mobileapp installation and configuration guide installation and configuration guide sc22-5494-03...

IBM Security Identity ManagerVersion 6.0

Mobile App Installation andConfiguration Guide

SC22-5494-03

��

NoteBefore using this information and the product it supports, read the information in “Notices” on page 27.

Edition notice

Note: This edition applies to version 6.0 of IBM Security Identity Manager (product number 5724-C34) and to allsubsequent releases and modifications until otherwise indicated in new editions.

© Copyright IBM Corporation 2012, 2013.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

Figures . . . . . . . . . . . . . . . v

Tables . . . . . . . . . . . . . . . vii

Preface . . . . . . . . . . . . . . . ixAbout this publication . . . . . . . . . . . ixAccess to publications and terminology . . . . . ixTechnical training. . . . . . . . . . . . . xSupport information . . . . . . . . . . . . xStatement of Good Security Practices . . . . . . x

Chapter 1. Overview of the IBM SecurityIdentity Manager Mobile App . . . . . . 1Password management . . . . . . . . . . . 1Request processing . . . . . . . . . . . . 1Typical usage scenarios . . . . . . . . . . . 1

Chapter 2. Installation planning . . . . 3Software requirements . . . . . . . . . . . 3Installation roadmap. . . . . . . . . . . . 4Software download . . . . . . . . . . . . 4

Chapter 3. Mobile App installation . . . 5WebSphere Application Server component installation 5

Installing the WebSphere Application Server v 7.0Web 2.0 and Mobile Feature Pack . . . . . . 5Defining WebSphere container-wide sharedlibraries . . . . . . . . . . . . . . . 5

IBM Security Identity Manager Mobile App solutioninstallation . . . . . . . . . . . . . . . 7

Installing the IBM Security Identity ManagerMobile App WebSphere application. . . . . . 7Installing the iOS application . . . . . . . 11Installing the Android application . . . . . . 11

Chapter 4. IBM Security IdentityManager access control itemconfiguration for approvers. . . . . . 13

Chapter 5. Configuring OAuth inWebSphere Application Server forMobile App . . . . . . . . . . . . . 15

Chapter 6. Mobile App errortroubleshooting . . . . . . . . . . . 19Techniques for troubleshooting problems . . . . 19Troubleshooting information. . . . . . . . . 21Known issues and limitations . . . . . . . . 21

Appendix. Support information . . . . 23Searching knowledge bases . . . . . . . . . 23Contacting IBM Support . . . . . . . . . . 24

Notices . . . . . . . . . . . . . . 27

Index . . . . . . . . . . . . . . . 31

© Copyright IBM Corp. 2012, 2013 iii

iv IBM Security Identity Manager: Mobile App Installation and Configuration Guide

Figures

© Copyright IBM Corp. 2012, 2013 v

vi IBM Security Identity Manager: Mobile App Installation and Configuration Guide

Tables

1. Prerequisite software for IBM Security IdentityManager Mobile App . . . . . . . . . 3

2. Required components for IBM Security IdentityManager Mobile App . . . . . . . . . 3

3. Installation roadmap . . . . . . . . . . 44. Troubleshooting information . . . . . . . 215. Known issues, limitations, and workarounds 21

© Copyright IBM Corp. 2012, 2013 vii

viii IBM Security Identity Manager: Mobile App Installation and Configuration Guide

Preface

About this publicationThe IBM Security Identity Manager Mobile App Installation and Configuration Guidedescribes how to manage your account passwords and to approve requests foraccounts on the go.

IBM® Security Identity Manager Mobile App provides a mobile-specific userinterface. You can use the interface to change or reset a forgotten IBM SecurityIdentity Manager password, change account passwords, and review and approveaccounts, accesses, and separation of duty policy violation requests by using aconvenient mobile platform.

Access to publications and terminologyThis section provides:v A list of publications in the “IBM Security Identity Manager library.”v Links to “Online publications.”v A link to the “IBM Terminology website.”

IBM Security Identity Manager library

For a complete listing of the IBM Security Identity Manager and IBM SecurityIdentity Manager Adapter documentation, see the online library(http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.isim.doc_6.0/ic-homepage.htm).

Online publications

IBM posts product publications when the product is released and when thepublications are updated at the following locations:

IBM Security Identity Manager libraryThe product documentation site (http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.isim.doc_6.0/ic-homepage.htm) displays the welcome page and navigation for the library.

IBM Security Systems Documentation CentralIBM Security Systems Documentation Central provides an alphabetical listof all IBM Security Systems product libraries and links to the onlinedocumentation for specific versions of each product.

IBM Publications CenterThe IBM Publications Center site ( http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss) offers customized search functionsto help you find all the IBM publications you need.

IBM Terminology website

The IBM Terminology website consolidates terminology for product libraries in onelocation. You can access the Terminology website at http://www.ibm.com/software/globalization/terminology.

© Copyright IBM Corp. 2012, 2013 ix

http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.isim.doc_6.0/ic-homepage.htm





https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/IBM%20Security%20Systems%20Documentation%20Central/page/Welcome

http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss

http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss

http://www.ibm.com/software/globalization/terminology

http://www.ibm.com/software/globalization/terminology

Technical trainingFor technical training information, see the following IBM Education website athttp://www.ibm.com/software/tivoli/education.

Support informationIBM Support provides assistance with code-related problems and routine, shortduration installation or usage questions. You can directly access the IBM SoftwareSupport site at http://www.ibm.com/software/support/probsub.html.

“Support information,” on page 23 provides details about:v What information to collect before contacting IBM Support.v The various methods for contacting IBM Support.v How to use IBM Support Assistant.v Instructions and problem-determination resources.

Note: The Community and Support tab on the product information center canprovide additional support resources.

Statement of Good Security PracticesIT system security involves protecting systems and information throughprevention, detection and response to improper access from within and outsideyour enterprise. Improper access can result in information being altered, destroyed,misappropriated or misused or can result in damage to or misuse of your systems,including for use in attacks on others. No IT system or product should beconsidered completely secure and no single product, service or security measurecan be completely effective in preventing improper use or access. IBM systems,products and services are designed to be part of a comprehensive securityapproach, which will necessarily involve additional operational procedures, andmay require other systems, products or services to be most effective. IBM DOESNOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES AREIMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THEMALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

x IBM Security Identity Manager: Mobile App Installation and Configuration Guide

http://www.ibm.com/software/tivoli/education

http://www.ibm.com/software/support/probsub.html

Chapter 1. Overview of the IBM Security Identity ManagerMobile App

You can use IBM Security Identity Manager Mobile App to manage accounts usinga mobile phone to communicate your requests.

