Home
Configuring Mobile
Use the HCL Connections mobile app to perform common tasks from a mobile device.
Administering HCL Connections™ 8 mobile
Depending on the version of HCL Connections™ that your organization is using, there are specific configuration properties that you can customize for the mobile environment.
Configuring OAuth 2.0 token-based authentication
Connections Mobile supports OAuth 2.0 token-based authentication using the internet standard RFC 6749 – The OAuth 2.0 Authorization Framework. Because Connections Mobile is a public application available on public app stores, it implements the Authorization Code Grant Flow to an Authorization Server.
Configuring WebSphere as the OAuth Authorization server
This section provides guidance on how to setup the Connections WebSphere Application Server as the OAuth Authorization server itself. If you are using a different server as the OAuth Authorization server, then this section would not apply to your environment and can be ignored.
Registering the mobile client
Follow these steps to register the Connections Mobile client.

Configuring Mobile
Use the HCL Connections mobile app to perform common tasks from a mobile device.
- Accessibility features for HCL Connections™ iOS mobile app
  Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully.
- Configuring security for Mobile
  You can secure devices that access Connections content using the Connections mobile app.
- HCL Connections™ Social Cloud
  If your users log in to a HCL Connections™ Social Cloud server, there are mobile configuration properties that you can customize for the cloud environment.
- Administering HCL Connections™ 8 mobile
  Depending on the version of HCL Connections™ that your organization is using, there are specific configuration properties that you can customize for the mobile environment.
  - Updating Mobile app configuration properties for HCL Connections 8 via the Mobile Administration console
    Configuration properties control how users can interact with the Connections mobile app.
  - Mobile configuration properties for HCL Connections™ 8
    Configuration properties in the mobile-config.xml file control how users can interact with the Connections mobile app.
  - Changing Mobile configuration property values
    Modify the configuration properties in the mobile-config.xml file to control how users can interact with the Connections Mobile native app.
  - Configuring Push Notifications for Mobile
    Enable notifications to be sent to mobile users about Connections events.
  - Configuring HTTP Proxy support for Push Notifications for Mobile
    Enable notifications to be sent to mobile users about Connections events.
  - Configuring OAuth 2.0 token-based authentication
    Connections Mobile supports OAuth 2.0 token-based authentication using the internet standard RFC 6749 – The OAuth 2.0 Authorization Framework. Because Connections Mobile is a public application available on public app stores, it implements the Authorization Code Grant Flow to an Authorization Server.
    - Roadmap for enabling OAuth 2.0 token-based authentication
      Here are the high level steps for enabling OAuth 2.0 token-based authentication. Consult the links for detailed instructions for each step.
    - Configuring the OAuth Authorization server
      HCL Connections Mobile uses internet standard OAuth 2.0 authentication flows when using the OAuth authentication feature. It has been explicitly tested using the following authentication servers: IBM WebSphere Application Server 8.5.5.10 and Security Access Manager (ISAM) 9.0.4.
    - Configuring the Connections Mobile server for OAuth
      This is a two-step process to first update the WebSphere Trust Association Interceptor filter for OAuth, and then second, update the mobile-config.xml.
    - Configuring WebSphere as the OAuth Authorization server
      This section provides guidance on how to setup the Connections WebSphere Application Server as the OAuth Authorization server itself. If you are using a different server as the OAuth Authorization server, then this section would not apply to your environment and can be ignored.
      - Registering the mobile client
        Follow these steps to register the Connections Mobile client.
      - Supporting Auto-Authorization on OAuth enabled servers
        Follow these steps to support the Auto-Authorization on OAuth enabled servers.
      - Adding the WebSphere OAuth Endpoint URLs to mobile-config.xml
        This topic describes the default WebSphere OAuth endpoint URLs for authorize and token. These are required when populating mobile-config.xml and using WebSphere as the OAuth Authorization server.
    - Configuring ISAM as the OAuth Authorization server
      HCL Security Access Manager (ISAM) is a security appliance that is capable of providing OAuth 2.0 Authorization Server support as well as an edge proxy that can consume the tokens for authorization and authentication by means of its WebSEAL proxy. For documentation, see ISAM OAuth 2.0 and OIDC support.
    - Migrating from previous authentication types to using OAuth
      If there are users who have deployed the Connections Mobile app, they can be automatically migrated to using OAuth once the OAuth infrastructure is in place and the mobile-config.xml has been modified to indicate that OAuth should be used as the authentication type. If there are already users deployed with Connections Mobile, make sure that the OAuth Authorization server is in place and functional before making any changes to mobile-config.xml. Updating mobile-config.xml must be the last step, as once this is made, Connections Mobile apps will start using a new authentication method.
    - Using client identity certificates
      Connections Mobile 6.0.7 or later supports authentication using client identity certificates plus OAuth token-based authentication. This provides an additional authentication factor if this is desired.
    - Using device identity certificates
      Enable the aunthentication checks using certain device certificates.
- Administering HCL Connections™ 7 mobile
  Depending on the version of HCL Connections™ that your organization is using, there are specific configuration properties that you can customize for the mobile environment.
- Administering HCL Connections™ 6.5 mobile
  Depending on the version of HCL Connections™ that your organization is using, there are specific configuration properties that you can customize for the mobile environment.
- Administering HCL Connections™ 6.0 mobile
  Depending on the version of HCL Connections™ that your organization is using, there are specific configuration properties that you can customize for the mobile environment.
- Administering HCL Connections™ 5.5 mobile
  Depending on the version of HCL Connections™ that your organization is using, there are specific configuration properties that you can customize for the mobile environment.

Registering the mobile client

Follow these steps to register the Connections Mobile client.

Procedure

Load WebSphere Application Server administration using wsadmin. Replace the -user and -password values with your environment's WebSphere Application Server admin credentials.
```
./wsadmin.sh -lang jython -user wasadmin -password password
```
Load the OAuth admin commands.
```
execfile('oauthAdmin.py')
```

Register the Connections Mobile Server application.

OAuthApplicationRegistrationService.addApplication("connections_social_mobile", "Connections Mobile", "com.ibm.ibmscp://com.ibm.mobile.connections/token")

Review the list of registered applications to ensure registration was successful.
```
OAuthApplicationRegistrationService.browseApplications()
```
Connections Mobile is a public OAuth client and public clients are not enabled by default in the WebSphere Connections Provider definition file. To enable public OAuth clients, modify the connectionsProvider.xml. (located, for example, in \HCL\WebSphere\AppServer\profiles\DMgr01\config\cells\nameCell01\oauth20\) that is used to configure the provider. Locate the parameter named oauth20.allow.public.clients and change the value from false to true. For example:
```
<parameter name="oauth20.allow.public.clients" type="cc" customizable="true">
 <value>true</value>
</parameter>
```
Once the connectionsProvider.xml is updated, recreate the OAuth Provider using the following command. Ensure that the filename references the location of your connectionsProvider.xml. Ensure the user and password parameters matches your actual WebSphere Application Server administrator credentials.
```
./wsadmin.sh -lang jython -conntype SOAP -c "print AdminTask.createOAuthProvider('[-providerName  connectionsProvider -fileName  /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/nameCell01/oauth20/connectionsProvider.xml]')" -user wasadmin -password password
```
Restart WebSphere Application Server to pick up the new changes.

Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page.