The Oracle Access Management Mobile and Social service acts as an intermediary between a user or client seeking to access protected resources, and the back-end Access Management and Identity Management services that protect the resources.
Mobile and Social provides simplified client libraries that allow developers to quickly add feature-rich authentication, authorization, and identity capabilities to registered applications. On the back-end, the Mobile and Social server's pluggable architecture lets system administrators customize identity and access management services without updating the user's client software or mobile applications. Mobile and Social provides two complimentary feature sets:
Mobile and Social Services (formerly Mobile Services) connects applications and devices to the enterprise Access Management and Identity Management services available in the Oracle Identity Access Management product suite. This makes it easy to utilize sophisticated authentication and authorization services functionality (such as mobile device and application registration, and device fingerprinting) to restrict access to authorized devices only. Client applications can also implement knowledge-based authentication, a powerful feature that goes beyond basic password-based authentication.
Note:
Device fingerprinting and knowledge-based authentication both require Oracle Adaptive Access Manager.
Mobile and Social Services can be configured to require a valid device and client credential and a User Token with each application token request. This ensures that only an authorized user can access a protected resource, and then only if the user is running an authorized application on an authorized device. Mobile and Social Services also provides easy access to User Profile Services if Mobile and Social is integrated with an LDAP compliant directory server.
Note:
Prior to version 11.1.2.3, Mobile and Social Services was named Mobile Services.
Social Identity allows Mobile and Social to serve as the relying party when interacting with popular cloud-based identity authentication and authorization services, such as Google, Yahoo, Facebook, Foursquare, Windows Live, Twitter, and/or LinkedIn. After deploying Mobile and Social, a user is provided with multiple log-in options without the need to implement each provider individually. This allows users to access protected resources using their credentials from a trusted Identity Provider.
Note:
Prior to version 11.1.2.2, Social Identity was named Internet Identity Services.
OAuth Services allows organizations to implement the open standard OAuth 2.0 Web authorization protocol in an Access Manager environment. OAuth enables a client to access Access Manager protected resources that belong to another user (that is, the resource owner). Applications that use Mobile and Social Services, and applications that use OAuth Services can co-exist on the same desktop or mobile device, but each requires its own separate implementation.
In addition to tight integration with Access Manager, Mobile and Social is "pre-wired" to work with other back-end Identity and Access Management Service offerings, including Oracle Adaptive Access Manager and a variety of LDAP compliant directory servers. On the front-end, Mobile and Social provides easy to use SDKs for integration of client applications on the Java, Android, and iOS platforms. The client applications then use simple REST calls to communicate with the Mobile and Social server.
Note:
REST (REpresentational State Transfer) is the software architectural style with which the World Wide Web has been developed. It is lightweight and especially well-suited to building web-based applications and services.
You can configure Mobile and Social Services and Social Identity to work together. For example, use Social Identity to let users authenticate with Google, Facebook, Twitter, and so on, and use Mobile and Social Services to (a) provide local authentication functionality, or (b) generate a User Token by accepting a User Identity assertion from a social Identity Provider. Mobile and Social Services can also enhance device registration security when used in conjunction with Social Identity.
Note:
Mobile and Social provides security layer functionality to registered applications that run on either Android or iOS devices, or in a Java SE JVM, or that communicate with the service using REST calls. If you require additional mobile functionality, ADF Mobile, a complimentary Oracle product offering, provides an application development framework for creating full-featured applications for iOS-powered devices. For more information, see the Oracle Fusion Middleware Mobile Developer's Guide for Oracle Application Development Framework.
The following sections contain additional information and documentation links regarding the installation and deployment of Mobile and Social.
Depending on the software deployed alongside Mobile and Social, the available features may vary. Table 48-1 provides the details.
Table 48-1 Features in Mobile and Social Based on the Companion Services Installed
| Feature | Mobile and Social Only | Mobile and Social + Access Manager | Mobile and Social + OAAM | Mobile and Social + Access Manager + OAAM |
|---|---|---|---|---|
|
Access Manager token support using native Access Manager authentication dialogs |
Available |
Available |
||
|
JWT token support for authentication and authorization |
Available |
Available |
Available |
Available |
|
Ability to uniquely identify connecting mobile devices (Device fingerprinting) |
Available |
Available |
||
|
Basic (limited) device security checks during device registration, access requests |
Available |
Available |
||
|
Advanced device security checks during device registration and access requests, including risk-based access controls (for example, allow or deny access based on geolocation and other device attributes) |
Available |
Available |
||
|
Multi-step authentication support (knowledge-based authentication and one time password support) |
Available |
Available |
||
|
Interact with a Directory server and support User Profile services |
Available |
Available |
Available |
Available |
|
Relying party support for Internet-based Identity Providers (Facebook, Google, Twitter, LinkedIn, Yahoo) |
Available |
Available |
Available |
Available |
See the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Managementfor installation details,
The following list contains information and links regarding several Mobile and Social deployments.
If deploying Mobile and Social together with Access Manager, both can be deployed together on the same server, either in the same domain or in separate domains. For details, see the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
If deploying Mobile and Social alongside Oracle Access Manager 10g or 11gR1 PS1, Mobile and Social and Oracle Access Manager need to be installed on different servers in different domains.
See "Deploying Mobile and Social With Oracle Access Manager"
Note:
If Access Manager is already installed, you cannot add Mobile and Social to an Oracle Access Management installation by extending the OAM domain. Attempting to do so will result in an error similar to the following:
CFGFWK-64071- the selection conflicted with templates already installed in the domain OAM with database policy store 11.1.1.3.0
If deploying Mobile and Social with a WebGate, Mobile and Social can generate the Oracle Access Management token that clients need to access the WebGate-protected resources. The following restrictions apply:
If you deployed Oracle Access Management 11gR2 (11.1.2), Mobile and Social can generate a token that can access either an 11g WebGate or a 10g WebGate.
If you deployed either Access Manager 11gR1 (11.1.1) or 10g, Mobile and Social can generate an Oracle Access Management token that can access a 10g WebGate only.
When moving Mobile and Social from a test environment to a production environment, see Configuring Social Identity After Running Test-to-Production Scripts.