Password managementUsers can manage their account passwords with IBM Security Identity ManagerMobile App.

You can solve forgotten and account password problems.

Forgotten passwordUsing mobile communication, a user who forgets the IBM Security IdentityManager password can successfully respond to challenge questions tochange or reset the password. The user must previously configurepassword authentication and questions on the IBM Security IdentityManager server.

Change or reset account passwordUsers can change or reset account passwords. A properties file on the IBMSecurity Identity Manager server specifies the password synchronizationsettings.

Request processingUsing mobile communication, users can review and approve requests for accountsand access. They can also review and approve separation of duty violations.

Typical usage scenariosIn a typical scenario, you can use IBM Security Identity Manager Mobile App toapprove an emergency account request. You can also manage password changerequests.

The events require persons in remote locations to use mobile communication.Examples include an account request and a password request.

Account request

v Today, the payroll lead, Andrew, is sick. No one else in the officecurrently has the necessary access to run the month-end payroll reports.

v To meet the payroll, the department manager, Betty, decides to requestemergency payroll access for Carl to run the reports.

v The director, Darcy, must approve the request. Unfortunately, Darcy isaway on a business trip.

v Fortunately, you configured mobile access for Darcy before the trip. Youcall Darcy, who agrees to approve the request by using an Androidmobile phone.

Password change request

© Copyright IBM Corp. 2012, 2013 1

v Today, Brian is at the airport and realizes that a notebook computer ismissing. Brian urgently wants to change all the company accountpasswords that are saved on the browser on the notebook.

v Waiting for the flight, Brian uses an Android mobile phone to start theIBM Security Identity Manager Mobile App. Brian changes all theimportant passwords and then responds to numerous other companyphone calls.

v Brian completes the phone calls, and then cannot remember the newpassword. With the remaining time before the flight departs, Brian startsthe mobile application again and answers the challenge questions. Brianlogs in to IBM Security Identity Manager and changes the accountpasswords to a value that is easy to remember.

2 IBM Security Identity Manager: Mobile App Installation and Configuration Guide

Chapter 2. Installation planning

Installing and configuring the IBM Security Identity Manager Mobile App solutioninvolves several steps that you must complete in the appropriate sequence. Reviewthe requirements and the roadmaps before you begin the installation process.

Software requirementsVerify that your environment meets all the software requirements before you installthe IBM Security Identity Manager Mobile App components.

The following table lists the software products that must be installed before youcan install IBM Security Identity Manager Mobile App.

Table 1. Prerequisite software for IBM Security Identity Manager Mobile App

Prerequisite Description

IBM WebSphere Version 7.0 fix pack 25

See “Software download” on page 4.

IBM Security Identity Manager Version 6.0


Android operating system on a mobiledevice

Version 2.3.3 or higher

iOS operating system on an iPhone or aniPad

Version 5.1 or higher

The following table list the components you must install before you can use IBMSecurity Identity Manager Mobile App.

Table 2. Required components for IBM Security Identity Manager Mobile App

Components Description

IBM WebSphere Application Server version7.0


IBM WebSphere Application Server version7.0 Feature Pack for Web 2.0 and MobileVersion 1.1.0

IBM Security Identity Manager Mobile AppSolution

IBM Security Identity Manager 6.0 Mobilev6.0.4



Installation roadmapTo install IBM Security Identity Manager Mobile App, perform the sequential tasksthat are listed in the roadmap.

Table 3. Installation roadmap

Task For more information

Install the WebSphere Application Serverfeature pack

See “Installing the WebSphere ApplicationServer v 7.0 Web 2.0 and Mobile FeaturePack” on page 5.

See “Defining WebSphere container-wideshared libraries” on page 5.

Install the IBM Security Identity ManagerMobile App Solution

See “IBM Security Identity Manager MobileApp solution installation” on page 7

Software downloadDownload the software through your account at the IBM Passport Advantage®

website.

Go to IBM Passport Advantage.

See the IBM Security Identity Manager Download Document for instructions.

Note:

You can also obtain additional adapter information from IBM Support.


http://www.ibm.com/software/howtobuy/passportadvantage/pao_customers.htm

Chapter 3. Mobile App installation

You must install both the WebSphere feature pack and the IBM Security IdentityManager Mobile App solution to enable communication between your mobiledevice and IBM Security Identity Manager.

WebSphere Application Server component installationYou must complete multiple tasks to install the WebSphere® Application Servercomponent of IBM Security Identity Manager Mobile App.1. Install the WebSphere Application Server v7.0 Web 2.0 and Mobile Feature

Pack.2. Define WebSphere container-wide shared libraries.

Installing the WebSphere Application Server v 7.0 Web 2.0 andMobile Feature Pack

You must install the feature pack to enable WebSphere Application Server tocommunicate with the mobile device.

Before you begin

Extract the content of the IBM WebSphere Application Server Version 7.0 FeaturePack for Web 2.0 and Mobile Version 1.1.0 package into a temporary directory.

Procedure1. Stop the WebSphere Application Server Process.2. Launch the installer.

a. Navigate to the temporary directory where you extracted the packagecontent.

b. Issue the command to start the installer. For example, on a Windowsoperating system:Install.exe -is:javahome "c:\Program Files\IBM\WebSphere\AppServer\java"

3. Start the WebSphere Application Server Process.

What to do next

Navigate the Web 2.0 installation path. Verify that under the AppServer homedirectory either a web2mobilefep_1.1 directory or a web2fep_1.1 directory exists. Ifthe directory does not exist, you must download the correct version of the Web 2.0Feature Pack and install it.

Defining WebSphere container-wide shared librariesYou must define two new shared libraries for the IBM Security Identity ManagerMobile App.

Before you begin

The IBM WebSphere Application Server Version 7.0 Feature Pack for Web 2.0 andMobile Version 1.1.0 package is installed on the computer.


Procedure1. Launch and log on to the administrative console for your application server

profile.

Note: IBM Security Identity Manager 6.0 requires that Admin Security isenabled.

