Oracle Mobile Security Suite (OMSS) Installation and Setup

Install the OUD which will be used as a authentication repository for OMSS. Follow the below link to Install the OUD:

http://idm-world.blogspot.in/2014/08/installation-of-oracle-unified.html

OAM Configuration:

Login to OAM console and under configuration click Available services. Enable Mobile and Social services.

Now we will have to create a OAuth client for OMSS which will use the OAM OAuth services.

Click on user identity stores and create a OAM ID Store for OUD. Also create a IDS repository for the same OUD. Make OUD as default store for OAM.

Open Authentication Modules and modify the LDAP and LDAPNoPasswordAuthModule to use OUD as user identity store.

Navigate to Mobile and Social > OAuth Service > Default Domain.
Create a new Oauth Web client. Provide a suitable name. Provide a client id and client secret.
'Allow token Attributes retrieval' should be checked. Under privileges and grant types check all the options.

Navigate to Default Domain > OAuthServiceProfiles and click OAuthServiceProfiles. Make sure user store in checked as OAM and under configuration settings 'Allow access to all clients is checked'.

Navigate to Default domain > Resource servers > user profile service > user profile.

Check 'Allow Token Attributes Retrieval' and under Attributes add 'proxyAuth' Attributes as false.

To check whether the OAuth client service is working properly we can use curl command. Open http://www.base64encode.org/ and provide <clientID>:<clientsecret> to convert it into UTF-8 format.<ClientID> and <clientsecret> is what we provided during creation of OAuth web client in OAM. Copy the encoded value and run the below command on OAM server.

curl -i -H 'Authorization: Basic <Encoded_ClientID:ClientSecret>' -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" --request POST http://<OAM_Host>:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens -d 'grant_type=password&username=<OAM_Admin>&password=<OAM_Admin_Password>'

If it gives HTTP / 1.1 200 OK response then OAuth client is working properly.

OMSS Configuration:

Generate the server certificates where OMSS will be running.

$ openssl req -x509 -nodes -days 3650 -subj "/CN=<OMSS_Server>" -newkey rsa:2048 -keyout "<OMSS_Server>.key" -out "<OMSS_Server>.cer"

$ openssl pkcs12 -export -out "<OMSS_Server>.pfx" -inkey "<OMSS_Server>.key" -in "<OMSS_Server>.cer" -certfile "<OMSS_Server>.cer"

Download the OMSS binaries and unzip it on server.Login as a root user to install OMSS.

Navigate to <Unzipped_Directory>/OMSS3.0.1/MSAC and run below command.

$ rpm -ivh msac-3.0.1.131.3155.el6.x86_64.rpm

Navigate to <Unzipped_Directory>/OMSS3.0.1/MSAS and run the below command:

$ rpm -ivh msas-3.0.1.131.4708.el6.x86_64.rpm

MSAC and MSAS are Installed. Navigate to /opt/oracle/omss/msac/templates.Update the Vars.conf file and provide required values also the path of generated certs.

Run ./configure.sh to configure MSAC.

Navigate to /opt/oracle/omss/msas/templates. Update the Vars.conf file and provide the required values.

After Configuration is completed run the below command to start the OMSS servers.

$ /etc/init.d/mysqld start

$ /etc/init.d/php-fpm start

$ /usr/sbin/httpd.worker -f /opt/oracle/omss/msas/conf/httpd.conf -k start

Open a browser and access http://<OMSS_server>/acp. Login with admin name and password provided in vars.conf file.

Under settings > LDAP settings provide the full connection details of LDAP server and run the full reconciliation.Also create different groups for Administrations,control and Helpdesk in LDAP and make some users member of these group.

Download a OMSS client on iOS and Android devices and provide below URL to configure client:

http://<OMSS_Server>/bmax/bmconfig_oam_pwd.json

After configuration LDAP user can login to the client and can use the allowed apps from OMSS server.