne Application Security for 9.1.2 Mobile Applications for more information.

Two levels of security ensure secure access to JD Edwards EnterpriseOne mobile applications: sign-in security for user authentication and published business services security for application authorization.

Sign-in Security

EnterpriseOne mobile applications use an Authentication Provider for sign-in security to ensure that users of mobile applications are authenticated EnterpriseOne users. The Authentication Provider eliminates having to set up additional sign-in security for EnterpriseOne mobile application users.

After a user enters their credentials in the mobile application login screen, a login module calls the AuthenticationManager business service, which is used to authenticate the user.

The Authentication Provider also provides single sign-on functionality so that users only have to sign in once when using multiple EnterpriseOne mobile applications. After a user signs into their first EnterpriseOne mobile application, any subsequent EnterpriseOne mobile applications launched by the user automatically use the credentials from the original sign-in.

The JD Edwards EnterpriseOne Mobile Foundation download includes two jar files, JDEADFMobileAuthenticationProvider.jar and JDEADFMobileLoginModule.jar. Both files are used in configuring the Authentication Provider.

Published Business Services Security

EnterpriseOne mobile applications use published business services to pass data between the mobile device and the EnterpriseOne database. Mobile applications also use published business services to pass the credentials of a mobile application user to the EnterpriseOne security server to verify that the user is authorized to access the published business service. If the user is not authorized, access to the EnterpriseOne system is denied.

Therefore, you must set up published business services security records in EnterpriseOne to provide mobile application users with access to published business services. By setting up security records for mobile applications published business services, you are essentially setting up security for the mobile applications.

See "Securing Mobile Applications" in the JD Edwards EnterpriseOne Applications Functionality for Mobile Devices Implementation Guide for more information about securing mobile application published business services.

Security Process Flow

The following diagram shows the security process flow for EnterpriseOne mobile applications:

This image is described in surrounding text.

The following list describes the security process flow:

  1. A user launches a mobile application and is directed to the JD Edwards EnterpriseOne mobile application login screen wherein the user signs in with an EnterpriseOne user name, password, role, and environment. The J2EE application server invokes the login module through the registered authentication provider, and the login module retrieves the user credentials from the sign-in screen.

  2. The login module invokes the Authentication Manager business service, which performs the following security checks:

    1. User authentication. The Authentication Manager business service performs user authentication by verifying that the user credentials represent a valid EnterpriseOne user.

    2. User authorization. Starting with the EnterpriseOne mobile applications release 9.1.2, if user authentication is successful, the Authentication Manager business service checks for application security or exclusive application security. It verifies that the user is authorized to run a particular mobile application based on security records in the Security Workbench table (F00950). See Configuring Support for EnterpriseOne Application Security for 9.1.2 Mobile Applications for more information.

  3. If the user authentication or user authorization fails, an error message appears on the sign-in screen. If both authentication and authorization are successful, the mobile application is displayed.

  4. The mobile application uses a security token from the Authentication Manager business service for subsequent calls to business services used by the mobile application. The user must be an authorized user of the business services to use the mobile application.

1.4 Configuring Support for EnterpriseOne Application Security for 9.1.2 Mobile Applications

This section contains the following topics:

1.4.1 Overview of Application Security for EnterpriseOne Mobile Applications

Starting with EnterpriseOne mobile applications release 9.1.2, mobile applications support EnterpriseOne application security and exclusive application security. The support of EnterpriseOne application security does not replace, but is in addition to the support of authentication security and business services security for mobile applications.

You use Security Workbench in EnterpriseOne to set up application security or exclusive application security for mobile applications. EnterpriseOne mobile applications are secure by default; that is, out of the box, users cannot access them. Therefore, you have to create security records in Security Workbench to allow users access to mobile applications.

You can set up security records for a user, role, or *PUBLIC. See the JD Edwards EnterpriseOne Tools Security Administration Guide for more information about the sequence EnterpriseOne uses to check security records.