2. Click Environment > Shared Libraries.3. Create the following two container-wide shared libraries at the server scope

level:v IBM WebSphere JAX-RS Library for WAS v7.0v Web 2.0 Feature Pack Librarya. From the scope level selection, choose the server level. For example,

Node=BohrNode01, Server=server1.b. Click New to create the IBM WebSphere JAX-RS Library for WAS v7.0

library container.c. Supply the following information:

Name= IBM WebSphere JAX-RS Library for WAS v7.0Description= IBM WebSphere JAX-RS Library for WAS v7.0Classpath=${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/jaxrs_1.X/commons-lang.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/jaxrs_1.X/commons-codec.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/jaxrs_1.X/httpclient.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/jaxrs_1.X/httpcore.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/jaxrs_1.X/ibm-wink-jaxrs.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/jaxrs_1.X/jcl-over-slf4j.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/jaxrs_1.X/jsr311-api.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/jaxrs_1.X/slf4j-api.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/jaxrs_1.X/slf4j-jdk14.jar

d. Click OK.e. Click New to create the Web 2.0 Feature Pack Library container.f. Supply the following information:

Name= Web 2.0 Feature Pack LibraryDescription= Web 2.0 Feature Pack LibraryClasspath=${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/abdera-client-0.4.0-incubating-retro.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/abdera-contrib-rss-0.4.0-incubating-retro.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/abdera-core-0.4.0-incubating-retro.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/abdera-i18n-0.4.0-incubating-retro.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/abdera-parser-0.4.0-incubating-retro.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/abdera-security-0.4.0-incubating-retro.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/abdera-server-0.4.0-incubating-retro.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/dependencies/axiom-api-1.2.5.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/dependencies/axiom-impl-1.2.5.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/dependencies/commons-codec-1.3.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/dependencies/commons-httpclient-3.1-rc1.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/dependencies/jaxen-1.1.1.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/retroweaver-rt-2.0.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/dependencies/stax-api.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/dependencies/xlxpScanner.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/dependencies/xlxpScannerUtils.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/Feed/dependencies/xml-apis.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/JSON4J/JSON4J.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/MessagingService/webmsg_applib.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/RPCAdapter/commons-logging-1.0.4.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/RPCAdapter/retroweaver-rt-2.0.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/RPCAdapter/RPCAdapter-annotation.jar${WAS_INSTALL_ROOT}/web2mobilefep_1.1/optionalLibraries/RPCAdapter/RPCAdapter.jar

g. Click OK.


4. Click Save directly to master configuration to save your changes.

What to do next

You must install the IBM Security Identity Manager Mobile App Solution.

IBM Security Identity Manager Mobile App solution installationThe IBM Security Identity Manager Mobile App solution consists of twocomponents: WebSphere application and a Mobile App. The WebSphere applicationis deployed on the WebSphere Application Server, while the Mobile App is anapplication installed on the mobile device.

You must complete multiple tasks to install the IBM Security Identity ManagerMobile App solution components.1. Install the IBM Security Identity Manager Mobile App WebSphere application.2. Install the Mobile application. You can either use the Android or the iOS

version of the mobile application.

Installing the IBM Security Identity Manager Mobile AppWebSphere application

You must install the application on the WebSphere Application Server before youassociate libraries or configure the application properties file.

Before you begin

Extract the content of the IBM Security Identity Manager Mobile App solutionpackage into a temporary directory.

Note: The extracted file name is in the form isimmobileversion.zip. For example,isimmobile60-6.0.4.1.zip. Extract the zip file to obtain isimmobileversion.war.For example, isimmobile60-6.0.4.1.war.


profile.2. Click Application > New Application.3. Select New Enterprise Application as the application type.4. Specify the full path to the isimmobileversion.war file and click Next. It

might take several minutes for the WAR file to be read before the wizarddisplays the next page.

5. Select Fast Path installation and click Next.

Note: Do not change the Application name field as the name includes theversion number.For example, isimmobile60-6_0_4_1_war is version 6.0.4.1.

6. Accept all the default values on the Step 1: Select Installation Options pageand click Next.

7. Accept all the default values on the Step 2: Map Modules to Server and clickNext.

8. Type /isimm as the Context Root value on the Step 3: Map Context Roots forWeb Modules page.

Chapter 3. Mobile App installation 7

9. Click Next.10. Review the Step 4: Summary page and click Finish to launch the installation.

The installation might run for several minutes. The message Applicationisimmobileversion_war installed successfully is displayed.

11. Click the Save directly to master configuration hyperlink. After the changesare saved, you are returned to the Preparing for application installation page.

What to do next

You must associate the shared library containers with the application you installed.

Associating the shared library containers with the Mobile AppWebSphere applicationYou can associate a shared library with an application or module. Classes that arerepresented by the shared library are then loaded in the class loader of theapplication. The classes are then available to the application.


profile.2. Click Application > Application Types > WebSphere enterprise applications.

The isimmobileversion_war application is listed on the Enterprise Applicationpage.

3. Click isimmobileversion_war to open the Configuration page.4. Click the Shared Library Reference hyperlink.5. Click the isimmobileversion_war check box.6. Click Reference shared libraries.7. Select IBM WebSphere JAX-RS Library for WAS v7.0 and Web 2.0 Feature

Pack Library and click the arrow to move them to the Selected column.8. Click OK.9. Click OK to return to exit the Shared Library panel.

10. Click Save directly to master configuration to save your changes.

Configuring the mobile app WebSphere application property fileYou must ensure that the web address, port number, and credentials are configuredcorrectly.

Procedure1. Navigate to the property file under the installed isimmobileversion_war

directory in the WEB-INF\classes directory.For example,C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\BohrNode01Cell\isimmobileversion_war.ear\isimmobileversion.war\WEB-INF\classes\com_ibm_itim_isimm.properties

2. Open the com_ibm_itim_isimm.properties file in a text editor.enrole.platform.contextFactory=com.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactoryenrole.appServer.url=iiop://ip-address:portenrole.appServer.ejbuser.principal=isimsystem_usernameenrole.appServer.ejbuser.credentials=isimsystem_passwordenrole.password.appServer.encrypted=false

## Set an authentication realm name.#enrole.appServer.realm=itimCustomRealm

#


# Set the JAAS authentication factory.# The ITIM V5 factory is com.ibm.itim.restapi.auth.ISIM5AuthenticationFactory# The ITIM V6 factory is com.ibm.itim.restapi.auth.ISIM6AuthenticationFactory#isimm.authentication.factory.classname=com.ibm.itim.restapi.auth.ISIM6AuthenticationFactory

#isimm.enableSSO=true##Uncomment to set non default jaas login context

###isimm.jaas.loginContextName=WSLogin

## Uncomment to define which HTTP Servlet request attribute name containing the ITIM# username for SSO##isimm.sso.request.attributeName=nickname#Specify whether password synchronization is enabled in IBM Security Identity#Manager Server

