kony mobilefabric user guide

Kony MobileFabric

User Guide

On-Premises

Release 6.5Document Relevance and Accuracy

This document is considered relevant to the Release stated on this title page and the document version stated on the

Revision History page. Remember to always view and download the latest document version relevant to the software

release you are using.

2014 by Kony, Inc. All rights reserved 1 of 612

Kony MobileFabric User GuideVersion3.0

Copyright 2014 Kony, Inc.

All rights reserved.

July, 2015

This document contains information proprietary to Kony, Inc., is bound by the Kony license

agreements, andmay not be used except in the context of understanding the use andmethods of

Kony, Inc., software without prior, express, written permission. Kony, Empowering Everywhere, Kony

Modeler, and Kony Visualizer are trademarks of Kony, Inc. MobileFabric is a registered trademark of

Kony, Inc. Microsoft, theMicrosoft logo, Internet Explorer, Windows, andWindowsVista are

registered trademarks of Microsoft Corporation. Apple, the Apple logo, iTunes, iPhone, iPad, OS X,

Objective-C, Safari, Apple Pay, AppleWatch, and Xcode are trademarks or registered trademarks of

Apple, Inc. Google, the Google logo, Android, and the Android logo are registered trademarks of

Google, Inc. Chrome is a trademark of Google, Inc. BlackBerry, PlayBook, Research inMotion, and

RIM are registered trademarks of BlackBerry. SAP and SAP Business Suite are registered

trademarks of SAP SE in Germany and in several other countries. All other terms, trademarks, or

servicemarksmentioned in this document have been capitalized and are to be considered the

property of their respective owners.



Revision History

Date Document Version Description of Modifications/Release

07/14/2015 4.0 Document updated for Release 6.5:

l Added support for Export and Import Apps

l UpdatedMetrics APIs: iOS, Android,

JavaScript, and KonyStudio JS

l API Management

l Reporting/Analytics support

l Active Directory for management console

l Integration with CA Siteminder for On-

Premise Security

l Reconfiguration of app/service parameters

during publish

l Added support for Database Connector

integration support

l Publish APIs

l Support forWebLogic

l Support for Oracle

l Consolidated installer for all MobileFarbic

components



Date Document Version Description of Modifications/Release

03/30/2015 3.0 Document updated for Release 6.0.3

l Added support for custom authorization

(custom auth)

l Added support for Facebook integration

support

l Added support for public and protected

operations for integration services

l Added support for manual publish for apps

l Added support for reporting and analytics

(standard reports and standardmetrics)

l Added support for Tomcat multinode

installation via manual publish.

