Oracle Mobile Application Framework (MAF) is a cross-platform development framework to build mobility solutions in quick time for iOS and Android devices, using a single code base. In mobile development, security is of most importance. All the transactions, made through mobile, are easy to track if security is not provided. Most of the mobile development platforms that are available do not provide in-built securities. Mobile developers and architects should give importance to security parameter as a part of the overall architecture. In case of MAF, Oracle concentrates more on implementing authentication securities like OAuth, Web SSO, Mobile – Social and HTTP Basic, using OOTB capabilities of the development framework.
In the 3-tier architecture, MAF applications, directly, interact with the middleware services. The commonly used middleware services are Java Based services, OSB and Oracle MCS (Oracle Mobile Cloud Service). The most trending middleware service, which is intended to leverage Oracle MAF, is Oracle MCS, which is completely a cloud based Mobile Backend Service.
Oracle Mobile Cloud Service (MCS) is a cloud-based Mobile backend service (MBaaS) that provides a complete solution for developing, deploying, maintaining, monitoring, and analyzing the mobile applications and the resources that we rely on. Oracle Mobile Cloud Service provides everything that we need to build our enterprise mobile strategy, using modern frameworks. Like MAF, Oracle MCS also, provides authentication securities like OAuth, Enterprise SSO and HTTP Basic.
Implementing MCS Single Sign-on using Cordova Plugin
Here, the process is discussed in which we can implement single sign on or SSO for MAF application, using MCS Enterprise SSO mechanism. In MAF framework, we can use Cordova plugin for development. In our application, we have achieved MCS SSO with the help of InAppBrowser Cordova plugin.
When the application is launched, it invokes the MCS SSO Token endpoint. This will load the SSO login page on the MAF application. The default login page depends on the SSO configuration in MCS like Microsoft ADFS, Oracle Access Manager (OAM) or OKTA etc. The MAF application can also be authenticated, using custom homegrown SSO mechanism of the enterprise. Once the user has given the credentials and initiates the login process, it will authenticate against the security mechanism configured in MCS (like OAM, ADFS, OKTA etc.) to achieve SSO. The authentication process with SSO is SAML based and, after the successful authentication, the SSO serves a SAML token to MCS. MCS generates OAuth token, using this SAML token with expiry time of about 8 hours, and creates a json response with the same token. (Note: The SAML token expiry time, in the latest version of MCS, can be extended up to 48 hours).
The json format is given below,
MAF will absorb the response ‘json’ and inject the ‘access_token’ to each API headers when we invoke the MCS custom APIs. In header, we are adding the authorization header property as follows,
HttpURLConnection con = (HttpURLConnection) new URL(restURI).openConnection();
con.setRequestProperty(AUTHORIZATION, “Bearer Access_Token”);
Once the token gets expired, we need to, again, perform the SSO authentication, using InAppBrowser Cordova Plugin.
Use Case and Proposed Architecture
In one of our projects, we configured Oracle Internet Directory (OID) based SSO in MCS and were able to, successfully, implement the SSO login in our MAF application. The high level architecture is displayed below:
Developers and architects, who are designing enterprise scale mobile applications, should always, consider security as the top most priority. The time frame needed for development is rapidly decreasing from months to few weeks. While developing mobile applications, the mobile developers should focus on the functionalities and integration, rather than the backend features and security. This is when development frameworks like MAF & MCS, with built-in SSO capability, help developers in quick implementation of SSO with OOTB configurations.
Oracle MAF/MCS Developer, RapidValue