The following steps illustrate how to containerize and secure the content of a MAF application using Oracle Mobile Security Suite (OMSS).
Step1: Install the containerization (c14n) tool
Download :
You can download the OMSS c14n tool from Oracle Support site.
JDeveloper & Eclipse users :
c14n tool can be installed at any location on the machine. After installing the c14n tool, developers can set the path to the c14n tool in JDev or Eclipse preferences.Default path where OMSS C14N tool is installed: /opt/Oracle/omss
After you install the c14n tool, you can run the following command in a terminal to ensure the c14n tool is installed properly.
c14n -version
For the MAF 2.1.3 release, the minimum supported version of the c14n tool is v11.1.2.3.1, and the maximum supported version is 11.1.2.3.
Step2: Set the path for the c14n tool in JDeveloper / Eclipse preferences
JDeveloper users:
You can set the path to c14n tool within JDeveloper preferences by navigating to Preferences —-> Mobile Applications Framework —> Containerization
Eclipse users:
You can set the path within Eclipse preferences by navigating to Oracle —-> Mobile Applications Framework —> iOS —> Containerize
Step3: Enable Oracle Mobile Security Suite in the deployment profile
JDeveloper users:
Within the iOS deployment profile, and Android deployment profiles, check the box that says Enable Oracle Mobile Security Suite.
Eclipse users:
You can enable Oracle Mobile Security Suite within the Run Configurations menu as shown in the picture below.
Step 4: Deploy to create a containerized app
Deploy to iOS
You can containerize an iOS app ONLY by deploying it to iTunes.Deployment to a distribution package or to an iOS simulator will NOT invoke the c14n tool to create a containerized IPA file. See the following screenshots for examples.
JDeveloper users:Eclipse users:
Within the Run Configurations menu, set the iOS Deploy Target to iTunes, as shown in the picture below, and click Run
Deploy to Android
You can containerize an android app by either deploying it to a package or to a device.
JDeveloper users:
Upon completion of the above step (Deploy to create a containerized app), an IPA file or a APK file secured by Oracle Mobile Security Suite will be created. Once you add this application to your device, it should appear with a lock icon on it, as in the picture shown below.
On iOS
On Android
Step 5: Generate an IPA or APK file for the Workspace application
For iOS :
Go through the Oracle® Fusion Middleware Customization and Branding Guide for Oracle Mobile Security Suite and follow the steps listed in the Section 1. Oracle Secure Workspace Customization for iOS. This section walks you through the steps to rebrand, and generate the Workspace IPA file based on your own enterprise provisioning profile and certificate.
Note: The IPA files for the containerized MAF application and the OMSS Workspace application must be generated using the same enterprise provisioning profile and certificate.
For Android :
Go through the Oracle® Fusion Middleware Customization and Branding Guide for Oracle Mobile Security Suite and follow the steps listed in the Section 2. Oracle Secure Workspace Customization for Android. This section walks you through the steps to rebrand and resign the Workspace APK file after downloading it.
Note: The APK files for the containerized MAF application and the OMSS Workspace application must be signed using the same certificate.
Step 6: Set up the OMSS Server Environment
Once you install Oracle Mobile Security Suite, and all the services are up and running, you will be able to move on to the next step (Configure the OMSS Container app (Workspace app)) .
Step7: Configure the OMSS Container app (Workspace app) :
The following steps are usually performed by an end user.
- Launch the Workspace app.
2. Configure the Workspace app.
Enter the configuration URL and tap on the CONFIGURE button.
3. Log in.
Step 8: Make changes to the policy
The following steps are usually performed by an IT Administrator. These steps demonstrate how to make changes to a policy which is assigned to a particular user or a group of users. Learn more about the Oracle Mobile Security Suite Admin Console here.
1. Select a policy.
On the MSAC server, select the Policies tab, and from the list of policies, select the policy that you want to change.
2. Make changes to the policy and save.
As highlighted in the screenshot below, select the Container/Apps tab, make the following changes, and click Save.
– Disable Email (Set the email allowed option to No)
– Disable Print functionality (Set the print allowed option to No)
– Disable File Sharing (Set the restrict file sharing option to Yes)
– Disable the ability to copy and paste content (Set the restrict copy/paste option to Yes).
3. Either wait for a few seconds, OR kill the Workspace app and the containerized app .
It usually takes a few seconds for the policy changes to get applied to the Workspace container. The alternative way to refresh the policy changes is by killing the Workspace app and restarting it.
4. Launch the containerized app (in this example, the DeviceDemo app).
To validate the policy changes, we are using the containerized DeviceDemo sample app. You can find more details about this sample here. .Once you launch the DeviceDemo app it will launch the Workspace app. After you log in to the Workspace app, it automatically redirects and restarts the DeviceDemo app.
Step 9: Validate Data Leak Protection
The following steps demonstrate how to validate Data Leak Protection scenarios using the DeviceDemo sample app.
- Enable / Disable Email
- Enable / Disable File Sharing
- Enable / Disable Copy / Paste operation
- Enable / Disable Email:
To validate the policy changes related to Email functionality, navigate to the Email feature, and try to send an email. You should see the message Email is disabled, as shown below.
2. Enable / Disable File Sharing
To validate the policy changes related to restricted file sharing, navigate to the Attachments functionality, select a document from the dropdown list, and tap on the View button.
When the document is displayed, tap on the contextual menu shown on the right side. You should not see any options like Open or Print displayed. The restrict file sharing option controls the ability to open documents in other applications like AirDrop, Dropbox, or Box.
3. Enable / Disable the Copy-Paste operation
To validate the policy changes related to the Copy-Paste operation, navigate to the Attachments feature, select any of the documents, and tap on View. Once the document is displayed, copy the content from the document and try to paste it outside the containerized app (in this case the DeviceDemo sampe app). If the policy is successfully applied, you should not be able to paste the content outside the application.