The following list contains the application IDs of the EnterpriseOne mobile applications. Refer to these application IDs when creating application security or exclusive application security records in Security Workbench:

  • M09E2011 (Mobile Expense Management)

  • M43081 (Mobile Purchase Order Approval

  • M43E82 (Mobile Requisition Approval)

  • M4200010 (Mobile Sales Inquiry)

  • M311221 (Mobile Service Order Time Entry)

  • M0001 (Mobile Menu)

For instructions on how to set up application security records, see the following sections in the JD Edwards EnterpriseOne Tools Security Administration Guide:

1.4.2 Configuration Requirements to Support EnterpriseOne Application Security for Mobile Applications

The Prerequisites - Mobile Application Downloads (Release 9.1.2 Update) section in this guide lists the required downloads for an EnterpriseOne 91.2 mobile applications deployment, including the Mobile Foundation. The Mobile Foundation includes an EnterpriseOne ESU that contains EnterpriseOne tasks and the JPH90I01 and JH90I01 business services, which are required for an administrator to set up application security in EnterpriseOne for 9.1.2 mobile applications.

After applying the ESU from the Mobile Foundation:

1.4.3 Verifying ESU Objects in EnterpriseOne

After downloading the appropriate ESU for 9.1.2 mobile applications, verify that the following objects were added to EnterpriseOne from the ESU:

  • EnterpriseOne tasks for mobile applications

    These tasks, along with the business service properties, are used by the Authentication Manager business service (JPH90I01) to enable EnterpriseOne application security for mobile applications.

  • Authentication Manager Query Processor business service (JH90I01)

    This is an internal business service that processes the getAuthData method of the JPH90I01 business service.

  • Authentication Manager business service (JPH90I01)

    This business service was updated to support the use of EnterpriseOne application security for mobile applications. It contains two new properties that are used in conjunction with mobile application tasks to enable EnterpriseOne application security for mobile applications.

In EnterpriseOne, verify that the tasks, task relationships, and the business service properties provided by the ESU are in the system.

Note:

You do not have to set up any of the tasks or task relationships described in this section. Also, you do not have to set up task security because the tasks are not part of any task view and therefore are not available in either the EnterpriseOne Windows client or web client.

To verify tasks for mobile applications in EnterpriseOne:

On the Work With Tasks form in P9000, use the QBE row to locate and verify the tasks listed in the following table:

Task ID Task Name Type Description App System Description
812JP017833 Mobile Expense Management 01 Interactive Application M09E2011 09E Expense Reimbursement
812JP017834 Mobile Purchase Order Approval 01 Interactive Application M43081 43 Procurement
812JP017835 Mobile Requisition Approval 01 Interactive Application M43E82 43E Requisition Self Service
812JP017836 Mobile Sales Inquiry 01 Interactive Application M4200010 42 Sales Management
812JP017837 Mobile Menu 01 Interactive Application M0001 00 Foundation Environment
812JP017838 Mobile Service Order Time Entry 01 Interactive Application M311221 31 Shop Floor Control
JDE030504 EnterpriseOne Mobile Apps 07 Folder n/a 00 Foundation Environment

To verify parent-child task relationships for mobile applications in EnterpriseOne:

  1. On the Work With Task Relationships - Task Where Used form in P9000, enter the parent task JDE030504 in the Task field and click the Find button.

  2. Verify the parent-child task relationships listed in the following table:

    Parent Task Parent Task Name Child Task Child Task Name Presentation Seq. Task View
    JDE030504 EnterpriseOne Mobile Apps 812JP017833 Mobile Expense Management 1 91
    JDE030504 EnterpriseOne Mobile Apps 812JP017834 Mobile Purchase Order Approval 2 91
    JDE030504 EnterpriseOne Mobile Apps 812JP017835 Mobile Requisition Approval 3 91
    JDE030504 EnterpriseOne Mobile Apps 812JP017836 Mobile Sales Inquiry 4 91
    JDE030504 EnterpriseOne Mobile Apps 812JP017837 Mobile Menu 5 91
    JDE030504 EnterpriseOne Mobile Apps 812JP017838 Mobile Service Order Time Entry 6 91