#Set the value of isPwdSyncEnabled to false, if password sync is turned off.#Set the value of isPwdSyncEnabled to true, if password sync is turned on.#Ensure that you specify the value lowercase.#For example: isPwdSyncEnabled=false

3. Set the enrole.appserver.url to the IP address and port of the WebSphereApplication Server on which IBM Security Identity Manager 6.0 is running. TheWebSphere port is typically 2809. For example,enrole.appServer.url=iiop://9.72.115.195:2809

4. Set the enrole.appServer.ejbuser.principal to the isimsystem user ID.

Note: IBM Security Identity Manager 6.0 requires admin security to be on.For example,enrole.appServer.ejbuser.principal=isimsystem

5. Set the enrole.appServer.ejbuser.credentials to the password of the ID usedwhen you log in to the administrative console. For example,enrole.appServer.ejbuser.credentials=Passw0rd

6. Specify whether password synchronization is enabled for the IBM SecurityIdentity Manager Server.For example:isPwdSyncEnabled=false

7. Save the updates and exit the editor.

Optional: SSL configurationTo establish SSL communication, use WebSphere and the mobile device local SSLconfiguration.

No specific IBM Security Identity Manager Mobile App settings or properties areneeded to set up SSL communication between the mobile app on the device andthe WebSphere application.

After SSL configuration is set up, use https and the SSL port number, when youcreate the Android or iOS account on the mobile device.

Configuring securityIBM Security Identity Manager Mobile App uses WebSphere Application Serversecurity, and must be deployed with the same user repository that the IBMSecurity Identity Manager Server uses in the WebSphere Application Server.


Before you begin

In addition to user registry requirements, IBM Security Identity Manager userswho are granted access to the mobile application must be assigned theISIMM_CLIENT role.


profile.2. Click Application > Enterprise Applications.3. Click isimmobileversion_war.4. In Details Properties, scroll down and click Security role to user/group

mapping.5. Select the check box for ISIMM_CLIENT.6. Click Map Special Subjects.7. Select All Authenticated in Trusted Realms.8. Click OK.9. Save the configuration settings.

Verifying the installation of the WebSphere applicationIf the application is installed correctly, you can access IBM Security IdentityManager.


profile.2. Click Application > Application Types > WebSphere Enterprise Applications.3. On the Enterprise Application page, verify that isimmobileversion_war is listed.4. Verify that the status of isimmobileversion_war is running.5. Direct your internet browser to one of the following web addresses.

v http://ip-address:port/isimm/

v If SSL is configured, https://ip-address:port/isimm/

Where

ip-addressSpecifies the WebSphere Application Server IP.

port Specifies the port number for the WebSphere Application Server. Thedefault non-SSL port is 9080 and the default SSL port is 9443.

Note: You must use either Chrome 17.0 or higher or Firefox 10.0.7 or higher forthe internet browser.

6. At the prompt, type an IBM Security Identity Manager user ID and password.The main page of IBM Security Identity Manager is displayed.

What to do next

You must install the mobile application on your mobile device. The mobileapplication is available for Android and iOS devices. Select the application for yourdevice.


Installing the iOS applicationYou must install the iOS application on your mobile device before you can useIBM Security Identity Manager.

About this task

This task is performed with either an iPhone or iPad.

Procedure1. Download and install the app from the Apple iPhone App Store. The

application is listed under: IBM Security Services > IBM Security IdentityMobile.

2. Review and follow the "Getting Started" section from the app details on theApp Store.

Installing the Android applicationYou must install the Android application on your mobile device before you can useIBM Security Identity Manager

Before you begin

Extract the content of the IBM Security Identity Manager Mobile App solutionpackage into a temporary directory.

Note: The extracted file name is in the form mobile.android.isimm-release.apk.

About this task

Three options to install the Android application exist.v You can email the mobile.android.isimm-release.apk file and access the email

from your phone.v You can physically copy it the mobile.android.isimm-release.apk file to your

phone. From your phone, navigate to the file location.v Make the mobile.android.isimm-release.apk file available to install through a

URL from your phone.

The third method is used in this task.

Procedure1. Log in to the computer where the WebSphere Application Server is running.2. Navigate to the location of the WebSphere Application Server home directory.

For example, C:\Program Files\IBM\WebSphere\AppServer.3. Locate the directory of the Mobile App WebSphere Application installation

directory For example, ..\AppSrv01\installedApps\BohrNode01Cell\isimmobileversion_war.ear\isimmobileversion.war\

4. Copy the mobile.android.isimm-release.apk file to the Mobile App WebSphereApplication installation directory.

5. Use the web browser of your mobile device to access the following URL.http://ip-address:port/isimm/mobile.android.isimm-release.apk Where:



port Specifies the port number for the WebSphere Application Server. Thedefault non-SSL port is 9080.

Note: If SSL is configured, the URL is https://ip-address:port/isimm/mobile.android.isimm-release.apk

What to do next

You must create an account for the Android application.

Creating an account for the Android applicationBefore you can use the Mobile App, you must create an account that is associatedwith the application.

About this task

When you install the Mobile App, a login screen is displayed. Use the screen tocreate your Android application account.

Note: You can also create an account by using the local Android accountmanagement option and selecting the IBM Security Identity Mobile Manageroption.

Procedure1. Type the information for the following fields.

Server AddressSpecify the URL for the Mobile App WebSphere App URL. Forexample, http://ip-address:port/isimm. If SSL is configured, specifyhttps. Where


port Specifies the port number for the WebSphere ApplicationServer. The default non-SSL port is 9080 and the default SSLport is 9443.

UsernameSpecify an IBM Security Identity Manager user ID.

PasswordSpecify the password for the user ID.

Notification Sync Interval (minutes)Accept the default setting of 10 minutes.

Allow untrusted security certificateAccept the default setting that allows untrusted security certificates.Clear the check box if you do not want to allow untrusted securitycertificates from the Mobile App WebSphere application.

2. Click Sign-in.3. Accept the default setting for the Save Details check box. If you clear this

check box, you are prompted for the login details every time you launch theapplication. You are also not notified of any new IBM Security IdentityManager approval activities.


Chapter 4. IBM Security Identity Manager access control itemconfiguration for approvers

The Mobile App provides an option that enables the approver to make a telephonecall to the IBM Security Identity Manager Account requester and requestee. Thesecalls are made directly from the Request Details screen of the mobile application.