02/17/2015 2.0 Document updated for Release 6.0.2

01/23/2015 1.0 Initial Release for Fall Wave Release 6.0



Table of Contents

1. Preface 14

1.1 Purpose 15

1.2 Intended Audience 15

1.3 Formatting Conventions Used in This Guide 15

1.4 Related Documents 17

1.5 Contact Us 17

2. Accessing Kony MobileFabric Console - On-premises 18

2.1 How to Get Started With Kony MobileFabric Console 18

2.2 How to Log In to Kony MobileFabric Console 21

3. Environments 25

3.1 How to Add an Environment 25

3.2 How to Modify an Environment 31

3.3 How to Delete an Environment 34

4. Features 35

4.1 How to Add Applications 35

4.2 APIManagement 37

4.3 Exporting and Importing an Application 39

4.3.1 Introduction 39

4.3.2 Use Cases 39

4.3.3 How to Export an App 40

4.3.4 How to Import an App as a New App 42

4.3.5 How to Import an App to an Existing App 47



4.3.6 Folder Structure of an Exported App 50

4.4 Identity 62

4.4.1 Microsoft Active Directory 63

4.4.2 Salesforce 83

4.4.3 SAML 89

4.4.4 Kony SAP Gateway 98

4.4.5 Kony Custom Identity Service 101

4.4.6 Facebook 110

4.4.7 Kony User Repository 114

4.4.8 Use an Existing Service 126

4.4.9 Existing Services - Actions 127

4.4.10 How to Enable Cross-origin Resource Sharing 128

4.5 Integration 129

4.5.1 How to Configure an XML Service 134

4.5.2 How to Configure a SOAP Service 138

4.5.3 How to Configure a JSON Service 144

4.5.4 How to Configure a Java Connector 152

4.5.5 How to Configure a Database Service 166

4.5.6 How to Configure a Salesforce Service 185

4.5.7 How to Configure Kony SAPGateway 196

4.5.8 How to Configure a MuleSoft Service 207

4.5.9 How to Use an Existing Service 219

4.5.10 How to Use Existing Services - Actions 221



4.6 Orchestration 222

4.6.1 Composite Services 222

4.6.2 Looping Services 223

4.6.3 Features of Orchestration Service 223

4.6.4 Creating a New Composite Service 223

4.6.5 Creating a New Looping Service 227

4.6.6 Use an existing Service 230

4.6.7 Existing Services - Actions 231

4.7 Synchronization 232

4.7.1 Sync Configuration file 232

4.7.2 Adding a New Synchronization Scope 234

4.7.3 Validate Sync Configuration 244

4.7.4 Download the Sync Configuration 245

4.7.5 Kony MobileFabric Sync Console 245

4.8 Messaging 246

4.8.1 Add Push Certificates 246

4.8.2 Accessing Messaging Service Console 253

4.9 Manage Client App Assets 254

4.9.1 Uploading Client Binaries to MobileFabric 255

4.9.2 Publishing Client Binaries from MobileFabric 262

4.9.3 Publishing Native Client Binaries from EMM to Devices 266

4.9.4 Upgrading Client Binaries 266

4.10 Publish 268



4.10.1 Automated Publish Apps in MobileFabric Console 269

4.10.2 Manual Publish Apps in MobileFabric Console 274

4.10.3 Continuous Integration with MobileFabric APIs 283

4.10.4 Publish Life-cycle 307

4.10.5 Publish Failure Error Messages 310

4.10.6 Code Results of an Published App 311

4.10.7 Application Reconfiguration 315

5. Downloads 328

5.1 Installers 328

5.1.1 Installers - Kony MobileFabric Integration 329

5.1.2 Installers - Kony MobileFabric Sync 330

5.1.3 Installers - Kony MobileFabric Messaging 331

5.1.4 Kony Tools - Kony Studio Installer 332

5.2 SDKs 333

6. SDKs 334

6.1 iOS 335

6.1.1 Prerequisites 335

6.1.2 Downloading Kony iOS SDK Files 335

6.1.3 Configuring the Framework 336

6.1.4 Installing com.kony.KonySDK.docset in Xcode 341

6.1.5 Initializing the iOS Client SDK 343

6.1.6 Invoking an Identity Service 344

6.1.7 Invoking an Integration Service 348



6.1.8 Invoking a Messaging Service 349

6.1.9 Invoking a Sync Service 353

6.1.10 Invoking a Reporting Service 371

6.1.11 Invoking a Metrics Service 375

6.1.12 API Reference 389

6.2 Android 389


6.2.2 Downloading Kony Android SDK Files 390

6.2.3 Configuring Kony Android SDK 391

6.2.4 Accessing kony-sdk Docset 399

6.2.5 Initializing the Android Client SDK 399






6.2.11 Invoking a Metrics Service 438


6.3 PhoneGap 458


6.3.2 Downloading Kony PhoneGap SDK Files 458

6.3.3 Installing Node.js 459

6.3.4 Downloading Android SDK Files 459



6.3.5 Installing Cordova 460

6.3.6 Creating a Cordova App 460

6.3.7 Accessing com.kony.sdk.doc for PhoneGap 463

6.3.8 Initializing the Cordova Client SDK 464

6.3.9 Setting UserId 464







6.4 JavaScript 471


6.4.2 Downloading Kony Plain JS SDK Files 472

6.4.3 Accessing kony-sdk.doc 473

6.4.4 Initializing the JS Client SDK 473



6.4.7 Invoking a Metrics Service Object 479

6.4.8 APIReference 489

6.5 Kony Studio 489


6.5.2 Downloading Kony IDE SDK Files 489



6.5.3 Configuring Kony-SDK.JS 490

6.5.4 Initializing the Kony JS Client SDK 494

6.5.5 Setting UserID 498





6.5.10 Invoking a Metrics Service Object 511

6.5.11 Invoking Sync APIs 526

6.5.12 APIReference 526

7. Settings 527

7.1 User Management 527

7.1.1 Users 527

7.1.2 Groups 539

7.1.3 Identity Providers 544

7.2 Proxy 553

