8 MSAS Applications Help

This chapter documents the Applications page in the Mobile Security Access Server (MSAS) console. To open this page from the Mobile Security Launch Pad, select Applications in the Mobile Security Access Server section.

The following topics are covered:

MSAS Applications Page
MSAS Applications Detail Page
Proxy URLs Page
URLs Page
URL Policy Configuration Page
Application Roles Summary Page
Application Roles Page

8.1 MSAS Applications Page

The Mobile Security Access Server (MSAS) provides a central access control point in the DMZ to secure traffic from mobile devices to back-end URLs. It can act as a reverse proxy (URL virtualization) and a forward proxy.

For URL virtualization you create a virtual URL for an existing back-end URL, where the virtual URL acts like a reverse proxy for the back-end URL. In reverse proxy, the client does not know anything about the back-end URL. It is hidden and the client sees only the virtual URL. In the forward proxy case, the clients know about the back-end URL and can hit it directly with MSAS as the proxy server.

Mobile Security Access Server applications group related URLs to be proxied through the server. Each application:

Contains the definition of one or more virtual URLs or proxy URLs.
Contains related security artifacts and access policies attached to each URL.

The applications are deployed to MSAS instances, and can be exported and imported from test to production environments.

When you create an MSAS instance, several reserved applications are created by default. For details about these applications, see "Reserved Applications in MSAS" in Administering Oracle Mobile Security Access Server.

Use the MSAS Applications page to:

View a list of applications across all MSAS instances or an individual instance.
Search for applications.
Import an application.
Create a virtual or proxy application.
Navigate to the MSAS Applications Detail page where you can view, edit, and export an application.
Delete or export an application.

The MSAS Applications page is arranged in the following sections:

Search
Applications Table

Use the Search section of the MSAS Applications page to perform an advanced search for applications in the repository. The results that are returned are the applications that meet the conditions specified in the Search and Type fields, and sorted as specified in the drop-down.

Element Description

Element	Description
Search	Select the operator to use to refine the search and enter the search value in the search field. Valid search operators are: Name—Returns all applications with a name matching the value specified. MSAS Instance Name—Returns all applications in an MSAS instance that match the MSAS instance ID specified. Tags—Returns all applications that contain the tag matching the value specified. Use percent `%` as a wildcard. Asterisk `*` is not recognized as a wildcard and is treated as plain text. Searches using the Name and Tag operator are case insensitive, but searches using the MSAS Instance Name operator are case sensitive.
Type	Specify the type of applications for which you want to search and display in the results. Valid options are: Virtual Application—Applications defined in the MSAS environment that specify virtual URLs for back-end URLs. Proxy Application—Applications defined in the MSAS environment that specify back-end URLs that will be proxied directly through the Mobile Security Access Server. Direct URL—URLs, defined in a DIRECT application, that are directly accessed and are not intercepted by the Mobile Security Access Server. Blocked URL—URLs, defined in a BLOCK application, that are designated as inaccessible, or blacklisted. ALL—All types of applications in the environment.
Sort By	Select the order in which the results are displayed: Name, MSAS Instance Name, or Last Modified.

Select the operator to use to refine the search and enter the search value in the search field. Valid search operators are:

Name—Returns all applications with a name matching the value specified.
MSAS Instance Name—Returns all applications in an MSAS instance that match the MSAS instance ID specified.
Tags—Returns all applications that contain the tag matching the value specified.

Use percent % as a wildcard. Asterisk * is not recognized as a wildcard and is treated as plain text. Searches using the Name and Tag operator are case insensitive, but searches using the MSAS Instance Name operator are case sensitive.

Type

Specify the type of applications for which you want to search and display in the results. Valid options are:

Virtual Application—Applications defined in the MSAS environment that specify virtual URLs for back-end URLs.
Proxy Application—Applications defined in the MSAS environment that specify back-end URLs that will be proxied directly through the Mobile Security Access Server.
Direct URL—URLs, defined in a DIRECT application, that are directly accessed and are not intercepted by the Mobile Security Access Server.
Blocked URL—URLs, defined in a BLOCK application, that are designated as inaccessible, or blacklisted.
ALL—All types of applications in the environment.

