Oracle Analytics Mobile Application for Oracle Analytics Server Configured with Single Sign-On using IAM App Gateway

March 29, 2024 | 7 minute read
Veera Raghavendra Rao Koka
Consulting Member of Technical Staff
Text Size 100%:

REDWOOD

Welcome back!

A previous blog, Integrate OAS with IAM App Gateway for SSO, described how to implement Single Sign-On (SSO) for Oracle Analytics Server (OAS) using Oracle Identity Cloud Service (IDCS) or IAM App Gateway.

Building upon that foundation, this blog explores how you can access Oracle Analytics Server through the Oracle Analytics mobile app.

Architecture

OASMobAG1

To understand more about IDCS App Gateway and IAM App Gateway, see How IDCS App Gateway Works and How IAM App Gateway Works.

Prerequisites

Before proceeding, ensure you've completed the SSO configuration steps for OAS either through IDCS or IAM App Gateway, as outlined in the blog Integrate OAS with IAM App Gateway for SSO.

When complete, access the OAS URL to test the SSO functionality. For example, the OAS URL: https://analytics.cealoracle.com/dv

OASMobAG2

Download the Oracle Analytics Mobile App

OASMobAG3

Download the Oracle Analytics mobile app from: https://www.oracle.com/in/business-analytics/analytics-mobile

Configure the Enterprise Application for Single Sign-On from the Mobile App

The enterprise application you created for the App Gateway (for example, OASAppGatewayEnterpriseApp) doesn’t have a Resource and Resource Scope configured, which the mobile app requires.

  1. Edit the enterprise application, and expand Resource Server Configurations under the OAuth Configuration tab.
  2. Select Configure this application as a resource server now.
  3. Select Is Refresh Token Allowed.
  4. For Primary Audience, enter the name of the application. For example: OASAppGatewayEnterpriseApp
  5. For Secondary Audience, enter the load balancer base URL. For example: https://analytics.cealoracle.com
  6. Create a Scope for "/" and set Requires Consent to True.

OASMobAG4

Configure Oracle Analytics Server for Mobile Access

Run the below scripts as an Oracle user on the OAS compute instance.

Stop Oracle Analytics Server services

/u01/data/domains/bi/bitools/bin/stop.sh

Display help for the mobile configuration script (setMobileConfiguration)

Use the setMobileConfiguration script to configure OAS for mobile use cases.

/u01/data/domains/bi/bitools/bin/setMobileConfiguration.sh –help

Usage: setMobileConfiguration.sh [-d DomainHome] [-s SIkey] [-p IdentityServicePort] -a PermanentServiceUri -u TokenServiceUrl -h IdentityServiceHostDomain -t TenantStripe -i ClientId

-d: Domain home (including final domainName dir). Defaults to '/u01/data/domains/bi' if not specified

-s: Service instance key. Defaults to 'ssi' if not specified

-p: Port number of the Identity cloud service. Defaults to 443 if not specified

-a: Permanent service URI. Use 'Primary Audience' value configured in the OAuth Configuration tab of the Identity cloud service enterprise app. Eg., https://analytics.mycompany.com or OASEnterpriseApp

-u: Token service URL of Identity cloud service instance. Eg., https://idcs-12121212121212121212121212121212.identity.oraclecloud.com/oauth2/v1/token

-h: Domain portion of Identity cloud service host. Eg., identity.oraclecloud.com

-t: Identity cloud service Tenant stripe. Eg., idcs-12121212121212121212121212121212

-i: OAuth Client Id. This is the Client ID of the Confidential App used for Oracle Identity Cloud Integrator configuration in the WLS Administration Console

 

Run the mobile configuration script

Important: You can't re-execute this script.

Make a note of all required values before running the script.

The script will prompt you to enter the Client Secret for the Client ID that you specify.

