The Welcome to Mobile and Social - Mobile and Social Services configuration page is divided into separate panels that can be expanded and collapsed by clicking the arrow button in the top left corner of the panel.
The following sections contain more information about the Mobile and Social Services panels.
Mobile and Social includes pre-configured objects to support typical deployment scenarios. These objects are designed to help you get Mobile and Social up and running with only minor modifications required. Each section lists the pre-configured objects available after installation.
A Service Provider is defined for each back-end service that you are making available to client applications.
By configuring the back-end service as a Service Provider, the Mobile and Social server knows how to communicate with it. You can configure a back-end service as one of the following Service Provider types.
Authentication Service Provider - Interfaces with an Identity Provider so that the back-end service can authenticate users, mobile devices, client applications, access permissions, and issue authentication tokens accordingly. Mobile and Social supports Access Manager and JSON Web Tokens (JWT) with their own Service Provider and Service Profile configuration objects. Further, mobile client authentication and non-mobile client authentication is managed separately so each token type has a separate mobile and non-mobile Service Provider and Service Profile. The following pre-configured Authentication Service Providers are available for typical deployments.
OAMAuthentication - Oracle Access Manager Authentication Token Service Provider
MobileOAMAuthentication - Mobile Oracle Access Manager Authentication Token Service Provider
JWTAuthentication - JSON Web Token Authentication Service Provider
MobileJWTAuthentication - Mobile JSON Web Token Authentication Service Provider
JWTOAMAuthentication - Allows lightweight, long-duration JWT tokens to be exchanged for OAM tokens. OAM tokens provide SSO and OAM resource access to clients. This provider allows users using non-mobile applications to get a new OAM token without having to provide credentials if they have a valid, long-duration JWT token.
MobileJWTOAMAuthentication - Allows lightweight, long-duration JWT tokens to be exchanged for OAM tokens. OAM tokens provide SSO and OAM resource access to clients. This provider allows users using mobile applications to get a new OAM token without having to provide credentials if they have a valid, long-duration JWT token.
InternetIdentityAuthentication -The Social Identity JSON Web Token Authentication Service Provider provides pre-configured support for apps using Mobile and Social Services to accept an authentication result from the Mobile and Social Social Identity.
See Defining, Modifying or Deleting an Authentication Service Provider for instructions on how to create a custom Authentication Service Provider.
Authorization Service Provider - Interfaces with a back-end Identity Provider that makes authorization (access) decisions. The pre-configured OAMAuthorization Authorization Service Provider is provided for typical deployments.
See Defining, Modifying or Deleting an Authorization Service Provider for instructions on how to create a custom Authorization Service Provider.
User Profile Service Provider - Interfaces with a directory server to lookup and update User Profile records. The pre-configured User Profile Service Provider is provided for typical deployments.
See Defining, Modifying or Deleting a User Profile Service Provider for instructions on how to create a custom User Profile Service Provider.
You can create multiple Service Profiles for a Service Provider to define different token capabilities and service endpoints. Each Service Provider instance requires at least one corresponding Service Profile. Mobile and Social includes a pre-configured Service Profile for each pre-configured Service Provider configuration object.
A Security Handler Plug-in enhances security by consulting additional logic for trust and risk analysis. Such additional logic may deny certain risky operations.
The Security Handler Plug-in applies the logic during Authentication Service operations, including client application registration. Using a Security Handler Plug-in is optional. The Security Handler Plug-ins provided with this version of the software are optimized for mobile applications. If used, only apply it to mobile-related Service Domains, its authentication services, and client applications. Do not use a Security Handler Plug-in with a non-mobile application.
Mobile and Social invokes the Security Handler Plug-in during sensitive security operations (such as authentication) as well as during operations that involve token acquisition. Mobile and Social includes the following preconfigured Security Handler Plug-ins:
OAAMSecurityHandlerPlugin enables the sophisticated device registration and risk-based strong authentication logic available in Oracle Adaptive Access Manager.
Default Security Handler Plug-in offers more limited device registration logic.
An Application Profile describes the configuration and security properties of the client application that will consume services provided by the Service Provider. An Application Profile is required either when mobile applications are used, or when a non-mobile application is used with a service that does not have secured application protection.
Attributes defined include an Application Profile name, a short description of the application, a list of name-value attribute pairs, and its mobile configuration settings. (Mobile configuration settings include options such as the maximum duration in minutes that the Profile can be cached, the number of allowable authentication retries, and whether offline authentication is allowed.) You can also choose which mobile device attributes (such as
osversion, and so on) are required for the application. A single Application Profile can be assigned to multiple Service Domains.
A Service Domain is a logical grouping that serves to associate a Service Profile with an Application Profile and (optionally) a Security Handler Plug-in. A Service Domain specifies how applications are allowed to access services in Mobile and Social.
Typically an organization should have one Service Domain for managing mobile apps, and a separate Service Domain for managing non-mobile apps. When creating a Service Domain you:
Decide whether the Service Domain is for managing mobile applications or desktop applications.
Choose an authentication scheme and, optionally, a Security Handler Plug-in for the Service Domain.
Add one or more Mobile SSO Agents and configure which agents have priority over the others.
Add one or more applications to the Service Domain and configure which can use a Mobile SSO Agent.
Choose at least one Service Profile for the Service Domain.
Configure security settings to protect the Service Domain services.
Mobile and Social includes the following pre-configured Service Domains:
The Default (Service Domain) is pre-configured for non-mobile applications.
The Mobile Service Domain is pre-configured for mobile applications.
Use one of these Service Domains as a template to create your own, or modify them to suit the needs of your organization. Only mobile authentication Service Profiles can be added to a mobile Service Domain.