Skip to main content

Oracle Mobile Security Suite (OMSS) Installation and Setup

Install the OUD which will be used as a authentication repository for OMSS. Follow the below link to Install the OUD:

 http://idm-world.blogspot.in/2014/08/installation-of-oracle-unified.html

 OAM Configuration:

 Login to OAM console and under configuration click Available services. Enable Mobile and Social services.

 Now we will have to create a OAuth client for OMSS which will use the OAM OAuth services.

 Click on user identity stores and create a OAM ID Store for OUD. Also create a IDS repository for the same OUD. Make OUD as default store for OAM.


Open Authentication Modules and modify the LDAP and LDAPNoPasswordAuthModule to use OUD as user identity store.


Navigate to Mobile and Social > OAuth Service > Default Domain.
Create a new Oauth Web client. Provide a suitable name. Provide a client id and client secret.
'Allow token Attributes retrieval' should be checked. Under privileges and grant types check all the options.


Navigate to Default Domain > OAuthServiceProfiles and click OAuthServiceProfiles. Make sure user store in checked as OAM and under configuration settings 'Allow access to all clients is checked'.

Navigate to Default domain > Resource servers > user profile service > user profile.
Check 'Allow Token Attributes Retrieval' and under Attributes add 'proxyAuth' Attributes as false.


To check whether the OAuth client service is working properly we can use curl command. Open http://www.base64encode.org/ and provide <clientID>:<clientsecret> to convert it into UTF-8 format.<ClientID> and <clientsecret> is what we provided during creation of OAuth web client in OAM. Copy the encoded value and run the below command on OAM server.

curl -i -H 'Authorization: Basic <Encoded_ClientID:ClientSecret>' -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" --request POST http://<OAM_Host>:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens -d 'grant_type=password&username=<OAM_Admin>&password=<OAM_Admin_Password>'

If it gives HTTP / 1.1 200 OK response then OAuth client is working properly.


OMSS Configuration:

Generate the server certificates where OMSS will be running.

$ openssl req -x509 -nodes -days 3650 -subj "/CN=<OMSS_Server>" -newkey rsa:2048 -keyout "<OMSS_Server>.key" -out "<OMSS_Server>.cer"

$ openssl pkcs12 -export -out "<OMSS_Server>.pfx" -inkey "<OMSS_Server>.key" -in "<OMSS_Server>.cer" -certfile "<OMSS_Server>.cer"

Download the OMSS binaries and unzip it on server.Login as a root user to install OMSS.
Navigate to <Unzipped_Directory>/OMSS3.0.1/MSAC and run below command.

$ rpm -ivh msac-3.0.1.131.3155.el6.x86_64.rpm

Navigate to <Unzipped_Directory>/OMSS3.0.1/MSAS and run the below command:

$ rpm -ivh msas-3.0.1.131.4708.el6.x86_64.rpm

MSAC and MSAS are Installed. Navigate to /opt/oracle/omss/msac/templates.Update the Vars.conf file and provide required values also the path of generated certs.



Run ./configure.sh to configure MSAC.

Navigate to /opt/oracle/omss/msas/templates. Update the Vars.conf file and provide the required values.


After Configuration is completed run the below command to start the OMSS servers.

$ /etc/init.d/mysqld start
$ /etc/init.d/php-fpm start
$ /usr/sbin/httpd.worker -f /opt/oracle/omss/msas/conf/httpd.conf -k start

Open a browser and access http://<OMSS_server>/acp. Login with admin name and password provided in vars.conf file.


Under settings > LDAP settings provide the full connection details of LDAP server and run the full reconciliation.Also create different groups for Administrations,control and Helpdesk in LDAP and make some users member of these group.

Download a OMSS client on iOS and Android devices and provide below URL to configure client:

http://<OMSS_Server>/bmax/bmconfig_oam_pwd.json

After configuration LDAP user can login to the client and can use the allowed apps from OMSS server.











 

Comments

  1. Unknown18 January 2016 at 11:26

    Hi Shikhar,

    Is there any way to retrieve the "proxyAuth" attribute value? In my case, i have one attribute that i want to retrieve as a token attribute.

    Thanks for the attention.

    ReplyDelete

Post a Comment

Popular posts from this blog

Adding UDF (User Defined Field) on create user page OIM 11g R2 PS1:-

    Login to Sysadmin console and create a Sandbox and activate it. Click on Form Designer and search for user form. 2.      Create a new field of desired type. 3.      Provide the Required Values for UDF creation and click save and close. UDF field will be added then publish the sand box. 4.      Login to Identity console now and create another sandbox and activate it. After sandbox is activated click on users link and the click on create user. 5.      Provide the mandatory values on the form and then click the customize button on top. Select source from the view. 6.      Select the panel where the field has to be added. Select panel form lay out click add content. Select Data component Catalog from the box. 7.      Select UserVO from the bottom. ...
12 comments
Read more

OIM Tuning

Application Module tuning is a critical setting which will affect the UI performance. Following are the recommended application module settings for OIM and these are already set out-of-box (OOB) in later releases of OIM 11g R2. Ensure that these settings are implemented as recommended in your environment. -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60 - Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true - Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1 - Djbo.connectfailover=false -Djbo.max.cursors=5 - Doracle.jdbc.implicitStatementCacheSize=5 - Doracle.jdbc.maxCachedBufferSize=19 open DOMAIN_HOME/bin/setDomainEnv.sh file for the WebLogic Server instance.find these lines: JAVA_OPTIONS="${JAVA_OPTIONS}" export JAVA_OPTIONS and change it to: JAVA_OPTIONS="-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -D...
Post a Comment
Read more

OIM Reports : PS3

Oracle Business Intelligence Publisher is Oracle's primary reporting tool for authoring, manag-ing, and delivering all your highly formatted reports. BI Publisher is shipped with Oracle Identity Manager 11g Release 2 PS3. BI Publisher is deployed and configured as a separate managed server within the same Oracle Identity Manager domain. You have the choice of either leveraging the embedded BI Publisher or a standalone BI Publisher. It is recommended that you use the embedded BI Publisher if there are no other reporting requirements and you only need reporting for Oracle Identity Manager. After BI Publisher configuration, you can take advantage of the standard features of BI Publisher, such as:  Access Policy Reports  Request and Approval Reports  Password Reports  Resource and Entitlement Reports  User Reports  Certification Reports  Identity Audit Reports  Exception Reports The Screenshot of all the reports can be seen below: Every Report uses a Da...
Post a Comment
Read more