7.2.1 How to Configure a Proxy 553

7.2.2 How to Enable a Proxy to an Integration Service 556

7.2.3 How to Delete a Proxy 556

7.3 Studio 557

7.3.1 How to Configure -D parameters in Kony Studio in Windows OS 558

7.3.2 How to Configure -D parameters in Kony Studio in Mac OS 558

7.4 Reports 562



7.4.1 How to Configure the JasperReports Server 563

8. Tutorials 567

9. Appendix - Sync Strategy 568

9.1 Over The Air Sync (OTAsync) 568

9.2 Persistent Sync 569

9.3 When to Use which Sync Strategy? 570

9.3.1 OTASync Strategy is recommended solution when: 570

9.3.2 PersistentSync is recommended solution when: 571

9.3.3 What are the prerequisites for OTASync strategy ? 572

9.3.4 What are the prerequisites for PersistentSync strategy? 572

9.4 ChangeTracking 573

9.5 Conflict Resolution 573

10. Appendix - App Services 574

10.1 Kony Studio Apps 574

10.1.1 Invoking an operation 575

10.1.2 Launching an App 579

10.1.3 Deleting an app 579

10.2 Integration Services 580


10.3 Orchestration Services 586


10.4 Logs 589

10.4.1 Archived Logs 590



10.4.2 Snapshot Logs 593

10.5 Logger Levels 596

10.5.1 Assigning a logger level 597

10.6 HealthCheck 598

10.7 Reports 599

11. Appendix - Frequently Asked Questions (FAQs) 602

11.1 Connection Issues While Creating a Salesforce Service Using KonyMobileFabric 602

11.2 Issues Publishing an Application Using MobileFabric Console 603

12. Limitations 609

13. Index 610


1. Preface Kony MobileFabric User GuideVersion3.0

1. Preface

KonyMobileFabric is aMobile Back-end as a Service (MBaaS) provider that helps developers build

native and web apps for mobile. Various back-end services are easily integrated with the application

irrespective of whether the application is built using JavaScript, PhoneGap, iOS, or Android

frameworks.

MobileFabric allows you to define the back-end to build nativemobile apps for iOS, Android, and

HTML5-based apps for modern browsers. MobileFabric ensures that developers build mobile

applications quickly by focusing on core areas and obtaining secured back-end services instantly.

MobileFabric hasmultiple features that can be used - Identity, Integration, Orchestration, Sync, and

Messaging. These features can be accessed through a common, centralized console.

For successful authentication with users, and to access the centralized features of MobileFabric, Kony

recommends that you install the followingMobileFabric features on premises:

l KonyMobileFabric Identity and Console

l KonyMobileFabric Integration

l KonyMobileFabricMessaging

l KonyMobileFabric Sync

KonyMobileFabric supports the following back-end services for your applications:

l Identity: This feature allows you to define the type of authentication used for granting access to

your application. MobileFabric supports the following authentication services: Microsoft Active

Directory, Salesforce, Security AssertionMarkup Language (SAML), Kony SAP Gateway,

Kony Facebook, and KonyUser Repository.

l Integration: This feature allows you to define various back-end services for your application.

You can define the service in XML, SOAP, JSON, Java, Salesforce, and Kony SAP Gateway.



l Orchestration: This feature allows you to create two types of orchestration services. They are:

o Composite: Allows you to run two or more services concurrently or sequentially.

o Looping: Allows you to run a single service in a loop until the loop ends or an exit criteria is

met.

l Synchronization: This feature allows you to define the synchronization services for your

application. Sync supports onlyWeb Services, except SAP Sky.

l Messaging: This feature allows you to define and configure pushmessaging services for your

application.

1.1 Purpose

The document helps you familiarize with the KonyMobileFabric and provide procedural information to

perform various tasks required to build your application.

1.2 Intended Audience

This document is intended for developers who would like to turn their applications into an enterprise-

grade applications using Kony back-end services.

1.3 Formatting Conventions Used in This Guide

The following formatting conventions are used throughout the document:



Conventions Explanation

Monospace l User input text, system prompts, and responses

l File path

l Commands

l Program code

l File names

Italic l Emphasis

l Names of books and documents

l New terminology

Bold l Windows

l Menus

l Buttons

l Icons

l Fields

l Tabs

l Folders

URL Active link to a URL.

Note:Provides helpful hints or additional information.

Important:Highlights actions or information that might cause problems to systems or

data


http://a/


1.4 Related Documents

Document Purpose

Kony MobileFabric

Installation GuideWindows

This document explains how to install Kony MobileFabric and

additional software on yourWindows computer.