Sort By Select the order in which the results are displayed: Name, MSAS Instance Name, or Last Modified.

Perform the following actions on this page to add applications to the instance.

Action	Description
Import	Import a zip archive containing an MSAS application. You can use this feature in combination with Export to move applications between different repositories. Click Import, then click Browse to locate the zip archive in your local directory that contains the application to be imported, and click Import. The imported application is added to the list of applications in the Applications table. Notes: The applications to be imported must use the following directory structure: `META-INF/virtualapplication/MSASInstanceName/application_name`
+Create	Use this action to create a new virtual or proxy application. Virtual applications include one or more virtual URLs, or reverse-proxy URLs. In reverse-proxy, you create a virtual URL to hide the actual URL from the client. Proxy applications include one or more forward proxy URLs. In forward proxy, the client is aware of the URL and can access it directly using a proxy server configured on the client side.
Virtual Application	Select Virtual Application to display the Create Virtual Application window.
Name	Enter an application name that adheres to the XML xs:NCName format using only valid NCName ASCII characters. For example, it must start with a letter or underscore (`_`), and cannot contain any space characters or colons (`:`). It must be unique within the MSAS instance. Non-ASCII characters are not supported. This field is required. The NCName format is defined in the W3C document Namespaces in XML 1.0 (Third Edition) at `http://www.w3.org/TR/REC-xml-names/#NT-NCName`
Display Name	Optionally, enter a name used to clearly identify the instance in the console.
Description	Optionally, provide a description of the application.
MSAS Instance	Select the MSAS instance that will contain this application. This field is required.
Save	Save the application and display the URL summary page where you can add URLs to the application.
Cancel	Exit the Create Virtual Application window without creating the application.
Proxy Application	Select Proxy Application to display the Create Proxy Application window.
Name	Enter an application name that adheres to the XML xs:NCName format using only valid NCName ASCII characters. For example, it must start with a letter or underscore (`_`), and cannot contain any space characters or colons (`:`). It must be unique within the MSAS instance. Non-ASCII characters are not supported. This field is required. The NCName format is defined in the W3C document Namespaces in XML 1.0 (Third Edition) at `http://www.w3.org/TR/REC-xml-names/#NT-NCName`
Display Name	Optionally, enter a name used to clearly identify the application in the console.
Description	Optionally, provide a description of the application.
MSAS Instance	Select the MSAS instance that will contain this application. This field is required.
Save	Save the application and display the URL summary page where you can add URLs to the application.
Cancel	Exit the Create Proxy Application window without creating the application.

Applications Table

The Applications table displays a list of the applications in the repository that match the criteria specified in the Search fields. The results are displayed as specified in the Sort By field.

The following information is provided for each application.

Element	Description
Icon	Each application is indicated by an icon that represents the type of application. Click the icon to open the MSAS Applications Detail page to view or edit the application. Virtual application—Applications defined in the MSAS environment that specify virtual URLs for back-end URLs. In this case, the Mobile Security Access Server acts as reverse-proxy and hides the actual back-end URL from the clients. Proxy application—Applications defined in the MSAS environment that specify back-end URLs that will be proxied directly through the Mobile Security Access Server. In this case, the Mobile Security Access Server acts as a forward proxy. The back-end URLs are visible to the client but the requests are proxied through the Mobile Security Access Server. DIRECT application—Reserved application per MSAS instance that you can edit to specify URLs that are directly accessed and are not intercepted by the Mobile Security Access Server. BLOCK application—Reserved application per MSAS instance that you can edit to specify URLs that are designated as inaccessible, or blacklisted.
Name/Instance	Application name and the associated MSAS instance. Click the application name to access the MSAS Applications Detail page to view or edit the application.
Type	Type of application, either Virtual Application, Proxy Application, Direct URL, or Blocked URL.
Tag	Optional user-defined tag used to categorize the applications.
Updated By/Last Modified	Name of the user that updated the application and the length of time that has elapsed since it was last updated.
Options menu	Click to access the Delete and Export actions.
Delete	Delete an application in the instance. In the Delete Application window click Delete to delete the application or Cancel to cancel the operation. Note: Reserved applications, such as BLOCK, DIRECT, msm, and msm-reverse-proxy, cannot be deleted.
Export	Export a zip archive containing the application to your local directory. Reserved applications, such as BLOCK, DIRECT, msm, and msm-reverse-proxy, cannot be exported. You can use this feature in combination with Import to move applications between different repositories. Select Export from the menu and save the zip archive to your file system. The directory structure for each application is maintained in the archive file using the following structure: `META-INF/virtualapplication/MSASInstanceName/application_name`
Load More Items	Use this action to view additional applications in the Applications table. By default, five rows are displayed. Each time you click Load More Items an additional five rows are shown.

