49.4 Defining Service Profiles

A Service Profile defines a Service Endpoint URL for a Service Provider on the Mobile and Social server.

Each Service Provider instance requires at least one corresponding Service Profile instance. You can create multiple Service Profiles for a single Service Provider; each Service Profile will define different token capabilities and service endpoints for the Service Provider.

Note:

One Service Profile can be assigned to multiple Service Domains. In general, mobile Service Profiles should be assigned to mobile Service Domains, and non-mobile Service Profiles should be assigned to non-mobile Service Domains. See Defining Service Domains.

Add one or more Service Profiles after having created the required Service Provider(s).

You need to familiarize yourself with the following topics to define Service Profiles:

• Defining, Modifying, and Deleting an Authentication Service Profile

• Defining, Modifying and Deleting an Authorization Service Profile

• Defining, Modifying and Deleting a User Profile Service Profile

49.4.1 Defining, Modifying, and Deleting an Authentication Service Profile

You can define, modify, and deleting an Authentication Service Profile.

The following topics include information about Authentication Service Profiles:

• Creating an Authentication Service Profile

• Editing or Deleting an Authentication Service Profile

49.4.1.1 Creating an Authentication Service Profile

You can create an Authentication Service Profile and modify its attributes and values.

To create:

1. Access the Mobile and Social Services configuration page.

   See Opening the Mobile and Social Services Configuration Page.

2. Click Create in the Service Profiles section and choose Create Authentication Service Profile.

   The Authentication Service Profile Configuration page displays.

3. Enter values for the Authentication Service Profile general properties.

   Table 49-10 Authentication Service Profile Default General Properties

   Name	Notes
   Name	Type a unique name for this Authentication Service Profile.
   Description	(Optional) Type a short description that will help you or another Administrator identify this service in the future.
   Service Type	Shows the type of Service Profile that you are creating (either a User Profile Service, an Authentication Service, or an Authorization Service).The value is read-only.
   Service Endpoint	Create a unique uniform resource identifier (URI) address for this service by typing a string in the box; for example, localhost:5575. If creating an Authentication Service Profile, the URI Category Information section shows the URIs that will be created to create, validate, manage, and delete the Profile's client, user, and Access Tokens, as well as the "Client Registration Handle" URI that is used to register devices. If creating an Authorization Service Profile, the URI Category Information section shows the authorization URI category that will be created on the Service. If creating a User Profile Service Profile, the URI Category Information section shows the URI categories that will be created on the Service (one URI to manage Users, and another to manage Groups).
   Service Provider	Choose the Service Provider on which this Service Profile should be based. The contents of this list are determined by the Service Type. A Service Provider must be defined before you can create a corresponding Service Profile.
   Service Enabled	Select the box to enable the service; clear the box to disable.

4. Select an option under Token Support and URI Category Information to enable support for the token type on the service, or clear the option box to disable support for the token type on the service.

   Token Support applies to Authentication Service Profiles only. The corresponding uniform resource identifier (URI) is listed alongside each token type.

   Table 49-11 Token Support and URI Category Information Default Properties

   Name	Notes
   Client Registration Handle	Required for mobile token services so that the client device can register with the Mobile and Social server. The server issues a Client Registration Handle after authenticating the user. When OAAM and its Security Handler Plug-in is used in conjunction with a mobile Authentication Service, the Plug-in can run fraud detection and risk analysis policy checks, enhancing authenticity and the trust level of a client. To add an Authentication Service Profile to a mobile Service Domain, Client Registration Handle must be enabled. Client Registration Handles are not used in non-mobile Service Domains.
   Client Token	Select to enable Client Tokens on the Service. A Client Token is a security grant issued by the Mobile and Social server to prove that a non-mobile device or client is authenticated. The server issues a Client Token after authenticating the client based on a name and password or other credentials. Client Tokens are optional in non-mobile Service Domains. They are not used in mobile Service Domains.
   User Token	Select to enable User Tokens on the Service. A User Token is a security grant issued by the Mobile and Social server to prove that a user is authenticated. A User Token can be used to request an Access Token.
   Access Token	Select to enable Access Tokens on the Service. An Access Token is a security grant issued by the Mobile and Social server so that a client application can access a specific protected resource. A client application can get an Access Token by presenting a User Token, provided that the user is authorized to access the resource.