The phone number is displayed as a hyperlink. The approver must be able toretrieve the telephone number values from the requester and requestee details thatare stored in the IBM Security Identity Manager server.

The account approver must have the appropriate access control items (ACIs) set inIBM Security Identity Manager to retrieve the phone number of the requestee andrequester. To display the phone numbers on the Request Details screen, the accountapprover must have:v The ability to search for the IBM Security Identity Manager person.v At a minimum, the read ACI set for the telephonenumber attribute of the IBM

Security Identity Manager person.


Chapter 5. Configuring OAuth in WebSphere ApplicationServer for Mobile App

Optionally, you can configure OAuth, which is an open standard for authorization,in WebSphere Application Server for use as your authentication mechanism for theMobile App.

About this task

When the Mobile App is started, it attempts an OAuth authentication. If theOAuth authentication mechanism is used, the user name and password are notstored on the mobile device.

If OAuth is not configured in WebSphere Application Server, the application usesthe basic authentication mechanism. The user name and password are stored in anencrypted format on the mobile device.

Procedure1. Enable OAuth function in WebSphere Application Server.

a. Enable application security.Validate that application security is enabled in your application server.Application security is not enabled by default in WebSphere ApplicationServer.1) On the WebSphere Application Server administration console, click

Security > Global security.2) Select Enable application security.3) Save your changes and restart the server.

b. Enable OAuth services.1) Stop the server.2) At a command prompt, change location to the app_server_root/bin

directory.The value of app_server_root on a Windows system might beC:\Program Files\IBM\Websphere\Appserver.

3) Run one of the following commands. Successful completion displays themessage: ADMA5013I: Application WASOauth20SP installedsuccessfully.v wsadmin -conntype NONE

–f installOAuth2Service.py install nodeName serverName-profileName profileName

v wsadmin -f installOAuth2Service.py install clusterName

Where:

nodeNameNode name of the target application server.

serverNameName of the target application server.

profileNameName of the profile where the OAuth service provider isinstalled.


clusterNameName of the cluster where the OAuth service provider isinstalled.

c. Enable the OAuth Trust Association interceptor.1) On the WebSphere Application Server administrative console, click

Security > Global security > Security Domains > ISIMSecurityDomain.

2) Under Security Attributes, expand Trust Association.3) Select the option Customize for this domain and check Enable trust

association.4) Click Interceptors.5) Click New and create a new interceptor with an Interceptor class name

of com.ibm.ws.security.oauth20.tai.OAuthTAI6) Add three custom properties:

v Name: provider_1.nameValue: OAuthIsimm

v Name: provider_1.filterValue: request-url^=isimmIf you specified a different web context root during the installation ofthe IBM Security Identity Manager Mobile App WebSphereapplication, use that value instead of isimm.

v Name: provider_1.oauthOnlyValue: false

7) Click OK and save the changes.8) Click Global Security.9) Under Custom properties, specify this custom property information:

Name: com.ibm.websphere.security.InvokeTAIbeforeSSOValue: com.ibm.ws.security.oauth20.tai.OAuthTAIIf this custom property exists, edit its value to addcom.ibm.ws.security.oauth20.tai.OAuthTAI.

10) Click OK.11) Save the configuration.12) Restart WebSphere Application Server.

Note: Verify that Trust Association is enabled after you restartWebSphere Application Server.

d. Copy the OAuth Mediator JAR file.1) Extract the package isimmobileversion.zip. An example is

isimmobile60-6.0.4.1.zip.2) Copy the oauth20/com.ibm.itim.security.oauth20.mediator.jar file to

the app_server_root/plugins directory.e. Copy the mediator.properties file.

1) Extract the package isimmobileversion.zip. An example isisimmobile60-6.0.4.1.zip.

2) Copy the oauth20/ mediator.properties file to thewas_profile_root/properties directory.The value of was_profile_root on a Windows system might beC:\Program Files\IBM\Websphere\Appserver\Profiles\profileName.


3) Edit the necessary properties and uncomment them. If you do not editthe properties, the default values are used.

#isimm.oauth.mediator.provider.url=corbaloc:iiop:localhost:2809#isimm.oauth.mediator.provider.realm=itimCustomRealm#isimm.oauth.mediator.contextFactory=com.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactory#isimm.oauth.mediator.loginContext=WSLogin

f. Define an OAuth provider and add an OAuth client.The OAuth provider is defined with a provider configuration file calledOAuthIsimm.xml and the client is specified in the base.clients.xml file.1) Extract the package isimmobileversion.zip. An example is

isimmobile60-6.0.4.1.zip.2) Copy the oauth20/OAuthIsimm.xml (the OAuth provider) and

oauth20/base.clients.xml (the OAuth client) files to thewas_profile_root/config/cells/cell_name/oauth20 directory. Create theoauth20 directory if it does not exist.

3) Restart the WebSphere Application Server.

Note: After tokens are granted to authorized clients and OAuth services arerestarted, authorized clients cannot continue to access the OAuth services.The lack of access occurs because the token that was granted is notpersisted. The client is again prompted for authentication to continue withnewly generated tokens.

g. Validate OAuth function.Before you run the IBM Security Identity Manager Mobile App, validatethat OAuth is configured properly in the WebSphere Application Server byrunning two cURL commands. cURL is an open software command-lineutility that you can use to transfer files with URL syntax.If the commands run successfully, OAuth is configured properly inWebSphere Application Server.

Note: You can download the cURL command-line utility from the Internetor obtain a Chrome browser plug-in that is named Dev HTTP Client fromthe Chrome web store.

Example command 1Verify that the tokens are granted appropriately to valid IBMSecurity Identity Manager users only. Obtain client_id andclient_secret values from the base.clients.xml file in the oauth20folder in the isimmobileversion.zip package and use those valuesin the following command:

curl -k -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "grant_type=password&client_id=client_id&client_secret=client_secret&username=approver&password=passw0rd" http://172.20.0.130:9080/oauth2/endpoint/OAuthIsimm/token

Output is similar to this example:{"access_token":"ej3yNolPszGOzyO5FIJ1pExKktnvtE8N26NnCdua","token_type":"bearer","expires_in":3599,"scope":"","refresh_token":"wX6LoFw6Il6RKpN4AzDbZxNK5Tzt6Chhkpiy9ocYjfcmQodMFn"}

Example command 2:Verify that the granted token can be used to access Mobile App.