"Managing Mobile Security Access Server Applications" in Administering Oracle Mobile Security Access Server

8.2 MSAS Applications Detail Page

Use the MSAS Applications Detail page to:

View and edit the details of an application.
View the number of URLs configured in the application and navigate to a page where you can view or search for configured URLs and add URLs.
Navigate to the Application Roles page where you can view or search for configured roles and add roles.
View and edit the tags associated with the application.
Export the application.

The MSAS Applications Detail page provides general summary information about the application and the ability to edit the configuration.

Element	Description
Icon	Indicates representing the type of application: Virtual application—Applications defined in the MSAS environment that specify virtual URLs for back-end URLs. In this case, the Mobile Security Access Server acts as reverse-proxy and hides the actual back-end URL from the clients. Proxy application—Applications defined in the MSAS environment that specify back-end URLs that will be proxied directly through the Mobile Security Access Server. In this case, the Mobile Security Access Server acts as a forward proxy. The back-end URLs are visible to the client but the requests are proxied through the Mobile Security Access Server DIRECT application—Reserved application per MSAS instance that you can edit to specify URLs that are directly accessed and are not intercepted by the Mobile Security Access Server. BLOCK application—Reserved application per MSAS instance that you can edit to specify URLs that are designated as inaccessible, or blacklisted.
Name	Name that you specified in the Display Name field when you created the application. If you did not provide a display name, this field is blank. To edit or add a display name, click in the name field and make the desired changes.
Description	Description of the application. To add or edit the description, click in the description field and make the desired changes.
URLs	The number of URLs configured in the application. Click the search icon to open the URL or Proxy URL page. Use this page to view or search for configured URLs, and to edit the security configuration of the URL.
Application Roles	Click the search icon to display the Application Roles page. Use this page to view or search for configured application roles, and to add roles. From the Application Roles page you can click Add Roles to display the Create Application Role pages. For more information, see Application Roles Summary Page.
Tags	List of tags configured for the application. You can use tags to categorize applications to make them easier to locate in the console. Click the icon to open the Tags window where you can edit existing tags or add new tags. To add a tag, click Add and enter the tag name in the Tag field. When finished, click OK.
Application Information	Summary information about the application.
MSAS Instance Name	Name of the MSAS instance on which the application is deployed.
Security Context	App stripe used for security artifacts such as authorization policies.
Last Modified	The length of time that has elapsed since the application was updated.
Updated By	User that last updated the application.

Perform the following actions on the MSAS Applications Detail page.

Action Description

Action	Description
Export	Export a zip archive containing the application to your local directory. Reserved applications, such as BLOCK and DIRECT, cannot be exported. You can use this feature in combination with Import to move applications between different repositories. Select Export from the menu and save the zip archive to your file system. The directory structure for each policy is maintained in the archive file using the following structure: `META-INF/virtualapplication/MSASInstanceName/application_name`
Apply	If you have made changes to the application, click Apply to save the changes.
Revert	Click Revert to cancel any changes made to the application.

Export

Export a zip archive containing the application to your local directory. Reserved applications, such as BLOCK and DIRECT, cannot be exported. You can use this feature in combination with Import to move applications between different repositories.

Select Export from the menu and save the zip archive to your file system.

The directory structure for each policy is maintained in the archive file using the following structure:

META-INF/virtualapplication/MSASInstanceName/application_name

Apply

If you have made changes to the application, click Apply to save the changes.

