Академический Документы
Профессиональный Документы
Культура Документы
Table of Contents
Objective Create The Application Profile Create the Native Login Mobile Service Domain Service Profile Bindings Service Protection Finish domain creation Update the MobileJWTAuthentication Token provider to use OVD Configure Social Login Create the Internet (Social) Application profile Create the Service Domain for Social Login Modify the InternetIdentityAuthentication provider to use OVD
Objective
The objective of this chapter is to configure the OAM Mobile and Social server (OAMMS) for the sample application. You should be familiar with the OAM Administration guide and should understand the following OAMMS concepts: Application Profiles: An application is a web (html/javascript) or native (iOS or Android) application. Applications may have different requirements for AuthN/AuthZ, and therefore each application that interacts with OAMMS REST services must be uniquely defined. Service Providers: Service providers define a type or class of service for authentication, authorization or user profiles. Think of Service providers as "templates" that are used to instantiate a real instance of a service. For example, the JWTAuthentication provider performs authentication and returns JWT (JSON Web Tokens) to the application. In contrast, the OAMAuthentication also provides authentication but uses OAM SSO tokens. Service Domains: Service domains bind together applications and service providers into a service domain. They are the instantiation of the defined providers. Multiple service domains are needed when we have different communities of users or devices that we want to serve. For example - customers may authenticate to one source, while employees may use another.
04/07/2013
Enter the parameters for the new Application profile. Setting Name baseSecret Mobile Configuration check box Webview URL Scheme Android Package Android Signature Description The application name. In this example we use MobileDemo (note: the name is not visible in the screenshot below). The application name configured here must match the application name in the settings for the deployed Android application. Enter a password here. This does not need to match any existing password. It is used as an encryption key between the client and the OAMMS server Enable this checkbox for any mobile applications. This enables the SDK to collect and send Mobile specific attributes to the OAMMS server.
Controls the type of browser that the Android application will use when showing a Social login dialog. The embedded browser (default) will render the browser within the application. External will use the system standalone browser. External can sometimes be preferable for debugging Both Android and iOS use a custom URL scheme to register O/S handlers that will take control when OAMMS transfers control to device. Use the value osa:// The fully qualified name of the Android application that you will deploy. This is taken from your application's AndroidManifest.xml file. This is used to tell Android which application to launch when an intent is received (for example osa://). This is the unique signature for your application. The android development chapter in this lab explains how to find this value. For development it is generated by the Android SDK tools. For production this value is a stable signing key available from Google as part of the Play store deployment process.
04/07/2013
Note: If you are deploying the pre-compiled .apk sample application, the signature is found below. If you are compiling the application in eclipse your signature will be unique to your SDK environment. You will need to extract your signature from the application logs. This procedure is detailed in the sample application walkthrough.
3 0 8 2 0 3 0 d 3 0 8 2 0 1 f 5 a 0 0 3 0 2 0 1 0 2 0 2 0 4 1 9 7 3 0 8 1 b 3 0 0 d 0 6 0 9 2 a 8 6 4 8 8 6 f 7 0 d 0 1 0 1 0 b 0 5 0 0 3 0 3 7 3 1 0 b 3 0 0 9 0 6 0 3 5 5 0 4 0 6 1 3 0 2 5 5 5 3 3 1 1 0 3 0 0 e 0 6 0 3 5 5 0 4 0 a 1 3 0 7 4 1 6 e 6 4 7 2 6 f 6 9 6 4 3
04/07/2013
Create a name for your domain (NativeMobileDomain is used below). The name configured must match the service domain set in the Android application. Under "Application Profile Selection" click the browse button. Choose the application profile that you created in the previous step. This associates the application with this service domain. A service domain can support multiple applications.
04/07/2013
04/07/2013
Service Protection
The REST services for a domain can be protected by requiring the caller to present a token to invoke the service. In the example below we protect the authorization and user profile services. Make sure you enable writing of the profile. The sample application will demonstrate a user updating their profile. This call will fail if the write checkbox is not enabled.
04/07/2013
04/07/2013
04/07/2013
04/07/2013
Set the following parameters for the new application profile Setting Name Shared Secret Return URL Mobile Application Return URL Login Type Enable browser pop ups Description The application name. This must match the name of the of mobile application profile created for your application under Mobile Services. We use MobileDemo for this example. A password used as an encryption key between the application and OAMMS. This does not need to match any existing passwords. See below After the Relying Party (social) login, the OAMMS server will redirect to the Android application using this URI. This URI will be registered with Android and associated with an Intent that is mapped to our sample application. This allows our sample application (and the linked SDK) to handle the post login authentication process. Use osa:// for this lab. If you look inside your applications AndroidManifest.xml file you will see this URI mapped to an activity that invokes the SDK. Choose to allow local login as well as Social login. Select yes to allow use of new browser instance to pop up for the login page.
04/07/2013
User Registration Authentication Service Endpoint Application to Provider Mapping
Select the social login providers that you wish to enable. For the lab select Google. You can choose others here (e.g. Facebook) but you must register for a developer API key.
04/07/2013
In this example we call the domain "SocialDomain". The type should be Mobile Application and the application credential type User Token. At this point we will not use a security post processor (leave this blank for now) Add the application "MobileDemo" to the domain. Advance the next page of the wizard.
04/07/2013
Select the Service profiles as shown below. Take care that the Authorization service is set to InternetIdentityAuthentication
Set the protection for the Profile and Authorization services as shown below:
04/07/2013
04/07/2013
List of attachments
Kind
png png png png png png png png png png png png png png png png png png png png
Attachment Name Workhop-android-mobsoc-08.png Workshop-android-mobsoc-01.png Workshop-android-mobsoc-02.png Workshop-android-mobsoc-02b.pn... Workshop-android-mobsoc-02c.pn... Workshop-android-mobsoc-03.png Workshop-android-mobsoc-04.png Workshop-android-mobsoc-05.png Workshop-android-mobsoc-06.png Workshop-android-mobsoc-07.png Workshop-android-social-01.png Workshop-android-social-02.png Workshop-android-social-03.png Workshop-android-social-04.png Workshop-android-social-05.png Workshop-android-social-06.png Workshop-android-social-07.png Workshop-android-social-08.png Workshop-android-social-09.png Workshop-android-social-10.png
Size 192.7 kB 233.7 kB 217.5 kB 209.7 kB 155.0 kB 266.2 kB 179.3 kB 165.6 kB 170.3 kB 204.9 kB 182.9 kB 70.3 kB 63.7 kB 18.3 kB 170.0 kB 56.2 kB 46.7 kB 45.1 kB 73.4 kB 43.8 kB
Version 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Date Modified 02-Jul-2013 12:59 01-Jul-2013 19:41 01-Jul-2013 19:41 03-Jul-2013 14:01 03-Jul-2013 20:02 01-Jul-2013 19:41 01-Jul-2013 19:41 01-Jul-2013 19:41 01-Jul-2013 19:42 01-Jul-2013 19:42 03-Jul-2013 13:56 03-Jul-2013 13:56 03-Jul-2013 13:57 03-Jul-2013 13:57 03-Jul-2013 19:22 03-Jul-2013 19:22 03-Jul-2013 19:23 03-Jul-2013 19:23 03-Jul-2013 19:23 03-Jul-2013 19:23
Author admin admin admin admin admin admin admin admin admin admin admin admin admin admin admin admin admin admin admin admin
Change note