Tuesday Sep 09, 2014

Mobile and Social login connections in Oracle MAF: a few hints to install the server-side components

Of all the new security-related features introduced in the Oracle Mobile Application Framework, the most interesting ones are in my opinion support for the OAuth 2.0 protocol and the tight integration to Oracle's identity management solutions. The former enables you to build MAF applications that will integrate with popular public APIs, such as the ones offered by Google and Facebook. The latter makes the implementation of comprehensive access control scenarios significantly easier, while keeping things extremely simple in a developer perspective. This is all thanks to the Oracle Access Management Mobile and Social (OAMMS) component of IDM. Don't believe me? Have a look at this recording I made for the Oracle Mobile Platform channel on YouTube. 

If you want to try OAMMS for yourself, you will need to install it in your own environment. Overall, the process is fairly painless and is similar to other Fusion Middleware products. However, there are a few things should be aware of. Here are a few hints to guide you along the way.

  1. You need at least IDM 11gR2 PS2
    In other words,  MAF is certified with OAMMS or later. Ensure you download the correct version! 

  2. Use JDK 7
    Java 8 has been with us for more than a year now. Public updates for Java 6, on the other hand, have stopped back in... 2011. If you were installing a production server today, I would strongly recommend you to use Java 7.

    Oracle WebLogic Server 10.3.6 is certified for use with Java 7 on Windows, Linux and other platforms. The official documentation explains at length how to use both together. The critical part is to ensure to override some of the standard JDK classes with ones provided with Weblogic:

    After installing WebLogic Server, copy the following files from WL_HOME/modules to JAVA_HOME/jre/lib/endorsed, where WL_HOME is the WebLogic Server installation home directory: javax.annotation_1.0.0.0_1-0.jar, javax.xml.bind_2.1.1.jar and javax.xml.ws_2.1.1.jar

  3. Install both OAM and OAMMS
    Technically, OAMMS can be installed in standalone mode. However, you will get a much more useful setup if you deploy it alongside OAM, since you will gain the capacity to configure SSO for web service calls and remote URL access. In addition, OAMMS is already preconfigured to use OAM for authentication when you install both at the same time.

    I do not recommend to install Oracle Adaptive Access Manager (OAAM) if you are building  a development environment. Some of the features of the product, such as IP address geolocation, require third party dependencies that cannot be obtained for free. 

  4. Don't forget to configure the security store
    Once the software has been installed, it is essential to perform an additional configuration process for the database security store. For a brand new install, you should execute the command shown below. In this case, WebLogic was installed in /oracle/wls1036, the IDM binaries were in /oracle/wls1036/Oracle_IDM1 and I had created a domain named idmps2. The value for the -p parameter is the password for the OPSS schema you created using the Repository Creation Utility (RCU) before installing the IDM software. 

    /oracle/wls1036/oracle_common/common/bin/wlst.sh /oracle/wls1036/Oracle_IDM1/common/tools/configureSecurityStore.py -d /oracle/wls1036/user_projects/domains/idmps2/ -c IAM -p oracle -m create 

  5. Upgrade the OPSS schema
    Another thing you need to do before starting your OAMMS WebLogic domain for the first time is to update the OPSS schema using the patch set assistant. This is necessary to ensure that the versions for the database and the binaries are in sync.

  6. Install the most recent Identity Management Suite Bundle Patch
    Finally, it is essential to deploy the latest bundle patch for the product. At the time of writing, this was patch 18662903. The patch corrects an important problem in the user interface for the OAuth authentication service, among other things. This install is done trough OPatch, by the way. The necessary executable is installed alongside the IDM binaries; you do not need to have your own OPatch installation. 

Once you are done, you will need to configure OAMMS properly before your MAF applications can authenticate against it. Fortunately, you can learn about what you need to do on YouTube


Frédéric Desbiens

The musings of a member of the Mobility and Development Tools Product Management team.

I focus here on my favorite development frameworks, namely Oracle ADF and the Oracle Mobile Application Framework (MAF), but also have a strong interest in SOA and web services.

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.


« November 2015