Revert

Click Revert to cancel any changes made to the application.

"Managing Mobile Security Access Server Applications" in Administering Oracle Mobile Security Access Server

8.3 Proxy URLs Page

Use the Mobile Security Access Server Proxy URLs page to:

View a list of the proxy URLS configured in a proxy application.
Search for proxy URLs in the application.
Add proxy URLs to an application.
Delete proxy URLs from an application.
Navigate to the URL Policy Configuration page where you can secure the URL using policies and assertions.

The Proxy URLs page is arranged in the following sections:

Search
Proxy URLs Table

Use the Search section of the Proxy URLs page to search for URLs configured in the application. The results that are returned are the URLs that meet the conditions specified in the Search field, and sorted as specified in the Sort By drop-down.

Element	Description
Search	Enter all or part of a proxy URL name in the search field and click the search icon. Use percent `%` as a wildcard. Asterisk `*` is not recognized as a wildcard and is treated as plain text. Searches are case-insensitive.
Sort By	Select the order in which the results should be sorted, either by Name or by Last Modified date.

Perform the following action on this page to add proxy URLs to the application.

Action	Description
+ ProxyURL	Use this action to add a proxy URL to the application.
Add	Click Add to add one or more proxy URLs to the application. To add multiple URLs, click Add multiple times.
Host URL	Enter the URL to add to the application. It must be unique to all applications in the MSAS instance.
Name	Enter a meaningful name for the proxy URL.
Description	Optionally, provide a description of the proxy URL.
2-Way SSL	Reserved for future use.
Save	Save the proxy URL in the application and display the URL summary page.
Cancel	Exit the Add Proxy URL window without adding the proxy URLs to the application.

Proxy URLs Table

The Proxy URLs table displays a list of the proxy URLs configured in the application and that match the criteria specified in the Search field. The results are displayed as specified in the Sort By field.

The following information is provided for each proxy URL.

Element	Description
Proxy URL Icon	Click the Proxy URL icon to access the URL configuration page to attach policies or assertions to secure the access.
Name	Name of the proxy URL that you specified in the Name field when you added the URL to the application. Click the URL name to access the URL configuration page to secure the URL.
URL	URL that you specified in the Host URL field that you added to the application.
Updated By/Last Modified	Name of the user that updated the application and the length of time that has elapsed since it was last updated.
Options menu	Click the options menu icon to access the Delete and Edit actions.
Delete	Delete the URL from the application. In the Delete URL window, click Delete to delete the URL or Cancel to cancel the operation.
Edit	Edit the proxy URL. In the Edit Proxy URL window, enter the desired changes in the fields and click Apply to save the changes or Cancel to exit the window without saving the changes.
Load More Items	Use this action to view additional URLs in the Proxy URLs table. By default, five rows are displayed. Each time you click Load More Items an additional five rows are shown.

"Managing URLs in an MSAS Application" in Administering Oracle Mobile Security Access Server

8.4 URLs Page

Use the Mobile Security Access Server URLs page to:

View a list of URLS configured in a virtual application.
Search for URLs in the application.
Add URLs to an application.
Delete URLs from an application.
Navigate to the URL Policy Configuration page where you can secure the URL using policies and assertions.

The URLs page is arranged in the following sections:

Search
URLs Table

Use the Search section of the URLs page to search for URLs configured in the application. The results that are returned are the URLs that meet the conditions specified in the Search field, and sorted as specified in the Sort By drop-down.

Element	Description
Search	Enter the URL name, or partial name, in the search field and click the search icon. Use percent `%` as a wildcard. Asterisk `*` is not recognized as a wildcard and is treated as plain text. Searches are case-insensitive.
Sort By	Select the order in which the results should be sorted, either by Name or by Last Modified date.

Perform the following actions on this page to add virtual URLs to the application.

