The CA Identity Manager Mobile Application architecture is designed to provide a set of CA Identity Manager capabilities for various mobile devices, such as Smart phones and Tablets. The capabilities selected for the Mobile Application are based on critical business need and those whose user interaction are appropriate for smaller devices.
The architecture is centered on the use of a Configuration component specific for the Application and RESTful Web Services that expose the CA Identity Manager server capabilities. The CA Identity Manager Server supports the ability to manage a given environment’s Mobile Application configuration and the configuration of the REST web services used by the application.
Note: The REST Web Services are particular to the CA Identity Manager Mobile Application, and are not intended to be public APIs, unlike the SOAP-based Task Execution Web Services (TEWS).
The REST Web Services can support multiple configurations per CA Identity Manager Environment (IME), where each configuration is typically associated with a particular REST client, such as the Mobile Application. The high level architecture and relationship between the Mobile Application Configuration and Web Service Configuration is shown below.
The REST Web Services configuration requires a specific set of options selected in order for the Mobile Application to function. A Web Service configuration must be defined via the Web Service Configuration Task prior to creating the Mobile Application Configuration, also available via an Administrative Task.
Mobile Application Web Service Configuration Details
A REST Web Service configuration consists of the following elements:
The table below shows the Web service Configuration details and the setting required for the Mobile Application.
|
Configuration Section |
Item |
Description |
Mobile App Setting |
|
Profile |
name |
The name of the configuration |
Deployment choice |
|
|
identifier |
The unique identifier that a given client must set in the "Configuration-Id" http header of each CA Identity Manager Server request. |
Deployment choice. The Mobile App Configuration Service returns the identifier that must be used in all subsequent REST requests. |
|
|
Enabled |
Enables/disables the configuration |
True |
|
Security |
Require Secure Communication |
https required or not |
Deployment choice. Value downloaded by Mobile App Configuration Service. |
|
|
Enable Encryption |
Used to encrypt payload for non-SSL. Requires client-side crypto library, encryption key knowledge and explicit client-side encrypt/decrypt support |
Not used. Leave unchecked. |
|
|
Configuration secret |
The shared secret required as part of the REST client to server trust model. |
Must be specified. Deployments should generate the secret when defining the configuration instance. |
|
Object Types |
Object type |
The object types that are exposed as REST resources. |
The User object type |
|
|
Methods and Attributes |
The resource methods (CRUD) supported for a selected object type and the set of attributes allowed for those methods. |
The User object type with View Access to the following attributes as represented in the deployment specific User Schema:
|
|
Self-Administration |
Member Rule |
A rule indicating which users can perform self-administration. |
Should match the Member rule on the Mobile App Configuration.
Set of attributes for modification should be empty. |
|
|
Enable Password Reset |
Enables users to reset their own password |
Enable |
|
|
Attributes |
The set of attributes user can manage by themselves |
Empty list |
|
Members |
Members |
Defines rules for which users are authorized to invoke the REST operations defined for this configuration |
A member rule that matches the set of Mobile App Users |
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|