This chapter discusses system configuration tasks for Oracle Access Management Mobile and Social. It contains the following sections.
Use the Mobile and Social Settings page in the Oracle Access Management Console to configure system level settings.
Note:
You can perform many Mobile and Social configuration tasks from the command line using the WebLogic Scripting Tool (WLST). For more information, see the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.Follow this procedure to access the Mobile and Social Settings page.
Log in to the Oracle Access Management Console.
Click the System Configuration tab at the top of the page.
Click Mobile and Social on the left side of the page.
Click Mobile and Social Settings.
The Mobile and Social Settings tab opens in the main frame. Configure the following Internet Identity Services settings if a proxy server is in place between the Mobile and Social server and an Identity Provider.
Proxy URL: Choose the protocol to use to connect to the proxy server (HTTP or HTTPS), then type the proxy server host name and port number.
Proxy Authentication: Type the user name and password required to authenticate with the proxy server.
SAE Token Validity Period: Type the number of seconds that the system should wait before expiring the Secured Attribute Exchange token. SAE is the default scheme used to secure communication between the Mobile and Social server and any application integrating directly with Internet Identity Services.
For information about Fusion Middleware logging, see the "Monitoring Oracle Fusion Middleware" chapter in the Oracle Fusion Middleware Administrator's Guide.
For information about Fusion Middleware auditing, see the "Configuring and Managing Auditing" chapter in the Oracle Fusion Middleware Application Security Guide.
Mobile and Social can be configured for use with either Oracle Access Manager 10g or 11gR1 PS1. For this to work, however, Oracle Access Manager and Mobile and Social need to be installed on different servers in different domains. Mobile and Social and Oracle Access Manager then need to be configured to work together. The following procedure documents how to do this using Oracle Access Manager 11gR1 PS1. Before you Begin - Install Mobile and Social on Host 1 and Oracle Access Manager 11gR1 PS1 on Host 2.
Log on to the Oracle Access Management Console on Host 2 and create a WebGate profile for Mobile and Social using the default settings.
In Mobile and Social, create an Authentication Service Provider for Oracle Access Manager 11.1.1.5.
See Section 38.3.1.1, "Creating an Authentication Service Provider," for instructions.
Set the Attributes as described in the following table.
In Mobile and Social, create a Service Profile for the Authentication Service Provider that you created in the previous step.
See Section 38.4, "Defining Service Profiles," for instructions.
In Mobile and Social, create a Service Domain.
See Section 38.7.1, "Creating a Service Domain," for instructions.
Merge the cwallet.sso
file on Host 2 with the cwallet.sso
file on Host 1 as follows:
Copy cwallet.sso
from Host 2 to Host 1.
On Host 1 type
# mkdir /tmp/oam /tmp/oic# cp <host>/cwallet.sso /tmp/oam # cp config/fmwconfig/cwallet.sso /tmp/oic
Create file merge-creds.xml
:
<?xml version="1.0" encoding="UTF-8" standalone='yes'?> <jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" schema-major-version="11" schema-minor-version="1"> <serviceProviders> <serviceProvider class="oracle.security.jps.internal.credstore.ssp.SspCredentialStoreProvider" name="credstoressp" type="CREDENTIAL_STORE"> <description>File-based credential provider</description> </serviceProvider> </serviceProviders> <serviceInstances> <!-- Source file-based credential store instance --> <serviceInstance location="/tmp/oam" provider="credstoressp" name="credential.file.source"> </serviceInstance> <!-- Destination file-based credential store instance --> <serviceInstance location="/tmp/oic" provider="credstoressp" name="credential.file.destination"> </serviceInstance> </serviceInstances> <jpsContexts> <jpsContext name="FileSourceContext"> <serviceInstanceRef ref="credential.file.source"/> </jpsContext> <jpsContext name="FileDestinationContext"> <serviceInstanceRef ref="credential.file.destination"/> </jpsContext> </jpsContexts> </jpsConfig>
Set the path variable to include $MW_HOME/oracle_common/bin:$MW_HOME/oracle_common/common/bin
Execute the command to merge the cwallet.sso
files:
# wlst.shwlst:/> migrateSecurityStore(type="credStore", configFile="/tmp/mergecreds.xml",src="FileSourceContext",dst="FileDestinationContext")
Copy the merged file to config/fmwconfig
:
# cp /tmp/oic/cwallet.sso /scratch/kerwin/wls10/user_projects/domain/base_domain/cfnfig/fmwconfig
Restart the OAM Server on Host 1.
When moving Mobile and Social from a test environment to a production environment, complete the following configuration steps on each production machine after running the Test-to-Production scripts.
Launch the Oracle Access Management Console.
On the Policy Configuration tab, choose Shared Components > Authentication Schemes > OIC Scheme and click Open.
The Authentication Schemes configuration page opens.
Update the Challenge Redirect URL value to point to the production machine (not the test machine) and click Apply.
For example: https://
production_machine:
port/oic_rp/login.jsp
Run the following WLST command to update the Mobile and Social credential store framework (CSF) entry to point from the test machine to the production machine.
createCred(map="OIC_MAP", key=" https://<production machine host>:<production machine port>/oam/server/dap/cred_submit ", user="="<description>", password=" DCC5332B4069BAB4E016C390432627ED", desc="<description>");
For password
, use the value from the RPPartner
entry, TapCipherKey
attribute in oam-config.xml
, located in the domain home/config/fmwconfig
directory on the production machine.
In the Oracle Access Management Console, do the following:
Select the System Configuration tab.
Choose Mobile and Social > Internet Identity Services.
In the Application Profiles section, select OAMApplicaton and click Edit. (If using an application profile name other than OAMApplication, edit that instead.)
Update the Registration URL field host name and port to point to the production machine.
Click Apply.