An Application Profile defines an application that uses Social Identity Provider services on the Mobile and Social server.
Use this panel to configure mobile applications, web applications that run on Java-compliant application servers, and web applications that are integrated with Access Manager to use Social Identity.
If a web application is not integrated with Access Manager, integrate the Social Identity login page with the web application. See the "Developing Applications Using the Social Identity Client SDK" chapter in the Oracle Fusion Middleware Developer's Guide for Oracle Access Management for details.
If the web application is integrated with Access Manager, edit the preconfigured Application Profile named OAMApplication. When Access Manager and Mobile and Social are installed together during Oracle Access Management installation, both products are registered as trusted partners and the preconfigured Application Profile is included. As a result, you do not need to write code to integrate web applications that are integrated with Access Manager and Social Identity. The OAMApplication Application Profile that is included with Mobile and Social is preconfigured to work with Access Manager and requires only minor configuration changes to get working in your environment.
Typically, when a WebGate is configured in Access Manager, an Application Domain is created involving resources and policies. In Mobile and Social, OAMApplication is the Application Profile that corresponds to the Access Manager Application Domain. So, if you define 10 WebGates in Access Manager, and each represents an application that needs to use Mobile and Social for user authentication, use OAMApplication as a template to create 10 corresponding Application Profiles with names that match the 10 Application Domains.
Note:
When you install a WebGate to protect an application in Access Manager, the WebGate setup automatically creates an Application Domain that has LDAP as the authentication mechanism. To use Mobile and Social authentication, change the Authentication Scheme to OICScheme.
This section provides help for the Create Application Profile wizard and the Edit Application Profiles page.
The following sections contain more information.
You can create an application profile.
The following steps describes how to create an application profile:
Access the Manage Social Identity page as described in Opening the Manage Social Identity Page.
Click Create in the Application Profiles panel in the home area.
The Create New Application Profile configuration page displays.
Enter values for the general Application Profile properties.
Name - Displays the context name of the web application or mobile application. This name should match the name registered with the agent protecting the resource. If the application is integrated with Access Manager, the Application Domain name as defined in Access Manager is displayed. This should be the same value as that of the Name defined in the Mobile and Social Services Application Profile, if applicable.
Description - (Optional) Type a short description that will help you or another Administrator identify this service in the future.
Shared Secret - For mobile or web applications, provide the security secret that the application and the Mobile and Social server share to facilitate secure communication. This is needed to use the Mobile and Social user registration functionality. It can be any string.
Return URL - This value is not used if the application is a mobile application but it is a mandatory attribute. So for mobile applications, use the Mobile Application Return URL. For web applications, provide the URL that Mobile and Social should use to send back authentication responses. If the application is integrated with Access Manager, provide the following URL which Mobile and Social uses to send back authentication responses:
http://oam-host:port/oam/server/dap/cred_submit
Mobile Application Return URL - For mobile applications, provide the URL that Mobile and Social should use to send back authentication responses. This value should match the mobile application's return URL.
Enter values for the following Application Profile configuration properties.
Login Type - If configuring a non-mobile application, choose Local Authentication and Social Identity Provider Authentication if the User login page should let users choose between authenticating locally and authenticating using an Identity Provider. If configuring either a mobile application or a non-mobile application, choose Social Identity Provider Authentication only if the User login page should not give the users the option of authenticating locally.
The Mobile and Social login page supports Social Identity Provider Authentication only. Local login is not supported.
Note:
If configuring a mobile application, choose Social Identity Provider Authentication only from the Login Type menu. The Local Authentication and Social Identity Provider Authentication option is not valid for mobile applications.
Enable Browser Popup - Choose Yes if the login page should open in a pop-up window. This value should be false if this is a mobile application.
User Registration - Choose Enabled to allow users to register with the application after authenticating against a Social Identity Provider. The login page for the application will show a User Registration form and prompt the User to register. The User can complete the form and register, or click the Skip Registration button. Choose Disabled if the login page should not show a User Registration form and should not prompt the User to register.
