41 Configuring Mobile and Social System Settings

This chapter discusses system configuration tasks for Oracle Access Management Mobile and Social. It contains the following sections.

Accessing the Mobile and Social Settings Interface
Logging and Auditing
Deploying Mobile and Social With Oracle Access Manager
Configuring Mobile and Social After Running Test-to-Production Scripts
Enabling the REST Client to Specify the Tenant Name

41.1 Accessing the Mobile and Social Settings Interface

Use the Mobile and Social Settings page in the Oracle Access Management Console to configure system level settings.

Note:

You can perform many Mobile and Social configuration tasks from the command line using the WebLogic Scripting Tool (WLST). For more information, see the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

Follow this procedure to access the Mobile and Social Settings page.

Log in to the Oracle Access Management Console.
Click the System Configuration tab at the top of the page.
Click Mobile and Social on the left side of the page.
Click Mobile and Social Settings.

The Mobile and Social Settings tab opens in the main frame. Configure the following Internet Identity Services settings if a proxy server is in place between the Mobile and Social server and an Identity Provider.
- Proxy URL: Choose the protocol to use to connect to the proxy server (HTTP or HTTPS), then type the proxy server host name and port number.
- Proxy Authentication: Type the user name and password required to authenticate with the proxy server.
- SAE Token Validity Period: Type the number of seconds that the system should wait before expiring the Secured Attribute Exchange token. SAE is the default scheme used to secure communication between the Mobile and Social server and any application integrating directly with Internet Identity Services.

41.2 Logging and Auditing

For information about Fusion Middleware logging, see the "Monitoring Oracle Fusion Middleware" chapter in the Oracle Fusion Middleware Administrator's Guide.

For information about Fusion Middleware auditing, see the "Configuring and Managing Auditing" chapter in the Oracle Fusion Middleware Application Security Guide.

41.3 Deploying Mobile and Social With Oracle Access Manager

Mobile and Social can be configured for use with either Oracle Access Manager 10g or 11gR1 PS1. For this to work, however, Oracle Access Manager and Mobile and Social need to be installed on different servers in different domains. Mobile and Social and Oracle Access Manager then need to be configured to work together. The following procedure documents how to do this using Oracle Access Manager 11gR1 PS1. Before you Begin - Install Mobile and Social on Host 1 and Oracle Access Manager 11gR1 PS1 on Host 2.

Log on to the Oracle Access Management Console on Host 2 and create a WebGate profile for Mobile and Social using the default settings.

In Mobile and Social, create an Authentication Service Provider for Oracle Access Manager 11.1.1.5.

See Section 39.3.1.2, "Creating an Authentication Service Provider," for instructions.

Set the Attributes as described in the following table.

Table 41-1 Attribute Settings for an Oracle Access Manager 11gR1 PS1 Authentication Service Provider

Name	Value
OAM_VERSION	OAM_10G
DEBUG_VALUE	0
TRANSPORT_SECURITY	OPEN
OAM_SERVER_1	host:port
OAM_SERVER_1_MAX_CONN	4
OAM_SERVER_2	host:port
OAM_SERVER_2_MAX_CONN	4
AuthNURL	wl_authen://Authen/Basic

In Mobile and Social, create a Service Profile for the Authentication Service Provider that you created in the previous step.

See Section 39.4, "Defining Service Profiles," for instructions.
In Mobile and Social, create a Service Domain.

See Section 39.7.1, "Creating a Service Domain," for instructions.

Merge the cwallet.sso file on Host 2 with the cwallet.sso file on Host 1 as follows:

Copy cwallet.sso from Host 2 to Host 1.

On Host 1 type

# mkdir /tmp/oam  /tmp/oic# cp <host>/cwallet.sso /tmp/oam    # cp config/fmwconfig/cwallet.sso /tmp/oic

Create file merge-creds.xml:

<?xml version="1.0" encoding="UTF-8" standalone='yes'?>
<jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd"
schema-major-version="11" schema-minor-version="1">
  <serviceProviders>
    <serviceProvider
class="oracle.security.jps.internal.credstore.ssp.SspCredentialStoreProvider"
name="credstoressp" type="CREDENTIAL_STORE">
      <description>File-based credential provider</description>
    </serviceProvider>
  </serviceProviders>
  <serviceInstances>
    <!-- Source file-based credential store instance -->
    <serviceInstance location="/tmp/oam" provider="credstoressp"
name="credential.file.source">
    </serviceInstance>
    <!-- Destination file-based credential store instance -->
    <serviceInstance location="/tmp/oic" provider="credstoressp"
name="credential.file.destination">
    </serviceInstance>
  </serviceInstances>
  <jpsContexts>
    <jpsContext name="FileSourceContext">
      <serviceInstanceRef ref="credential.file.source"/>
    </jpsContext>
    <jpsContext name="FileDestinationContext">
      <serviceInstanceRef ref="credential.file.destination"/>
    </jpsContext>
  </jpsContexts>
</jpsConfig>

Set the path variable to include $MW_HOME/oracle_common/bin:$MW_HOME/oracle_common/common/bin

Execute the command to merge the cwallet.sso files:

# wlst.shwlst:/> migrateSecurityStore(type="credStore", configFile="/tmp/mergecreds.xml",src="FileSourceContext",dst="FileDestinationContext")

Copy the merged file to config/fmwconfig:

# cp /tmp/oic/cwallet.sso /scratch/kerwin/wls10/user_projects/domain/base_domain/cfnfig/fmwconfig

Restart the OAM Server on Host 1.

41.4 Configuring Mobile and Social After Running Test-to-Production Scripts

When moving Mobile and Social from a test environment to a production environment, complete the following configuration steps on each production machine after running the Test-to-Production scripts.

Launch the Oracle Access Management Console.
On the Policy Configuration tab, choose Shared Components > Authentication Schemes > OIC Scheme and click Open.

The Authentication Schemes configuration page opens.
Update the Challenge Redirect URL value to point to the production machine (not the test machine) and click Apply.

For example: https://production_machine:port/oic_rp/login.jsp
Run the following WLST command to update the Mobile and Social credential store framework (CSF) entry to point from the test machine to the production machine.
```
createCred(map="OIC_MAP", key=" https://<production machine host>:<production machine port>/oam/server/dap/cred_submit ", user="="<description>", password=" DCC5332B4069BAB4E016C390432627ED", desc="<description>");
```
For password, use the value from the RPPartner entry, TapCipherKey attribute in oam-config.xml, located in the domain home/config/fmwconfig directory on the production machine.
In the Oracle Access Management Console, do the following:
1. Select the System Configuration tab.
2. Choose Mobile and Social > Internet Identity Services.
3. In the Application Profiles section, select OAMApplicaton and click Edit. (If using an application profile name other than OAMApplication, edit that instead.)
4. Update the Registration URL field host name and port to point to the production machine.
  
  Click Apply.

41.5 Enabling the REST Client to Specify the Tenant Name

Follow these steps to enable the REST client to specify the tenant name. Refer to "Specifying the Tenant Name in the Header" in the Developer's Guide for Oracle Access Management for more information.

Navigate to the following directory:
```
~/OAM-Domain-dir/bin
```
In a text editor, add the following line to the ./startManagedWebLogic.sh file:
```
MT_OPTION="-Doracle.multitenant.headername=MY-MT-NAME"
JAVA_OPTIONS="${MY_OPTIONS} ${JAVA_OPTIONS}" export JAVA_OPTIONS
```
Note:
If you do not specify the JVM option, the server will expect the client to use the default header name, X-ID-TENANT-NAME.
Save the file.