Action	Description
+URL	Use this action to add a virtual URL to the application.
Add	Click Add to add one or more URLs to the application. To add multiple URLs, click Add multiple times.
Host URL	Enter the URL to add to the application. This URL will not be visible to clients.
Name	Enter a name for the virtual URL.
MSAS URI	Enter the virtual URL that will be visible to clients. It must be unique within the MSAS instance. For example `virtualURL01`.
Description	Optionally, provide a description of the virtual URL.
HTTP Method	HTTP method to use for the virtual URL. Valid options are: GET—Retrieves the information specified in the request URI. POST—Requests that the origin server accept the entity enclosed in the request as a new subordinate of the resource identified by the Request URI. PUT—Requests that the target resource be created or modified with the entity enclosed in the request message. HEAD— Identical to GET but without the message body in the response. OPTIONS—Returns the HTTP methods that the server supports for the URL. TRACE—Loops the received request back to the client so that they can see what was received by the server and any intermediaries. CONNECT—Not supported. DELETE—Delete the resource specified in the request URL. All—All HTTP verbs. For details about HTTP methods, see the Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content RFC document at `https://tools.ietf.org/html/rfc7231`.
2-Way SSL	Reserved for future use.
Save	Save the URL in the application and display the URL summary page.
Cancel	Exit the Add URL window without adding the URLs to the application.

URLs Table

The URLs table displays a list of the virtual URLs configured in the application and that match the criteria specified in the Search field. The results are displayed as specified in the Sort By field.

The following information is provided for each virtual URL.

Element	Description
	Click the URL icon to access the URL configuration page to attach policies or assertions to secure the access to the URL.
Name/Description	Name and description of the virtual URL that you specified when you added the URL to the application. Click the URL name to access the URL configuration page to secure the access to the URL.
HTTP Method	The MSAS URI and the associated HTTP method that you specified when you added the URL.
Updated By/Last Modified	Name of the user that updated the application and the length of time that has elapsed since it was last updated.
Options menu	Click the options menu icon to access the Delete and Edit actions.
Delete	Delete the virtual URL from the application. In the Delete URL window click Delete to delete the URL or Cancel to cancel the operation.
Edit	Edit the virtual URL. In the Edit URL window, enter the desired edits in the fields and click Apply to save the changes or Cancel to exit the window without saving the changes.
Load More Items	Use this action to view additional URLs in the URLs table. By default, five rows are displayed. Each time you click Load More Items an additional five rows are shown.

"Managing URLs in an MSAS Application" in Administering Oracle Mobile Security Access Server

8.5 URL Policy Configuration Page

Use the URL Policy Configuration page to:

View the policies or assertions attached to a URL.
Attach policies or assertions to policy enforcement points of a URL. You can attach policies and assertions on request from the client to MSAS, at invoke from MSAS to the back-end web application, and on response from MSAS to the client.
View the details of a policy attached to a URL.
Override configuration properties for an attached policy.
Validate that the policy attachments adhere to the validation rules.

The URL Policy Configuration page provides the ability to attach policies and assertions to policy enforcement points in URLs and to configure property overrides in a policy.