Registration URL - Type the URL that the system should forward the User to so that the User can register for a local account. Typically the User is directed to a form with fields that correspond to the registration service attributes defined in the Application Profile. An encrypted token with attribute objects in a map are also passed to the client application as a parameter. These attributes are used to pre-populate the registration page with the User's profile data.
UserID Attribute - Type the attribute name that is used to uniquely identify the User. This attribute name should also appear in the Application User Attribute section of the Application Profile Configuration page.
User Profile Service Endpoint - Choose the User Profile Service endpoint that the application should use. The User Profile Service directs the application to the LDAP Directory service where the User will be created upon registration. User Profile Service endpoints are configured in Mobile and Social Services.
Authentication Service Endpoint - The Authentication Service endpoint determines how the user should be authenticated when local login is requested. If a mobile application, choose InternetIdentityAuthentication or any custom authentication of the type InternetIdentityAuthentication.
Choose /oamauthentication to forward the authentication request to Access Manager. The authentication scheme associated with the Mobile and Social Authentication Policy inside the IAMSuite Application domain determines how the user will be authenticated.
Choose /internetidentityauthentication to use the Identity Store specified in the corresponding endpoint.
Application Profile Properties - Click Add to add Application Profile attributes to the table. The following are supported.
app.passwd.field - Encrypts the password on the registration page. Add password as the value. To mask the password with asterisks (*) on the registration page, add the app.passwd.field property and add password as the value.
oic.app.idp.oauth.token - Instructs Mobile and Social to include the OAuth Access Token as part of the final redirect to the application. Add true as the value. Only applies if the User selected an OAuth provider (Facebook, Twitter, LinkedIn).
oic.app.user.token - Creates a JWT User Token when a User authenticates with an Identity Provider and gets redirected back to the application. Add true as the value. This token contains the Identity Provider related URI and the User identifier value on record with the Identity Provider. Use this token to access other protected Mobile and Social REST services, for example the User Profile REST Service.
Click Add to add the Application User Attributes that the Social Identity Provider should return to the application after authentication.
Configure more details for these attributes in the following Registration Service Details with Application User Attribute Mapping step.
Add rows to the Registration Service Details with Application User Attribute Mapping table to map local (User) registration attributes to the application attributes provided by the Social Identity Provider.
Add any additional Application User Attributes in the previous step first. The following definitions apply to the Registration Service Details with Application User Attribute Mapping table properties.
Registration Service Attribute - Choose from the menu the registration service attribute to configure.
User Attribute Display Name - For the attribute in the Registration Service Attribute column, type the name that should appear on the User registration form. This is the attribute name that the user sees.
Read-only - Select to prevent the user from updating the attribute value. The attribute value will display grayed-out on the form and the user will be blocked from making updates.
Note:
Do not select the Read-only option for First Name and Last Name if Yahoo is the Social Identity Provider. Yahoo does not return values for these attributes. Selecting the Read-only option will cause user registration to fail and an exception error to display.
Mandatory - Select to make the attribute a required item on the user registration form.
Application User Attribute - Choose the attribute that corresponds to the attribute in the Registration Service Attribute column.
Click Next to configure the Service Provider Interface.
The Service Provider Interface page displays.
Choose the DefaultServiceProviderInterface from the drop down menu.
For information about the Service Provider Interface, see Defining Service Provider Interfaces.
Click Next to configure the Social Identity Provider.
The Social Identity Provider page displays. Use this section to select one or more Social Identity Providers, and to map local application user attributes to Social Identity Provider attributes. For example, to use an e-mail address as the unique local user identifier when Google is the Social Identity Provider:
Select Google in the Social Identity Provider column.
A two-column table opens.
Create the mapping as follows:
Choose uid in the first row of the Application User Attribute column.
Choose e-mail in the Social Identity Provider User Attributes column.
Click Finish to create the Application Profile.
You can edit or delete an Application Profile.
Select the Profile in the panel and click Edit or Delete on the panel's tool bar. See Creating an Application Profile for attribute descriptions.