Chapter 5. Configuring OAuth in WebSphere Application Server for Mobile App 17

curl –k –v --header "Authorization: Beareraccess_token_from_command1_output http://172.20.0.130:9080/isimm/apis/v1/persons

The –v option in the command generates a detailed output. Theoutput is the same as when you run http://172.20.0.130:9080/isimm/apis/v1/persons from an Internet browser.

2. Run the IBM Security Identity Manager Mobile App.a. Start the IBM Security Identity Manager Mobile App on your mobile device.b. Verify that the application runs successfully.


Chapter 6. Mobile App error troubleshooting

Troubleshooting can help you determine why a product does not function properly.

Troubleshooting topics provide information and techniques for identifying andresolving problems with the adapter. It also provides information about knownissues and limitations that exist.

Techniques for troubleshooting problemsTroubleshooting is a systematic approach to solving a problem. The goal oftroubleshooting is to determine why something does not work as expected andhow to resolve the problem. Certain common techniques can help with the task oftroubleshooting.

The first step in the troubleshooting process is to describe the problem completely.Problem descriptions help you and the IBM technical-support representative knowwhere to start to find the cause of the problem. This step includes asking yourselfbasic questions:v What are the symptoms of the problem?v Where does the problem occur?v When does the problem occur?v Under which conditions does the problem occur?v Can the problem be reproduced?

The answers to these questions typically lead to a good description of the problem,which can then lead you to a problem resolution.

What are the symptoms of the problem?

When you describe a problem, the most obvious question is “What is theproblem?” This question might seem straightforward; however, you can break itdown into several more-focused questions that create a more descriptive picture ofthe problem. These questions can include:v Who, or what, is reporting the problem?v What are the error codes and messages?v How does the system fail? For example, is it a loop, hang, crash, performance

degradation, or incorrect result?

Where does the problem occur?

Determining where the problem originates is not always easy, but it is one of themost important steps in resolving a problem. Many layers of technology can existbetween the reporting and failing components. Networks, disks, and drivers areonly a few of the components to consider when you are investigating problems.

The following questions help you to focus on where the problem occurs to isolatethe problem layer:v Is the problem specific to one platform or operating system, or is it common

across multiple platforms or operating systems?v Is the current environment and configuration supported?


v Do all users have the problem?v (For multi-site installations.) Do all sites have the problem?

If one layer reports the problem, the problem does not necessarily originate in thatlayer. Part of identifying where a problem originates is understanding theenvironment in which it exists. Take some time to completely describe the problemenvironment, including the operating system and version, all correspondingsoftware and versions, and hardware information. Confirm that you are runningwithin an environment that is a supported configuration. Many problems can betraced back to incompatible levels of software that are not intended to run togetheror were not fully tested together.

When does the problem occur?

Develop a detailed timeline of events that lead up to a failure, especially for thosecases that are one-time occurrences. You can most easily develop a timeline byworking backward: Start at the time an error was reported (as precisely as possible,even down to the millisecond), and work backward through the available logs andinformation. Typically, you need to look only as far as the first suspicious eventthat you find in a diagnostic log.

To develop a detailed timeline of events, answer these questions:v Does the problem happen only at a certain time of day or night?v How often does the problem happen?v What sequence of events leads up to the time that the problem is reported?v Does the problem happen after an environment change, such as upgrading or

installing software or hardware?

Responding to these types of questions can give you a frame of reference in whichto investigate the problem.

Under which conditions does the problem occur?

Knowing which systems and applications are running at the time that a problemoccurs is an important part of troubleshooting. These questions about yourenvironment can help you to identify the root cause of the problem:v Does the problem always occur when the same task is being performed?v Does a certain sequence of events need to happen for the problem to occur?v Do any other applications fail at the same time?

Answering these types of questions can help you explain the environment inwhich the problem occurs and correlate any dependencies. Just because multipleproblems might occur around the same time, the problems are not necessarilyrelated.

Can the problem be reproduced?

From a troubleshooting standpoint, the ideal problem is one that can bereproduced. Typically, when a problem can be reproduced you have a larger set oftools or procedures at your disposal to help you investigate. Problems that you canreproduce are often easier to debug and solve.

However, problems that you can reproduce can have a disadvantage: If theproblem is of significant business impact, you do not want it to recur. If possible,


re-create the problem in a test or development environment, which typically offersyou more flexibility and control during your investigation.v Can the problem be re-created on a test system?v Are there multiple users or applications that are encountering the same type of

problem?v Can the problem be re-created by running a single command, a set of

commands, or a particular application?

For information about obtaining support, see “Support information,” on page 23.

Troubleshooting informationIf you encounter difficulties, you must be able to locate and supply some basicinformation.

Table 4. Troubleshooting information

Mobile App on the mobile device

Mobile App version The version number is displayed with theApp Info from the Manage apps systemsettings

Logging Logging information is not easily obtainedon mobile devices. Use the screen capturefeature on your mobile device to captureerror messages.

WebSphere Mobile Appplication

WebSphere App version The Application name field of theWebSphere Application Server applicationincludes the version number. For example,isimmobile60-6_0_1_36_war is version6.0.1.36. The version can also be obtainedfrom the manifest file atissmmobileversion.war\METS-INF.

Mobile App WebSphere Application Serverapplication log messages

The messages are sent to the standardWebSphere Application Server log files. Goto the SystemOut.log and SystemErr.logfiles in the app server log directory. Forexample, C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\server1

Known issues and limitationsUse the workaround information to correct problems that you might encounterwith the IBM Security Identity Manager Mobile App.

Table 5. Known issues, limitations, and workarounds

Issue or limitation Description

Mobile App account credentials When the credentials of the IBM SecurityIdentity Manager that are used on theMobile App change, you must modify theaccount on the mobile device.Note: The connection with the previouscredentials might still be active until it timesout on theWebSphere Application Server.

Chapter 6. Mobile App error troubleshooting 21

Table 5. Known issues, limitations, and workarounds (continued)

Issue or limitation Description

Mobile App account creation On certain Motorola devices that useMOTBLUR for account management, youcannot save the Mobile App account.

Workaround: You must supply theconnection information every time youlaunch the application.

Clear application cache data on mobiledevice

Removal of the Mobile App account on themobile device does not clear the applicationcache data.

Workaround: Manually clear the applicationdata.

Phone number is displayed on Separation ofDuties (SOD)

If the SOD violation occurs on the initialperson create, the phone number of theperson is not displayed in the violationnotification.