OASMobAG5

OASMobAG6

Run the script, for example:

/u01/data/domains/bi/bitools/bin/setMobileConfiguration.sh -d /u01/data/domains/bi -s ssi -p 443 -a OASAppGatewayEnterpriseApp -u https://idcs-f5e26bxxxxxxxxxxxxxxxxxxxxxxxxx00403.identity.oraclecloud.com/oauth2/v1/token -h identity.oraclecloud.com -t idcs-f5e26bxxxxxxxxxxxxxxxxxxxxxxxxx00403 -i 0982xxxxxxxxxxxxxxxxxxxxxxxxx95529

When prompted, enter the Client Secret for the Client ID of the confidential application that you specified.

Start Oracle Analytics Server services

/u01/data/domains/bi/bitools/bin/start.sh

Create a mobile application

Create and configure a mobile application. Either use the IDCS Administration Console or the IAM Domain Integrated Applications page in the OCI Console.

  1. Sign in to IDCS Administration Console and navigate to Applications. Or sign in to OCI Console, and navigate to the IAM Domain, then Integrated Applications.
  2. Create a Mobile Application.
  3. On the Client Configuration step:
    1. Check Refresh Token, Authorization Code, and Implicit for Allowed Grant Types.
    2. Check Allow non-HTTPS URLs.
    3. Enter Redirect URL: dopplermobileapp://nodata
    4. Enter Post Logout Redirect URL: dopplermobileapp://logout
    5. Enable Bypass Consent.
    6. Add Scope: Select the Enterprise Application.
  4. Note the Client ID value.
  5. Activate the mobile application.

OASMobAG7

OASMobAG8

OASMobAG9

For Scope, select the enterprise application created for the App Gateway (for example, OASAppGatewayEnterpriseApp) from the list of available applications.

OASMobAG10

Note the Client ID value and use it to construct a Magic URL.

OASMobAG11

Activate the mobile application and note the Client ID value.

Create a Magic URL

A Magic URL contains all the required information to access IDCS using SSO and can be shared across your organization. It contains five elements as shown in the following sample data.

Sample Data

  • Mobile app code name: oracleanalytics
  • Client ID: Value of the mobile application that you configured for SSO in OAS. For example: 875f734r32yut27474sa55uye14c7a
  • Oracle Analytics Server URL: For example:  https://analytics.cealoracle.com
  • Oracle Analytics Server Scope URL: Available in the Resources section of the mobile application that you configured for SSO in OAS. For example: OASAppGatewayEnterpriseApp/
  • Oracle Identity Cloud Service URL: For example: https://idcs-f5hjsgerf76r345rt7832ry45872403.identity.oraclecloud.com

A Magic URL with these values looks like this:

oracleanalytics://oauth?clientID=875f734r32yut27474sa55uye14c7a&friendlyURL=https://analytics.cealoracle.com&scope=openid%20OASAppGatewayEnterpriseApp/&idcsURL=https://idcs-f5hjsgerf76r345rt7832ry45872403.identity.oraclecloud.com

Alternatively, you can use the MagicURL Generator.

Oracle Analytics Magic URL Generator

Available at: https://download.oracle.com/ocomdocs/global/paas_docs/analytics/magicurl.html

Access the Magic URL

Open the Magic URL on any Android or iOS device with the Oracle Analytics mobile app installed.

OASMobAG18

OASMobAG19

Call to Action

You're now equipped to configure Oracle Analytics mobile app access for your Oracle Analytics Server which is integrated with either Oracle Identity Cloud Service or OCI IAM Domain for authentication through App Gateway. Once you experiment with the configuration yourself, let us know your results in the Oracle Analytics Community.

REDWOOD

 

Veera Raghavendra Rao Koka

Consulting Member of Technical Staff

Oracle Analytics Service Excellence, CEAL Team


Previous Post

Highlighting data with conditional decorations in Oracle Analytics Cloud

Abhinav Chaurasia | 5 min read

Next Post


Oracle Analytics Mobile Application for Oracle Analytics Server Configured with Single Sign-On Using OCI IAM Domain with Apache HTTP Server and OpenID Module