Kony MobileFabric

Installation Guide Linux

This document explains how to install Kony MobileFabric and

additional software on your Linux.

1.5 Contact Us

Wewelcome your feedback on our documentation.Write to us at [email protected]. For technical

questions, suggestions, and comments, or to report problems on Kony's product line, contact

[email protected].


mailto:[email protected]?subject=Documentation Feedbackmailto:[email protected]

2. Accessing Kony MobileFabric Console - On-premises Kony MobileFabric User GuideVersion3.0

2. Accessing Kony MobileFabric Console - On-premises

Before you use various KonyMobileFabric services, youmust create a superuser.

To access KonyMobileFabric, follow these steps:

1. How to Get StartedWith KonyMobileFabric Console

2. How to Log In to KonyMobileFabric Console

2.1 How to Get Started With Kony MobileFabric Console

After MobileFabric is installed, you need to configure identity services, and create your administrator

account. Based on the installation, you will see the a list of URLs in the Install Complete window,

shown below:



To launch Kony MobileFabric Console, follow these steps:

1. From the Install Complete window, copy the URL fromKony MobileFabric Console URL,

and then go to the URL in your web browser.

Note: To remember the URL of this portal, bookmark the URL by adding it to your favorites.

The Kony MobileFabric Get started! page appears if you have not configured your identity

services.



Note: Fieldsmarked with an asterisk aremandatory.

2. In Kony Identity Service URL text box, enter Kony Identity Service URL from the Install

Complete page.



3. Under the Kony MobileFabric Console Admin Details,enter the following details:

l First Name: Enter the first name of the user.

l Last Name: Enter the last name of the user.

l Email: Enter the email address of the user. It can include alphanumeric and special

characters that follow standard email address form.

l Enter password:Enter the password for the user. It can be a combination of

alphanumeric and special characters.

l Re-enter password: Retype the password to ensure the user's identity.

4. Click Create.

Once the details are validated for one-time configuration, the systemwill:

l Associate your credentials with MobileFabric identity services and authorization services.

l Display the Sign in to your Kony Account page.

2.2 How to Log In to Kony MobileFabric Console

If you have configured identity services and created your administrator account (MobileFabric

superuser account), you can log in to theMobileFabric console. A superuser will have owner

permissions by default.

1. Go to Kony MobileFabric Console URL that you bookmarked in the previous section. The

Sign in to Kony MobileFabric page appears.



2. Provide your Kony administrator account log-in credentials (email and password) that you have

created.

3. From the Source drop-down list, choose the source type. By default, the Source lists the Kony

User Store.

The Source lists configured active directories only if you have configured active directories in the

Settings > User Management > Identity Providers.

The Domain drop-down list appears only if you choose Active Directory as source.

When a username is common acrossmultiple sources andmultiple domains in Active Directory,

a user is asked to provide source and domain details for authentication. Because there are

users frommultiple sources, both the Source and Domain should be differentiated. A user must

provide both the Source and Domain before authentication occurs.



4. From the Domain drop-down list, choose one of the domains of Active Directory.

5. Click Sign in.

After your credentials are validated, you are directed to your MobileFabric account. By default,

the Apps page appears.

From this page, you can navigate to the following:

l Consoles: The following consoles are available for each cloud account:

l App Services: For more information, refer to Appendix - App Services.htm.

l Kony MobileFabric Sync: For more information, refer to

http://docs.kony.com/konylibrary/sync/kony_sync_console_user_

guide/Default.htm

l Kony MobileFabric Messaging: For more information, refer to

http://docs.kony.com/konylibrary/messaging/kms_console_user_

guide/Default.htm.

l For more information on Applications, refer to Adding Applications.

l For more information on Environments, refer to Environments.

l For more information on Reports, refer to KonyReporting and Analytics - Standard

Metrics and Reports.


http://docs.kony.com/konylibrary/sync/kony_sync_console_user_guide/Default.htmhttp://docs.kony.com/konylibrary/sync/kony_sync_console_user_guide/Default.htmhttp://docs.kony.com/konylibrary/messaging/kms_console_user_guide/Default.htmhttp://docs.kony.com/konylibrary/messaging/kms_console_user_guide/Default.htmhttp://docs.kony.com/konylibrary/mobilefabric/standard_metrics_reports_guide/Default.htmhttp://docs.kony.com/konylibrary/mobilefabric/standard_metrics_reports_guide/Default.htm