This issue is a known limitation.

com_ibm_itim_isimm.propertiesconfiguration file

The com_ibm_itim_isimm.properties file isnot encrypted. See “Configuring the mobileapp WebSphere application property file” onpage 8.

Globalization on Android 2.x Translated Mobile App labels are notdisplayed on Android 2.x


Mobile App performance for large numbersof requests

The application is designed so that requestscan be acted upon immediately. When thenumber of pending requests approximates100, scrolling and navigation throughrequests is erratic and a noticeabledegradation in performance occurs.



Appendix. Support information

You have several options to obtain support for IBM products.v “Searching knowledge bases”v “Contacting IBM Support” on page 24

Searching knowledge basesYou can often find solutions to problems by searching IBM knowledge bases. Youcan optimize your results by using available resources, support tools, and searchmethods.

About this task

You can find useful information by searching the product documentation for IBMSecurity Identity Manager. However, sometimes you must look beyond the productdocumentation to answer your questions or resolve problems.

Procedure

To search knowledge bases for information that you need, use one or more of thefollowing approaches:1. Search for content by using the IBM Support Assistant (ISA).

ISA is a no-charge software serviceability workbench that helps you answerquestions and resolve problems with IBM software products. You can findinstructions for downloading and installing ISA on the ISA website.

2. Find the content that you need by using the IBM Support Portal.The IBM Support Portal is a unified, centralized view of all technical supporttools and information for all IBM systems, software, and services. The IBMSupport Portal lets you access the IBM electronic support portfolio from oneplace. You can tailor the pages to focus on the information and resources thatyou need for problem prevention and faster problem resolution. Familiarizeyourself with the IBM Support Portal by viewing the demo videos(https://www.ibm.com/blogs/SPNA/entry/the_ibm_support_portal_videos)about this tool. These videos introduce you to the IBM Support Portal, exploretroubleshooting and other resources, and demonstrate how you can tailor thepage by moving, adding, and deleting portlets.

3. Search for content about IBM Security Identity Manager by using one of thefollowing additional technical resources:v IBM Security Identity Manager version 6.0 technotes and APARs (problem

reports).v IBM Security Identity Manager Support website.v IBM Redbooks®.v IBM support communities (forums and newsgroups).

4. Search for content by using the IBM masthead search. You can use the IBMmasthead search by typing your search string into the Search field at the top ofany ibm.com® page.

5. Search for content by using any external search engine, such as Google, Yahoo,or Bing. If you use an external search engine, your results are more likely toinclude information that is outside the ibm.com domain. However, sometimes


http://www.ibm.com/software/support/isa/

http://www.ibm.com/support/entry/portal/overview/software/tivoli/tivoli_identity_manager

https://www.ibm.com/blogs/SPNA/entry/the_ibm_support_portal_videos

http://www.ibm.com/support/search.wss?rs=644&apar=include&tc=SSTFWV&dc=DB520+D800+D900+DA900+DA800+DB550+D100&dtm&atrn=SWVersion&atrv=5.1

http://www.ibm.com/support/search.wss?rs=644&apar=include&tc=SSTFWV&dc=DB520+D800+D900+DA900+DA800+DB550+D100&dtm&atrn=SWVersion&atrv=5.1

http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliIdentityManager.html

http://publib-b.boulder.ibm.com/Redbooks.nsf/portals/Tivoli

http://www.ibm.com/software/sysmgmt/products/support/Tivoli_Communities.html

you can find useful problem-solving information about IBM products innewsgroups, forums, and blogs that are not on ibm.com.

Tip: Include “IBM” and the name of the product in your search if you arelooking for information about an IBM product.

Contacting IBM SupportIBM Support assists you with product defects, answers FAQs, and helps usersresolve problems with the product.

Before you begin

After trying to find your answer or solution by using other self-help options suchas technotes, you can contact IBM Support. Before contacting IBM Support, yourcompany or organization must have an active IBM software subscription andsupport contract, and you must be authorized to submit problems to IBM. Forinformation about the types of available support, see the Support portfolio topic inthe “Software Support Handbook”.

Procedure

To contact IBM Support about a problem:1. Define the problem, gather background information, and determine the severity

of the problem. For more information, see the Getting IBM support topic in theSoftware Support Handbook.

2. Gather diagnostic information.3. Submit the problem to IBM Support in one of the following ways:

v Using IBM Support Assistant (ISA):Any data that has been collected can be attached to the service request.Using ISA in this way can expedite the analysis and reduce the time toresolution.a. Download and install the ISA tool from the ISA website. See

http://www.ibm.com/software/support/isa/.b. Open ISA.c. Click Collection and Send Data.d. Click the Service Requests tab.e. Click Open a New Service Request.

v Online through the IBM Support Portal: You can open, update, and view allof your service requests from the Service Request portlet on the ServiceRequest page.

v By telephone for critical, system down, or severity 1 issues: For the telephonenumber to call in your region, see the Directory of worldwide contacts webpage.

Results

If the problem that you submit is for a software defect or for missing or inaccuratedocumentation, IBM Support creates an Authorized Program Analysis Report(APAR). The APAR describes the problem in detail. Whenever possible, IBMSupport provides a workaround that you can implement until the APAR isresolved and a fix is delivered. IBM publishes resolved APARs on the IBM Support


http://www14.software.ibm.com/webapp/set2/sas/f/handbook/offerings.html

http://www14.software.ibm.com/webapp/set2/sas/f/handbook/getsupport.html

http://www.ibm.com/software/support/isa/

http://www.ibm.com/software/support/

http://www.ibm.com/planetwide/

website daily, so that other users who experience the same problem can benefitfrom the same resolution.

Appendix. Support information 25

Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document inother countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right maybe used instead. However, it is the user's responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not give youany license to these patents. You can send license inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785 U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBMIntellectual Property Department in your country or send inquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan, Ltd.19-21, Nihonbashi-Hakozakicho, Chuo-kuTokyo 103-8510, Japan

The following paragraph does not apply to the United Kingdom or any othercountry where such provisions are inconsistent with local law :

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE.

Some states do not allow disclaimer of express or implied warranties in certaintransactions, therefore, this statement might not apply to you.

This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM Web sites are provided forconvenience only and do not in any manner serve as an endorsement of those Websites. The materials at those Web sites are not part of the materials for this IBMproduct and use of those Web sites is at your own risk.


IBM may use or distribute any of the information you supply in any way itbelieves appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged, should contact:

IBM Corporation2Z4A/10111400 Burnet RoadAustin, TX 78758 U.S.A.