Element	Description
Icon/Name	URL icon and name of the URL that you specified when you added the URL to the application. This field is read-only.
Host URL	The URL to be secured in the application. For virtual URLs, this represents the back-end URL to be hidden from the client. This field is read-only.
Description	Description that you provided when you added the URL to the application. This field can be blank.
2-way SSL	Indicates whether 2-way SSL is enabled or disabled
MSAS URI	The virtual URI that will be exposed to the client in place of the host URL. This field appears for virtual URLs only.
HTTP Method	Action that should be performed when the URI is invoked. This field is displayed for virtual URLs only.
Policies tab	Displays the policy enforcement points to which you can attach policies and assertions.
On-Request	Use this field to attach one or more policies or assertions to secure access from the client to MSAS. Click the options menu and select Add Assertion, Add Policy, or Reorder from the menu.
Add Assertion	Attach one or more assertions to the policy enforcement point. The Add Assertion page is displayed with a list of all the available assertions that are applicable. Use this page to search for existing assertion templates and use them to attach assertions to the policy enforcement point. In the Add Assertion page, provide search parameters in the Name and Category fields and click Search. The results that match the search criteria are displayed in the search results table. In the search results table, select the assertion or assertions to be attached and click Add Selected. To attach all the listed assertions, click Add All. The selected assertions are displayed in the Selected Assertion Templates table. In the Selected Assertion Templates table, review the selections. To remove one or more assertions from this table, click Remove Selected or Remove All. When you have confirmed the assertion selection, click Add Assertion. Click Add Assertion to attach the assertions to the policy enforcement point, or Cancel to exit the window without attaching assertions. Note: When you attach an assertion to the on-request policy enforcement point, the compatible assertion is automatically attached to the on-response endpoint.
Add Policy	Attach one or more policies to the policy enforcement point. The Attach Policies page is displayed with a list of all the available policies that are applicable. Use this page to search for existing polices and use them to attach policies to the policy enforcement point. In the Attach Policies page, provide search parameters in the Name and Category fields and click Search. The results that match the search criteria are displayed in the search results table. In the search results table, select the policy or policies to be attached and click Add Selected. To attach all the listed policies, click Add All. The selected policies are displayed in the Selected Policies table. In the Selected Policies table, review the selections. To remove one or more policies from this table, click Remove Selected or Remove All. When you have confirmed the policy selection, click Attach Policies. Note: When you attach a policy to the on-request policy enforcement point, the compatible policy is automatically attached to the on-response endpoint.
Reorder	Reorder the attached policies and assertions. In the Reorder window, select the desired assertion or policy and click the up or down arrow to change the order. Click OK when finished to save the changes, or Cancel to exit the window without changing the assertion order.
Invoke Proxy/Invoke	Use this field to attach policies or assertions used to invoke the back-end web application (URL). Click the options menu icon and select Add Assertion, Add Policy, or Reorder from the menu.
Add Assertion	Attach one or more assertions to the policy enforcement point. The Add Assertion page is displayed with a list of all the available assertions that are applicable. Use this page to search for existing assertion templates and use them to attach assertions to the policy enforcement point. In the Add Assertion page, provide search parameters in the Name and Category fields and click Search. The results that match the search criteria are displayed in the search results table. In the search results table, select the assertion or assertions to be attached and click Add Selected. To attach all the listed assertions, click Add All. The selected assertions are displayed in the Selected Assertion Templates table. In the Selected Assertion Templates table, review the selections. To remove one or more assertions from this table, click Remove Selected or Remove All. When you have confirmed the assertion selection, click Add Assertion.
Add Policy	Attach one or more policies to the policy enforcement point. The Attach Policies page is displayed with a list of all the available policies that are applicable. Use this page to search for existing polices and use them to attach policies to the policy enforcement point. In the Attach Policies page, provide search parameters in the Name and Category fields and click Search. The results that match the search criteria are displayed in the search results table. In the search results table, select the policy or policies to be attached and click Add Selected. To attach all the listed policies, click Add All. The selected policies are displayed in the Selected Policies table. In the Selected Policies table, review the selections. To remove one or more policies from this table, click Remove Selected or Remove All. When you have confirmed the policy selection, click Attach Policies.
Reorder	Reorder the attached policies and assertions. In the Reorder window, select the desired assertion or policy and click the up or down arrow to change the order. Click OK when finished to save the changes, or Cancel to exit the window without changing the assertion order.
On-Response	Use this field to attach policies or assertions to secure the response message sent back to the client. Click the options menu icon and select Add Assertion, Add Policy, or Reorder from the menu.
Add Assertion	Attach one or more assertions to the policy enforcement point. The Add Assertion page is displayed with a list of all the available assertions that are applicable. Use this page to search for existing assertion templates and use them to attach assertions to the policy enforcement point. In the Add Assertion page, provide search parameters in the Name and Category fields and click Search. The results that match the search criteria are displayed in the search results table. In the search results table, select the assertion or assertions to be attached and click Add Selected. To attach all the listed assertions, click Add All. The selected assertions are displayed in the Selected Assertion Templates table. In the Selected Assertion Templates table, review the selections. To remove one or more assertions from this table, click Remove Selected or Remove All. When you have confirmed the assertion selection, click Add Assertion. Click Add Assertion to attach the assertions to the URL, or Cancel to exit the window without attaching assertions. Note: When you attach an assertion to the on-request policy enforcement point, the compatible assertion is automatically attached to the on-response endpoint.
Add Policy	Attach one or more policies to the policy enforcement point. The Attach Policies page is displayed with a list of all the available policies that are applicable. Use this page to search for existing polices and use them to attach policies to the policy enforcement point. In the Attach Policies page, provide search parameters in the Name and Category fields and click Search. The results that match the search criteria are displayed in the search results table. In the search results table, select the policy or policies to be attached and click Add Selected. To attach all the listed policies, click Add All. The selected policies are displayed in the Selected Policies table. In the Selected Policies table, review the selections. To remove one or more policies from this table, click Remove Selected or Remove All. When you have confirmed the policy selection, click Attach Policies. Note: When you attach a policy to the on-request policy enforcement point, the compatible policy is automatically attached to the on-response endpoint.
Reorder	Reorder the attached policies and assertions. In the Reorder window, select the desired assertion or policy and click the up or down arrow to change the order. Click OK when finished to save the changes, or Cancel to exit the window without changing the assertion order.