Refer to http://docs.kony.com/konylibrary/mobilefabric/custom_metrics_and_

reports/default.htm

l For more information on Settings, refer to Settings.


http://docs.kony.com/konylibrary/mobilefabric/custom_metrics_and_reports/default.htmhttp://docs.kony.com/konylibrary/mobilefabric/custom_metrics_and_reports/default.htm

3. Environments Kony MobileFabric User GuideVersion3.0

3. Environments

You need to create an environment to publish your apps. Environments can include at least one server

or a combination of all servers, such as KonyMobileFabric Integration, KonyMobileFabricMessaging,

KonyMobileFabric Sync, and KonyMobileFabricManagement.

Important: As a user, youmust be an admin or owner to access the Environments page and

perform different tasks based on your role.

Important: Ensure that your environments include all required servers that are part of an app.

For example, if your environment contains only KonyMobileFabric Sync, and you try to publish an

app with KonyMobileFabricMessaging, the system throws an error.

3.1 How to Add an Environment

You can add environments with different combinations of servers.

To add an environment, follow these steps:



1. In your MobileFabric account, click Environments. The Environments page appears.



2. Click the Add a New Environment button. The Add a New Environment window appears.

3. In the Add a New Environment, enter an environment name.

Note: Your Environment name can only contain letters, numbers and hyphens (-). A

hyphen cannot appear at the beginning or end of a name. A number cannot appear the

beginning of a name. A name should be aminimumof three characters and amaximumof

20 characters long.

4. Select the Allow Manual Publish Only check box to confirm this environment to be amanual

publish environment. By default, the Allow Manual Publish Only check box is cleared.



Important: If you create an environment by selecting the Allow Manual Publish Only

check box, in the Publish tab, theManual Publish icon appears for the

environment. TheManual Publish icon denotes that the environment is configured

for manual publish. For more details about how to usemanual publish, refer to the Publish

section.

5. In the services section, follow these steps.

The following dialog contains the server, messaging, sync, andmanagement tabs. The input

values are URL, username, and password. By default, the systemwill display the Server tab.

a. In the Server tab, provide the following details:

l URL: Enter the URL for your KonyMobileFabric Integration.

l Username: By default, this field shows the default username of KonyMobileFabric

Integration. You canmodify the username, if required.

l Password: By default, this field shows the default password of KonyMobileFabric

Integration. You canmodify the password, if required.

Note: You need tomodify the username and password only if these credentials are

changed via KonyMobileFabric Server Console.

b. To configure the KonyMobileFabricMessaging, click theMessaging tab, and provide the

following details:

l URL: Enter the URL for your KonyMobileFabricMessaging.


Messaging. You canmodify the username, if required.


Messaging. You canmodify the password, if required.



Important: Support for KonyMobileFabricMessaging is available fromKony

MobileFabricMessaging Version 6.0.1 onwards.

c. To configure the KonyMobileFabric Sync, click the Sync tab, and provide the following

details:

l URL: Enter the URL for your KonyMobileFabric Sync.


Sync. You canmodify the username, if required.


Sync. You canmodify the password, if required.

d. To configure themanagement server, click theManagement tab, and provide the

following details:

l URL: Enter the URL for your KonyMobileFabricManagement server.


Management server. You canmodify the username, if required.


Management server. You canmodify the password, if required.

6. Once you enter details, click Test Connection.

If the server details are correct, the system displays a checkmark next to a service, shown

below:



Important: The system allows you to add a unique server URL to only one environment.

If a server is already configured with an environment and you try to add the same server to

another environment, the systemwill throw an error, shown below:

ClickOK to confirm.



7. Click Save to apply the environment capabilities. The environment is created in the

Environments page.

The Environment list view displays the following columns:

l Environment Name: Displays the name of the environments.

l Administration: Displays servers configured for an environment, such as Kony

MobileFabric Integration, KonyMobileFabricMessaging, KonyMobileFabric Sync, and

KonyMobileFabricManagement.

3.2 How to Modify an Environment

TheMobileFabric Console allows you to view aswell as addservers to an environment.

To modify an environment, follow these steps:




2. ClickModify for the environment.

TheModify Environment page appears, shown below:



You cannot edit the Environment Name and URL fields.

