Contents

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

1 Getting Started with Mobile Security Access Server

• 1.1 Understanding Mobile Security Access Server
• 1.2 Understanding Key Concepts in Mobile Security Access Server
• 1.3 Mobile Security Access Server Architecture Overview
• 1.4 Mobile Security Access Server Administration Tools
• 1.5 Roadmap for Installing and Using Mobile Security Access Server

2 Managing Mobile Security Access Server Instances

• 2.1 Viewing MSAS Instances in the Environment
• 2.2 Viewing the Configuration of an MSAS Instance
• 2.3 Synchronizing MSAS Instance Configuration
• 2.4 Creating and Registering a Logical MSAS Instance
• 2.5 Changing the MSM Server Associated with an MSAS Instance
• 2.6 Deleting a Logical MSAS Instance
• 2.7 Starting and Stopping MSAS

3 Managing Mobile Security Access Server Applications

• 3.1 Mobile Security Access Server Application Types
• 3.2 Reserved Applications in MSAS
• 3.3 Viewing MSAS Applications in the Environment
• 3.4 Creating a Virtual Application
• 3.5 Creating a Proxy Application
• 3.6 Viewing the Applications in an MSAS Instance
• 3.7 Searching for MSAS Applications
• 3.8 Viewing MSAS Application Details
• 3.9 Editing an MSAS Application
• 3.10 Managing URLs in an MSAS Application
• 3.11 Exporting MSAS Applications
• 3.12 Importing MSAS Applications
• 3.13 Categorizing MSAS Applications Using Tags
• 3.14 Deleting MSAS Applications

4 Configuring Web Settings in MSAS

• 4.1 Understanding PAC Files in MSAS
• 4.2 Understanding the Mapping Between PAC Files and MSAS Applications
• 4.3 Configuring Blocked URLs
• 4.4 Configuring Direct URLs

5 Securing Mobile Security Access Server Resources

• 5.1 Overview of Mobile Security Access Server Resource Security
• 5.2 Attaching Policies and Assertions to Virtual Applications
• 5.3 Attaching Policies and Assertions to Proxy Applications
• 5.4 Viewing Policies Attached to an Application
• 5.5 Configuring Policy Overrides
• 5.6 Validating Policy Attachments
• 5.7 Detaching Policies from an Application
• 5.8 Configuring Authorization in MSAS Applications
  • 5.8.1 Managing Roles in an MSAS Application
    • 5.8.1.1 Creating an Application Role
    • 5.8.1.2 Viewing Roles in an MSAS Application
    • 5.8.1.3 Managing the Application Role Hierarchy
    • 5.8.1.4 Mapping External Roles to an Application Role
    • 5.8.1.5 Mapping Users to an Application Role
    • 5.8.1.6 Deleting Application Roles
  • 5.8.2 Configuring Authorization
• 5.9 Summary of Supported Policies and Assertions

6 Configuring a Mobile Security Access Server Instance

• 6.1 Understanding MSAS Instance Configuration
• 6.2 Configuring an MSAS Instance Using the MSAS Console
  • 6.2.1 Viewing General MSAS Instance Configuration
  • 6.2.2 Configuring the Identity Store Profile
  • 6.2.3 Configuring Trusted Issuers and DN Lists for Signing Certificates
  • 6.2.4 Configuring Message Security
    • 6.2.4.1 Configuring the MSAS Keystore
    • 6.2.4.2 Configuring Security Settings
  • 6.2.5 Configuring the Cache Refresh Time
  • 6.2.6 Configuring Authentication Endpoints
    • 6.2.6.1 Configuring KINIT and PKINIT Authentication
    • 6.2.6.2 Configuring OAuth2 Confidential Client Authentication
    • 6.2.6.3 Configuring Oracle Access Manager Mobile and Social (OAMMS) Authentication
    • 6.2.6.4 Configuring the Crypto Service
  • 6.2.7 Configuring System Settings
    • 6.2.7.1 Configure Outbound Message Settings
    • 6.2.7.2 Configure Proxy Server Settings
    • 6.2.7.3 Configure Server Settings
    • 6.2.7.4 Configuring the SSL Keystore and Truststore
• 6.3 Configuring an MSAS Instance Using WLST
  • 6.3.1 Accessing the MSAS WLST Commands
  • 6.3.2 Viewing MSAS Instance Configuration Using WLST
  • 6.3.3 Using the setMSASConfiguration WLST Command to Configure an MSAS Instance
  • 6.3.4 Configuring an Identity Store Profile Using WLST
    • 6.3.4.1 Creating an Identity Store Profile Using WLST
    • 6.3.4.2 Updating an Identity Profile Using WLST
    • 6.3.4.3 Deleting an Identity Profile
  • 6.3.5 Defining Trusted Issuers and Managing DN Lists Using WLST
    • 6.3.5.1 Configuring Trusted Issuers and DN Lists Using WLST
    • 6.3.5.2 Deleting a Trusted Issuer Using WLST
    • 6.3.5.3 Deleting a Token Issuer Trust Document Using WLST
    • 6.3.5.4 Exporting and Importing Trust Configuration Using WLST
    • 6.3.5.5 Revoking Trust From Trusted Issuers Using WLST
  • 6.3.6 Configuring Message Security Using WLST
    • 6.3.6.1 Managing the MSAS Keystore Using Keystore Service Commands
    • 6.3.6.2 Configuring the Signature and Encryption Keys in the MSAS Keystore Using WLST
    • 6.3.6.3 Configuring Security Settings Using WLST
  • 6.3.7 Configuring the Cache Refresh Time Using WLST
  • 6.3.8 Configuring the Authentication Endpoints Using WLST
    • 6.3.8.1 Configuring the KINIT and PKINIT Authentication Endpoint Using WLST
    • 6.3.8.2 Configuring the OAuth2 Confidential Client Endpoint Using WLST
    • 6.3.8.3 Configuring the OAuth2 Mobile Client Endpoint Using WLST
    • 6.3.8.4 Configuring the Crypto Service Endpoint Using WLST
  • 6.3.9 Configuring System Settings Using WLST
    • 6.3.9.1 Configuring Outbound Message Settings Using WLST
    • 6.3.9.2 Configuring Proxy Server Settings Using WLST
    • 6.3.9.3 Configuring Server Settings Using WLST
    • 6.3.9.4 Configuring SSL Settings Using WLST
    • 6.3.9.5 Configuring Access Log Settings Using WLST
  • 6.3.10 Configuring the SToken Expiry Time
  • 6.3.11 Configuring the MSAS Heartbeat Using WLST
  • 6.3.12 Configuring Additional Server Settings Using WLST
  • 6.3.13 Configuring the Credential Store Using WLST
• 6.4 Advanced Kerberos Configuration
  • 6.4.1 Creating the Kerberos Configuration File Manually
  • 6.4.2 Adding Multiple Active Directory Domains
  • 6.4.3 Targeting Specific Domain Controllers
  • 6.4.4 Adding Alternate UPN Suffixes
• 6.5 Manually Configuring OAuth2 Client Authentication
  • 6.5.1 Configuring OAuth2 Confidential Client Authentication
  • 6.5.2 Configuring OAuth2 Mobile Client Authentication
• 6.6 Configuring Single Sign-On (SSO) for OAM WebGate and Oracle WSM Protected Resources
• 6.7 Configuring Single Sign-On for Kerberos and NTLM Protected Resources
• 6.8 Configuring an MSAS Instance as a WebGate