5. Click Create to create the Service Profile configuration object.

49.4.1.2 Editing or Deleting an Authentication Service Profile

You can edit or delete an Authentication Service Profile.

Select the Service Profile in the panel and click Edit or Delete on the panel's tool bar.

49.4.2 Defining, Modifying and Deleting an Authorization Service Profile

The following topics include information regarding Authentication Service Profiles:

• Creating an Authorization Service Profile

• Editing or Deleting an Authorization Service Profile

49.4.2.1 Creating an Authorization Service Profile

You create an Authorization Service Profile from the Mobile and Social Services configuration page.

To create:

1. Access the Mobile and Social Services configuration page.

   See Opening the Mobile and Social Services Configuration Page.

2. Click Create in the Service Profiles section and choose Create Authorization Service Profile.

   The Authorization Service Profile Configuration page displays.

3. Enter values for the Authorization Service Profile general properties.

   Table 49-12 Authorization Service Profile Default General Properties

   Name	Notes
   Name	Type a unique name for this Authorization Service Profile.
   Description	(Optional) Type a short description that will help you or another Administrator identify this service in the future.
   Service Type	Shows the type of Service Profile that you are creating (either a User Profile Service, an Authentication Service, or an Authorization Service).The value is read-only.
   Service Endpoint	Create a unique uniform resource identifier (URI) address for this service by typing a string in the box; for example, localhost:5575. If creating an Authentication Service Profile, the URI Category Information section shows the URIs that will be created to create, validate, manage, and delete the Profile's client, user, and Access Tokens, as well as the "Client Registration Handle" URI that is used to register devices. If creating an Authorization Service Profile, the URI Category Information section shows the authorization URI category that will be created on the Service. If creating a User Profile Service Profile, the URI Category Information section shows the URI categories that will be created on the Service (one URI to manage Users, and another to manage Groups).
   Service Provider	Choose the Service Provider on which this Service Profile should be based. The contents of this list are determined by the Service Type. A Service Provider must be defined before you can create a corresponding Service Profile.
   Service Enabled	Select the box to enable the service; clear the box to disable.

4. Click Create to create the Service Profile configuration object.

49.4.2.2 Editing or Deleting an Authorization Service Profile

You can edit or delete an Authorization Service Profile.

To edit or delete:

1. Select the Service Profile in the panel.

2. Click Edit or Delete on the panel's tool bar.

49.4.3 Defining, Modifying and Deleting a User Profile Service Profile

The following topics include information about Authentication Service Profiles:

• Creating a User Profile Service Profile

• Editing or Deleting a User Profile Service Profile

49.4.3.1 Creating a User Profile Service Profile

To create a User Profile Service Profile:

1. Access the Mobile and Social Services configuration page.

   See Opening the Mobile and Social Services Configuration Page

2. Click Create in the Service Profiles panel in the home area and choose Create User Profile Service Profile.

   The User Profile Service Profile Configuration page displays.

3. Enter values for the User Profile Service Profile general properties.

   Table 49-13 User Profile Service Profile Default General Properties

   Name	Notes
   Name	Type a unique name for this Authorization Service Profile.
   Description	(Optional) Type a short description that will help you or another Administrator identify this service in the future.
   Service Type	Shows the type of Service Profile that you are creating (either a User Profile Service, an Authentication Service, or an Authorization Service).The value is read-only.
   Service Endpoint	Create a unique uniform resource identifier (URI) address for this service by typing a string in the box; for example, localhost:5575. If creating an Authentication Service Profile, the URI Category Information section shows the URIs that will be created to create, validate, manage, and delete the Profile's client, user, and Access Tokens, as well as the "Client Registration Handle" URI that is used to register devices. If creating an Authorization Service Profile, the URI Category Information section shows the authorization URI category that will be created on the Service. If creating a User Profile Service Profile, the URI Category Information section shows the URI categories that will be created on the Service (one URI to manage Users, and another to manage Groups).
   Service Provider	Choose the Service Provider on which this Service Profile should be based. The contents of this list are determined by the Service Type. A Service Provider must be defined before you can create a corresponding Service Profile.
   Service Enabled	Select the box to enable the service; clear the box to disable.

4. Click Create to create the Service Profile configuration object.

49.4.3.2 Editing or Deleting a User Profile Service Profile

To edit or delete a User Profile Service Profile:

• Select the Service Profile in the panel.

• Click Edit or Delete on the panel's tool bar.