Such information may be available, subject to appropriate terms and conditions,including in some cases payment of a fee.

The licensed program described in this document and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement or any equivalent agreementbetween us.

Any performance data contained herein was determined in a controlledenvironment. Therefore, the results obtained in other operating environments mayvary significantly. Some measurements may have been made on development-levelsystems and there is no guarantee that these measurements will be the same ongenerally available systems. Furthermore, some measurement may have beenestimated through extrapolation. Actual results may vary. Users of this documentshould verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers ofthose products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy ofperformance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.

All statements regarding IBM's future direction or intent are subject to change orwithdrawal without notice, and represent goals and objectives only.

This information contains examples of data and reports used in daily businessoperations. To illustrate them as completely as possible, the examples include thenames of individuals, companies, brands, and products. All of these names arefictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, whichillustrate programming techniques on various operating platforms. You may copy,modify, and distribute these sample programs in any form without payment toIBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operatingplatform for which the sample programs are written. These examples have notbeen thoroughly tested under all conditions. IBM, therefore, cannot guarantee orimply reliability, serviceability, or function of these programs. You may copy,modify, and distribute these sample programs in any form without payment to


IBM for the purposes of developing, using, marketing, or distributing applicationprograms conforming to IBM's application programming interfaces.

Each copy or any portion of these sample programs or any derivative work, mustinclude a copyright notice as follows:

If you are viewing this information softcopy, the photographs and colorillustrations might not appear.

© (your company name) (year). Portions of this code are derived from IBM Corp.Sample Programs. © Copyright IBM Corp. _enter the year or years_. All rightsreserved.

If you are viewing this information in softcopy form, the photographs and colorillustrations might not be displayed.

Trademarks

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks ofInternational Business Machines Corp., registered in many jurisdictions worldwide.Other product and service names might be trademarks of IBM or other companies.A current list of IBM trademarks is available on the Web at "Copyright andtrademark information" at http://www.ibm.com/legal/copytrade.shtml.

Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registeredtrademarks or trademarks of Adobe Systems Incorporated in the United States,other countries, or both.

IT Infrastructure Library is a registered trademark of the Central Computer andTelecommunications Agency which is now part of the Office of GovernmentCommerce.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo,Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks orregistered trademarks of Intel Corporation or its subsidiaries in the United Statesand other countries.

Linux is a trademark of Linus Torvalds in the United States, other countries, orboth.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks ofMicrosoft Corporation in the United States, other countries, or both.

ITIL is a registered trademark, and a registered community trademark of the Officeof Government Commerce, and is registered in the U.S. Patent and TrademarkOffice.

UNIX is a registered trademark of The Open Group in the United States and othercountries.

Cell Broadband Engine and Cell/B.E. are trademarks of Sony ComputerEntertainment, Inc., in the United States, other countries, or both and is used underlicense therefrom.

Notices 29

http://www.ibm.com/legal/copytrade.shtml

Java™ and all Java-based trademarks and logos are trademarks or registeredtrademarks of Oracle and/or its affiliates.

Privacy Policy Considerations

IBM Software products, including software as a service solutions, ("SoftwareOfferings") may use cookies or other technologies to collect product usageinformation, to help improve the end user experience, and to tailor interactionswith the end user or for other purposes. In many cases, no personally identifiableinformation is collected by the Software Offerings. Some of our Software Offeringscan help enable you to collect personally identifiable information. If this SoftwareOffering uses cookies to collect personally identifiable information, specificinformation about this offering’s use of cookies is set forth below.

This Software Offering does not use cookies or other technologies to collectpersonally identifiable information.

If the configurations deployed for this Software Offering provide you as customerthe ability to collect personally identifiable information from end users via cookiesand other technologies, you should seek your own legal advice about any lawsapplicable to such data collection, including any requirements for notice andconsent.

For more information about the use of various technologies, including cookies, forthese purposes, see IBM's Privacy Policy at http://www.ibm.com/privacy andIBM’s Online Privacy Statement at http://www.ibm.com/privacy/details/us/ensections entitled "Cookies, Web Beacons and Other Technologies and SoftwareProducts and Software-as-a Service".


http://www.ibm.com/privacy

http://www.ibm.com/privacy/details/us/en

Index

Aaccess, mobile processing 1account

creation 12management by mobile phone 1mobile processing 1requests 1

ACI configuration 13Android

account creation 12application installation 11

application installation verification 10authentication

mechanism 15OAuth open standard 15

Ccommunication with ssl 9components

requirements 3WebSphere Application Server 5

configurationproperties file 8security 10

cURLcommand examples 15command-line utility 15open software 15

Ddefining shared libraries 5download, software 4

Eeducation x

Ffeature packs

Mobile 5Web 2.0 5

IIBM

Software Support xSupport Assistant x

IBM Support Assistant 24installation

Android application 11iOS application 11mobile app 5Mobile App 7mobile application 7planning 3

installation (continued)roadmap 4WebSphere Application Server feature

packs 5iOS application installation 11ISA 24ISIMM_CLIENT role, for security 10

Kknowledge bases 23known limitations and issues 19, 21

Llibrary definitions 5limitations 21log information 21

MMobile

APP user interface ixfeature pack 5

Nnotices 27

OOAuth

authentication 15configuration 15open authorization standard 15

onlinepublications ixterminology ix

open softwareauthentication, OAuth 15command-line utility, cURL 15

Ppassword management

change or reset 1forgotten 1

permissions for approvers 13prerequisites 3problem-determination xproperties file, configuration 8publications

accessing online ixlist of ix

Rrequest

access 1accounts 1separation of duty violations 1

requirements 3roadmap 4

Sscenarios 1secure communications 9security

configuration 10ISIMM_CLIENT role 10user registry requirements 10

separation of duty violations, mobileprocessing 1

shared librariesassociating 8associating with applications 8WebSphere container-wide 5

softwaredownload 4website 4

ssl configuration 9support contact information 24

Ttasks for installing 4terminology ixtraining xtroubleshooting

contacting support 24errors 19identifying problems 19information 21known issues 21known limitations 19searching knowledge bases 23support website xtechniques for 19

typical usage 1

Uusage scenario 1user registry requirements, for

security 10

Vverifying the application installation 10version numbers 21


WWeb 2.0 feature pack 5WebSphere Application Server

component 5


��

Printed in USA

SC22-5494-03

mobileapp installation and configuration guide installation and configuration guide sc22-5494-03...

Documents