7 Configuring the SSL Keystore and Truststore

• 7.1 Understanding the SSL Keystore and Truststore
  • 7.1.1 SSL Keystore and Truststore Locations
  • 7.1.2 Managing the SSL Keystore and Truststore
• 7.2 Configuring SSL Between the Mobile Device and MSAS
  • 7.2.1 Obtaining a Trusted Certificate and Importing it into the SSL Keystore
  • 7.2.2 Downloading the MSAS Identity Certificate into the Mobile Device
• 7.3 Configuring SSL Between MSAS and Back-End Resources
• 7.4 Configuring SSL Between MSAS and the Identity Store

8 Managing Policies and Assertion Templates

• 8.1 Overview of Policy and Assertion Template Management
  • 8.1.1 Building Policies Using Policy Assertions
  • 8.1.2 Predefined Policies and Assertion Templates
• 8.2 Managing Policies
  • 8.2.1 Viewing Access Policies
  • 8.2.2 Searching for Policies
  • 8.2.3 Viewing the Details of a Policy
  • 8.2.4 Creating and Editing a Policy
    • 8.2.4.1 Creating a New Policy
    • 8.2.4.2 Cloning a Policy
    • 8.2.4.3 Editing a Policy
  • 8.2.5 Exporting and Importing Policies
    • 8.2.5.1 Exporting a Policy
    • 8.2.5.2 Importing a Policy
  • 8.2.6 Adding Assertions to a Policy
  • 8.2.7 Adding an OR Group to a Policy
  • 8.2.8 Versioning Policies
    • 8.2.8.1 Viewing the Version History of a Policy
    • 8.2.8.2 Changing the Current Version of a Policy
    • 8.2.8.3 Deleting Versions of a Policy
    • 8.2.8.4 Exporting a Version of a Policy
  • 8.2.9 Deleting a Policy
• 8.3 Validating Policies
• 8.4 Managing Policy Assertion Templates
  • 8.4.1 Viewing Assertion Templates
  • 8.4.2 Searching for an Assertion Template
  • 8.4.3 Viewing the Details of an Assertion Template
  • 8.4.4 Cloning an Assertion Template
  • 8.4.5 Editing an Assertion Template
  • 8.4.6 Editing the Configuration Properties
  • 8.4.7 Configuring Assertions
  • 8.4.8 Exporting and Importing an Assertion Templates
    • 8.4.8.1 Exporting an Assertion Template
    • 8.4.8.2 Importing an Assertion Template
  • 8.4.9 Deleting an Assertion Template
• 8.5 Enabling or Disabling Policies and Assertions
  • 8.5.1 Enabling or Disabling a Policy for all Policy Enforcement Points
  • 8.5.2 Enabling or Disabling Assertions Within a Policy
• 8.6 Defining Multiple Policy Alternatives (OR Groups)
• 8.7 Recommended Naming Conventions for Policies
• 8.8 Recommended Naming Conventions for Assertion Templates

9 Managing Log Files

• 9.1 Overview of Log File Management
• 9.2 Configuring the Level of Information Written to Log Files
  • 9.2.1 Configuring Log Levels Using the MSAS Console
  • 9.2.2 Configuring Log Levels Using WLST
    • 9.2.2.1 Getting the Log Level Using WLST
    • 9.2.2.2 Setting the Log Level Using WLST
    • 9.2.2.3 Getting a List of Loggers
• 9.3 Configuring MSAS Access Logs

10 Managing the MSAS Repository

• 10.1 About the MSAS Repository
• 10.2 Understanding the Different Mechanisms for Exporting and Importing Application Metadata
• 10.3 Exporting and Importing MSAS Application Metadata Using WLST
  • 10.3.1 Exporting MSAS Applications from the MSAS Repository
  • 10.3.2 Importing MSAS Application Metadata from the MSAS Repository
• 10.4 Migrating MSAS Application Metadata Between Application Environments
• 10.5 Replacing the MSAS Application Host and Port Values