To verify business service properties for mobile applications:

Access the Business Service Property Admin application (P951000) and search for and verify the Business Service properties listed in the following table:

Key Value Description Level Group
JPH90I01_FOLDER_TASK_ID JDE030504 Task ID for Folder Type Parent Task for EOne Mobile Apps BSSV JPH90I01
JPH90I01_FOLDER_TASK_NAME EnterpriseOne Mobile Apps Task Name for Folder Type Parent Task for EOne Mobile Apps BSSV JPH90I01

1.5 EnterpriseOne Mobile Applications Installation and Implementation Checklist

Use the following lists of installation and implementation tasks as a high-level checklist for installing and deploying EnterpriseOne mobile applications:

Installation Tasks

Implementation Tasks

1.6 Minimum Technical Requirements

See document 745831.1 (JD Edwards EnterpriseOne Minimum Technical Requirements Reference) on My Oracle Support:

https://support.oracle.com/epmos/faces/DocumentDisplay?id=745831.1

1.7 Prerequisites - Mobile Application Downloads (Release 9.1.2 Update)

Download the following software before installing and configuring EnterpriseOne mobile applications:

1.7.1 ADF Runtime

ADF runtime is not included with the JD Edwards EnterpriseOne mobile applications download. ADF runtime is available for download from the Oracle Software Delivery Cloud Web site: https://edelivery.oracle.com/.

1.7.2 EnterpriseOne Mobile Foundation

The EnterpriseOne Mobile Foundation download contains the following components:

  • Electronic Software Updates (ESUs)

    Important:

    You must install the ESU for the AuthenticationManager Business Service before configuring the Authentication Provider.

  • SharedLibraryScripts

    The scripts ensure that mobile applications render properly on the mobile device.

  • Authentication JAR files

    The download includes the JDEADFMobileAuthenticationProvider.jar and JDEADFMobileLoginModule.jar, which are required to implement the Authentication Provider.

Important:

For EnterpriseOne mobile applications release 9.1.2, there is a new Mobile Foundation with an updated JDEADFMobileLoginModule.jar to enable support for EnterpriseOne application security in 9.1.2 mobile applications. It also enables support for JAX-WS based business services as long as you are running a minimum of EnterpriseOne Tools Release 9.1.2.4. If you do not deploy the updated JDEADFMobileLoginModule.jar file, you cannot use EnterpriseOne application security or support JAX-WS based business services.

For new EnterpriseOne mobile applications customers:

The Mobile Foundation is available for download from the Oracle Software Delivery Cloud Web site:

https://edelivery.oracle.com/.

For existing EnterpriseOne mobile applications customers:

The Mobile Foundation is available for download from the JD Edwards Update Center (login required):

https://updatecenter.oracle.com/apps/WebSearch/updatecenter.jsp?action=news&pkgType=06&

Make sure to select "EnterpriseOne Mobile" in the Type field when searching for the download.

1.7.3 EnterpriseOne Mobile Applications

Each EnterpriseOne mobile application is available as a separate download.

For new EnterpriseOne mobile applications customers:

The mobile applications are available for download from the Oracle Software Delivery Cloud Web site:

https://edelivery.oracle.com/.

For existing EnterpriseOne mobile applications customers:

The mobile applications are available for download from the JD Edwards Update Center (login required):

https://updatecenter.oracle.com/apps/WebSearch/updatecenter.jsp?action=news&pkgType=06&

Make sure to select "EnterpriseOne Mobile" in the Type field when searching for the mobile applications.

1.7.4 JD Edwards EnterpriseOne Mobile Applications Application (Optional)

EnterpriseOne 9.1.2 Mobile Expense Management application users can download the JD Edwards EnterpriseOne Mobile Applications application onto their mobile device from the Google Play store or the Apple App Store. This application enables Mobile Expense Management users to capture and upload photos of receipts or other documents using the mobile device's native camera feature.