The following steps illustrate how to containerize and secure the content of a MAF application using Oracle Mobile Security Suite (OMSS).
Note: This functionality is currently supported only on the iOS platform. Support for Android is on the roadmap. Also, please note that the steps listed below are applicable to the MAF 2.0.1 release only.
You can download the OMSS c14n tool from Oracle Support site.
JDeveloper users :
In the MAF 2.0.1 release, Oracle JDeveloper does not provide an option to set the path of the c14n tool in the preferences. JDeveloper expects the c14n tool to be installed in the default path. While installing the c14n tool, choose the default path provided by the installer. In future MAF releases, developers shall be able to set the path to the c14n tool in JDev preferences, and at that point, they can install the c14n tool at any location on their machine.
If you are using Eclipse to secure your MAF applications with Oracle Mobile Security Suite, you can install the c14n tool at any location on your machine. The MAF extension for Eclipse provides a way to set the path to the c14n tool in the Eclipse preferences.
After you install the c14n tool, you can run the following command in a terminal to ensure the c14n tool is installed properly.
For the MAF 2.0.1 release, the minimum supported version of the c14n tool is v3.0.2, and the maximum supported version is 220.127.116.11.
You can skip this step in the MAF 2.0.1 release, as JDeveloper always tries to look for the c14n tool in the default location. Just make sure that your c14n tool is installed in the default path suggested by the c14n installer. In future MAF releases you will be able to set the path of the c14n tool in the JDev preferences.
You can set the path within Eclipse preferences by navigating to Oracle ----> Mobile Applications Framework ---> iOS ---> Containerize
Within the iOS deployment profile, check the box that says Enable Oracle Mobile Security Suite.
You can enable Oracle Mobile Security Suite within the Run Configurations menu as shown in the picture below.
Step 4: Deploy the application to iTunes
Containerization is ONLY supported for iTunes deployment. Deployment to a distribution package or to an iOS simulator will NOT invoke the c14n tool to create a containerized IPA file. See the following screenshots for examples.
Within the Run Configurations menu, set the iOS Deploy Target to iTunes, as shown in the picture below, and click Run.
Upon completion of this step (Deploy the application to iTunes), an IPA file secured by Oracle Mobile Security Suite will be created. Once you add this application to your device, it should appear with a lock icon on it, as in the picture shown below.
Step 5: Generate an IPA for the Workspace application based on your enterprise provisioning profile and certificate
Go through the Oracle® Fusion Middleware Customization and Branding Guide for Oracle Mobile Security Suite and follow the steps listed in the Section 1. Oracle Secure Workspace Customization for iOS. This section walks you through the steps to generate the Workspace IPA file based on your own enterprise provisioning profile and certificate.
Step 6: Set up the OMSS Server Environment
Once you install Oracle Mobile Security Suite, and all the services are up and running, you will be able to move on to the next step (Configure the OMSS Container app (Workspace app)) .
Step7: Configure the OMSS Container app (Workspace app) :
The following steps are usually performed by an end user.
- Launch the Workspace app.
2. Configure the Workspace app.
Enter the configuration URL and tap on the CONFIGURE button.
3. Log in.
Step 8: Make changes to the policy
The following steps are usually performed by an IT Administrator. These steps demonstrate how to make changes to a policy which is assigned to a particular user or a group of users. Learn more about the Oracle Mobile Security Suite Admin Console here.
1. Select a policy.
On the MSAC server, select the Policies tab, and from the list of policies, select the policy that you want to change.
2. Make changes to the policy and save.
As highlighted in the screenshot below, select the Container/Apps tab, make the following changes, and click Save.
- Disable Email (Set the email allowed option to No)
- Disable Print functionality (Set the print allowed option to No)
- Disable File Sharing (Set the restrict file sharing option to Yes)
- Disable the ability to copy and paste content (Set the restrict copy/paste option to Yes).
3. Either wait for a few seconds, OR kill the Workspace app and the containerized app .
It usually takes a few seconds for the policy changes to get applied to the Workspace container. The alternative way to refresh the policy changes is by killing the Workspace app and restarting it.
4. Launch the containerized app (in this example, the DeviceDemo app).
To validate the policy changes, we are using the containerized DeviceDemo sample app. You can find more details about this sample here. .Once you launch the DeviceDemo app it will launch the Workspace app. After you log in to the Workspace app, it automatically redirects and restarts the DeviceDemo app.
Step 9: Validate Data Leak Protection
The following steps demonstrate how to validate Data Leak Protection scenarios using the DeviceDemo sample app.
- Enable / Disable Email
- Enable / Disable File Sharing
- Enable / Disable Copy / Paste operation
- Enable / Disable Email:
To validate the policy changes related to Email functionality, navigate to the Email feature, and try to send an email. You should see the message Email is disabled, as shown below.
2. Enable / Disable File Sharing
To validate the policy changes related to restricted file sharing, navigate to the Attachments functionality, select a document from the dropdown list, and tap on the View button.
When the document is displayed, tap on the contextual menu shown on the right side. You should not see any options like Open or Print displayed. The restrict file sharing option controls the ability to open documents in other applications like AirDrop, Dropbox, or Box.
3. Enable / Disable the Copy-Paste operation
To validate the policy changes related to the Copy-Paste operation, navigate to the Attachments feature, select any of the documents, and tap on View. Once the document is displayed, copy the content from the document and try to paste it outside the containerized app (in this case the DeviceDemo sampe app). If the policy is successfully applied, you should not be able to paste the content outside the application.