When you attach a policy or assertion to a policy enforcement point, it is listed beneath the policy enforcement point to which it is attached. Click the options menu icon for an attached policy or assertion to perform the following actions.

Action	Description
Edit	Use this action to view or edit the details for an attached policy or assertion.
General	For attached policies, this tab displays general information about the policy in read-only format, including the name, display name, description, the type of endpoints to which the policy can be attached, and so on. For attached assertions, this tab displays details about the assertion including the name, the category to which the assertion belongs (for example security/authentication or security/msg-protection), the type of assertion (for example `http-jwt-token`), and whether the assertion is enforced and advertised. The Details or Settings section provides the ability to view the settings for the selected assertion. Assertion template details vary based on the type of assertion. For example, assertions that include message protection will include settings that are specific to message security.
Versioning History	Click Versioning History to open the Policy Version History page that you use to view a list of all versions of the policy, view the details of any policy version in read-only format, activate any version of a policy, and delete or export any version of a policy. You cannot edit a policy from the Policy Version History page. You must edit and save the policy in the Policy Details page.
Assertions	If you selected an attached policy, click this tab to view the assertions in the policy. Click an assertion to view details about the assertion including the name, the category to which the assertion belongs (for example security/authentication or security/msg-protection), the type of assertion (for example `http-jwt-token`), and whether the assertion is enforced and advertised. The Details section provides the ability to view the settings for the selected assertion. Assertion template details vary based on the type of assertion. For example, assertions that include message protection will include settings that are specific to message security.
Overrides	Click this tab to view the configuration properties for the policy/assertion. Configuration properties vary based on the assertion. Use these fields to override a property on a per-attachment basis. To override a property, enter the override value in the Value field and press Enter or click anywhere on the page to activate Apply and Revert. To save your changes, click Apply. To cancel the changes before saving, click Revert. Note that for some policies that contain a `csf.key` property, you can press Click to Add to add username/password credentials for creating a token on the outbound request. After adding a `csf.key`, you can delete it if necessary by clicking X.

After attaching or detaching policies or assertions, or overriding the configuration properties for an attached policy or assertion, perform the following actions to validate and save and changes.

Action	Description
Validate	When you have finished attaching policies or assertions to the policy enforcement points, click Validate to dynamically check whether the combination of attached policies and assertions is valid.
Apply	Click Apply to save changes to the application or overrides on a policy or assertion.
Revert	Click Revert to cancel any changes.

"Securing Mobile Security Access Server Resources" in Administering Oracle Mobile Security Access Server

8.6 Application Roles Summary Page

In Mobile Security Access Server, the scope of an application role is the MSAS application. That is, the roles in one MSAS application apply only to that application and are not visible to other MSAS applications. Application roles are supported in both virtual and proxy applications and are used with the authorization policy to configure role-based authorization.

