Skip to main content

Oracle Mobile Security Suite (OMSS) Installation and Setup

Install the OUD which will be used as a authentication repository for OMSS. Follow the below link to Install the OUD:

 http://idm-world.blogspot.in/2014/08/installation-of-oracle-unified.html

 OAM Configuration:

 Login to OAM console and under configuration click Available services. Enable Mobile and Social services.

 Now we will have to create a OAuth client for OMSS which will use the OAM OAuth services.

 Click on user identity stores and create a OAM ID Store for OUD. Also create a IDS repository for the same OUD. Make OUD as default store for OAM.


Open Authentication Modules and modify the LDAP and LDAPNoPasswordAuthModule to use OUD as user identity store.


Navigate to Mobile and Social > OAuth Service > Default Domain.
Create a new Oauth Web client. Provide a suitable name. Provide a client id and client secret.
'Allow token Attributes retrieval' should be checked. Under privileges and grant types check all the options.


Navigate to Default Domain > OAuthServiceProfiles and click OAuthServiceProfiles. Make sure user store in checked as OAM and under configuration settings 'Allow access to all clients is checked'.

Navigate to Default domain > Resource servers > user profile service > user profile.
Check 'Allow Token Attributes Retrieval' and under Attributes add 'proxyAuth' Attributes as false.


To check whether the OAuth client service is working properly we can use curl command. Open http://www.base64encode.org/ and provide <clientID>:<clientsecret> to convert it into UTF-8 format.<ClientID> and <clientsecret> is what we provided during creation of OAuth web client in OAM. Copy the encoded value and run the below command on OAM server.

curl -i -H 'Authorization: Basic <Encoded_ClientID:ClientSecret>' -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" --request POST http://<OAM_Host>:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens -d 'grant_type=password&username=<OAM_Admin>&password=<OAM_Admin_Password>'

If it gives HTTP / 1.1 200 OK response then OAuth client is working properly.


OMSS Configuration:

Generate the server certificates where OMSS will be running.

$ openssl req -x509 -nodes -days 3650 -subj "/CN=<OMSS_Server>" -newkey rsa:2048 -keyout "<OMSS_Server>.key" -out "<OMSS_Server>.cer"

$ openssl pkcs12 -export -out "<OMSS_Server>.pfx" -inkey "<OMSS_Server>.key" -in "<OMSS_Server>.cer" -certfile "<OMSS_Server>.cer"

Download the OMSS binaries and unzip it on server.Login as a root user to install OMSS.
Navigate to <Unzipped_Directory>/OMSS3.0.1/MSAC and run below command.

$ rpm -ivh msac-3.0.1.131.3155.el6.x86_64.rpm

Navigate to <Unzipped_Directory>/OMSS3.0.1/MSAS and run the below command:

$ rpm -ivh msas-3.0.1.131.4708.el6.x86_64.rpm

MSAC and MSAS are Installed. Navigate to /opt/oracle/omss/msac/templates.Update the Vars.conf file and provide required values also the path of generated certs.



Run ./configure.sh to configure MSAC.

Navigate to /opt/oracle/omss/msas/templates. Update the Vars.conf file and provide the required values.


After Configuration is completed run the below command to start the OMSS servers.

$ /etc/init.d/mysqld start
$ /etc/init.d/php-fpm start
$ /usr/sbin/httpd.worker -f /opt/oracle/omss/msas/conf/httpd.conf -k start

Open a browser and access http://<OMSS_server>/acp. Login with admin name and password provided in vars.conf file.


Under settings > LDAP settings provide the full connection details of LDAP server and run the full reconciliation.Also create different groups for Administrations,control and Helpdesk in LDAP and make some users member of these group.

Download a OMSS client on iOS and Android devices and provide below URL to configure client:

http://<OMSS_Server>/bmax/bmconfig_oam_pwd.json

After configuration LDAP user can login to the client and can use the allowed apps from OMSS server.











 

Comments

  1. Unknown18 January 2016 at 11:26

    Hi Shikhar,

    Is there any way to retrieve the "proxyAuth" attribute value? In my case, i have one attribute that i want to retrieve as a token attribute.

    Thanks for the attention.

    ReplyDelete

Post a Comment

Popular posts from this blog

Developing Prepopulate Adapter with OIM 11g R2

1.      Prepopulate Adapter in OIM uses the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. 2.      Write the Java code which returns the value which has to be populated on the form. 3.      This code will implement the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. Code Snippet: - package com.oracle.oim.utility.eventhandler; import java.io.Serializable; import java.util.Iterator; import java.util.List; import java.util.logging.Logger; import oracle.iam.identity.exception.NoSuchUserException; import oracle.iam.identity.exception.UserLookupException; import oracle.iam.identity.usermgmt.api.UserManager; import oracle.iam.identity.usermgmt.vo.User; import oracle.iam.platform.Platform; import oracle.iam.platform.authz.exception.AccessDeniedException; import oracle.iam.request.exception.RequestServiceException; import oracle.iam.request.vo.Beneficiary; import oracle.iam.request.vo.RequestData; public c
5 comments
Read more

OIM Tuning

Application Module tuning is a critical setting which will affect the UI performance. Following are the recommended application module settings for OIM and these are already set out-of-box (OOB) in later releases of OIM 11g R2. Ensure that these settings are implemented as recommended in your environment. -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60 - Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true - Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1 - Djbo.connectfailover=false -Djbo.max.cursors=5 - Doracle.jdbc.implicitStatementCacheSize=5 - Doracle.jdbc.maxCachedBufferSize=19 open DOMAIN_HOME/bin/setDomainEnv.sh file for the WebLogic Server instance.find these lines: JAVA_OPTIONS="${JAVA_OPTIONS}" export JAVA_OPTIONS and change it to: JAVA_OPTIONS="-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -D
Post a Comment
Read more

What is Application Instance

Application instance is a provisionable entity. It is a combination of IT resource instance (target connectivity and connector configuration) and resource object (provisioning mechanism) . Creating and managing application instances are performed by using the Oracle Identity System Administration. Once Created Application Instance can be requested from the catalog. Application instances can be connected or disconnected.  Connected application  instance -It has a connector defined for the provisioning of entities. Account is created in the target system real time in case of connected Application Instance. Disconnected  application instance - It is used for the provisioning of a disconnected resource, for which  a connector is not defined, and therefore, the provisioning is performed manually by the administrator. A mail trigger system can also be attached which sends the account creation/modification/deletion mails to the application owner.
Post a Comment
Read more