Use the Mobile Security Access Server Application Roles Summary page to:

View a list of the application roles configured in the application.
Search for application roles in the application.
Navigate to the Application Roles page where you can create and add roles to an application, edit existing roles, manage application role hierarchy, and map users to application roles.
Delete application roles from an application.

Perform the following actions on this page to search for roles and to add roles to the application.

Action	Description
Search	Enter all or part of a role name in the search field and click Search. Wildcards are not recognized and are treated as plain text. Searches are case-insensitive.
Add Role	Use this action to access the Create Application Roles page where you can add roles to the application.

Application Roles Table

The Application Roles table displays a list of the roles configured in the application and that match the criteria specified in the Search field.

Element	Description
Role Icon	Click the icon to access the Application Roles page where you can add or change the role hierarchy and mappings.
Name	Name or display name that you specified when you created the role. If specified, this field uses the display name. If no display name was specified, it uses the application role name.
Description	The role description you specified when you created the role.
Options menu	Click the options menu icon to access the Delete Role and Edit Role actions.
Edit Role	Edit the application role. When you click Edit Role the Application Roles page displays. Enter the desired edits in the fields and click Apply to save the changes or Revert to exit the window without saving the changes.
Delete Role	Delete a role in the application. In the Remove App Role window, click Remove to delete the application role or Cancel to cancel the operation.
Load More Items	Use this action to view additional application roles in the table. By default, five rows are displayed. Each time you click Load More Items an additional five rows are shown.

"Configuring Authorization in MSAS Applications" in Administering Oracle Mobile Security Access Server

"Managing Roles in an MSAS Application" in Administering Oracle Mobile Security Access Server

8.7 Application Roles Page

Use the Application Roles page to:

View the details for an application role.
Create a new application role in the application if you access this page using Add Role on the Application Roles Summary page.
Edit an existing application role in the application.
Manage Application Role hierarchy—Roles can be combined in a hierarchy where higher-level roles subsume permissions owned by sub-roles.
Map application roles to external roles
Map application roles to users

The Application Roles page provides general information about the role.

Element	Description
Name	Name of the application role. It must be unique in the application. This field is required.
Display Name	Optionally, enter a name used to clearly identify the role in the console.
Description	Optionally, provide a description for the application.

The page also provides three tabs which allow you to define the role hierarchy and map the role to users and externally.

App Role Hierarchy
External Role Mapping
User Mapping

App Role Hierarchy

The App Role Hierarchy tab creates role relationships between roles. Roles can be combined in a hierarchy where higher-level roles subsume permissions owned by sub-roles.

Field	Description
Inherits From	Specify the application roles from which the current application role (the role being created or edited) should inherit permissions.
Search	Enter all or part of a role name and click Search to display the results. Empty strings fetch all roles in the application.
Add to hierarchy	Create a role relationship between the current role and the selected role. The selected role is added to the App Roles table.
App Roles	Table listing the application roles from which the current role has inherited permissions.
Remove	Remove the relationship between the selected role in the App Roles table and the current role.
Inherited By	Click this tab to view the application roles that inherit the permissions of this role.

External Role Mapping

Use the External Role Mapping tab to map the selected role to external roles.

Field	Description
Search	Enter all or part of a role name and click Search to display the results. Empty strings fetch all roles configured in the WebLogic Server domain.
Map to Role	Select the external role to map to the application role and click Map to Role. The selected role is added to the Mapped Roles table.
Mapped Roles	Table listing the external roles mapped to the application role. Each row lists the role name and description.
Remove	Remove the mapping between the selected external role and the application role.

User Mapping

Use the User Mapping tab to map the selected role to existing users.

Field	Description
Search	Enter all or part of a user name and click Search to display the results. Empty strings fetch all users with the appropriate privileges in the identity store.
Map to Role	Select the user to map to the application role and click Map to Role. The selected user is added to the Mapped Users table
Mapped Users	Table listing the users mapped to the application role. Each row lists the user name and description.
Remove	Remove the user mapping from the application role.

"Configuring Authorization in MSAS Applications" in Administering Oracle Mobile Security Access Server

"Managing Roles in an MSAS Application" in Administering Oracle Mobile Security Access Server