3. You canmodify the environment to bemanual publish or auto publish. Select the Allow Manual

Publish Only check box to confirm this environment to be amanual publish environment.

Important: If you create an environment by selecting the Allow Manual Publish Only

check box, in the Publish tab, theManual Publish icon appears for the

environment. TheManual Publish icon denotes that the environment has been

configured for manual publish. For more details about how to usemanual publish, refer to

Publish section.

4. Click other tabs to add servers.

5. Click Test Connection to validate the details.

6. Click Save.



3.3 How to Delete an Environment

When an environment is deleted, the system deletes the environment and its data from the console.


2. In the Environment Name column, navigate to the environment, and then click Delete.

The Delete confirmation page appears, shown below:

3. Click Delete. The system deletes the environment from the grid.


4. Features Kony MobileFabric User GuideVersion3.0

4. Features

Following are the features of KonyMobileFabric:

l Adding Applications: You provide the basic details of an app, such as the name and icon. You

can add the following services to your app:

l Identity: Provide an authentication service for your app.

l Integration: Provide various services for your app.

l Orchestration: Addmultiple services to your app.

l Synchronization: Upload the sync file required for synchronizing your app and server.

l Messaging: Upload various certificates to the platforms for pushingmessages.

l Publish: After adding the required services, publish your app.

4.1 How to Add Applications

To add an app to your MobileFabric, follow these steps:

1. Go to Kony MobileFabric Console URL that you bookmarked in the How to Access Kony

MobileFabric Console section.

2. In the Sign in to Kony MobileFabric page that appears, provide your Kony administrator

account log-in credentials that you have created, and click Sign in.

Note: For more details about how to get started and log in to console, refer to Accessing

KonyMobileFabric Console.

After validating your credentials, you are directed to your MobileFabric account.

3. From the left pane, click the Apps. In the right pane, the Applications and API Management



tabs appear. By default, the Applications page appears listing existing apps.

Note: To configure services (such as identity, integration, orchestration, synchronization,

andmessaging) within an app, in the Applications page, click CustomApps > ADD NEW

and follow the below steps.

Note: To configure services (such as identity, integration, and orchestration) separately

outside an app, click API Management. For more details, refer to APIManagement.

4. In the Applications page, click Custom Apps > ADD NEW.

5. A new app is added, and you are directed to the Identity page of the new app. From here you

can:

l Provide a name and an image for your app.



n Click the Edit button to provide a unique name for your app.

n Click the Image button to select an image from your localmachine.

Note: The image size should be less than 20 KB.

l Add and configureMobileFabric services.

You can add and configure the following services:

l Identity

l Integration

l Orchestration

l Synchronization

l Messaging

4.2 APIManagement

With API Management, you can configure andmanage (create, edit, and delete) app services

(identity, integration, and orchestration) without linking or configure themwithin an app. After

configuring these services in the APIManagement, you can edit, clone, view a sample code, and

delete a service. When you create these services in the APIManagement page, these services are



not linked to apps automatically. You can link these services across any apps created for an account in

MobileFabric Console. You can link these services only through the Existing Services dialog while

you are adding apps.When youmake any changes to these services in the APIManagement page,

the changeswill reflect in those services associated with other apps.

To display the APIManagement page, follow these steps:

1. In MobileFabric Console, click the Apps tab. By default, the Applications page appears.

2. Click APIManagement. By default the Identity tab appears under APIManagement.

From the APIManagement page, you can configure the following services:

l To configure an identity service, click the Identity tab in the APIManagement page. Click

CONFIGURE NEW. A new identity service is added. For more details, refer to Identity.

Note: Enabling cross-origin resource sharing (CORS) allows external web applications on

domains to access the identity services in your MobileFabric account. For more details,

refer to Identity> CORS.

l To configure an integration service, in the APIManagement page, click the Integration tab. Click

CONFIGURE NEW. A new integration service is added. For more details, refer to Integration.

l To create an orchestration service, in the APIManagement page, click the Orchestration tab. A

new orchestration service is added. For more details, refer to Orchestration.



4.3 Exporting and Importing an Application

4.3.1 Introduction

You can export apps from one workspace (Kony account) and import them to different workspaces of

MobileFabric Console. An exported or imported app has services configured into it.

A MobileFabric app comprises a group of services. They are:

l Non-shared services that cannot be shared with other apps, such as KonyMobileFabric Sync

and KonyMobileFabricMessaging.

o KonyMobileFabric Sync enables developers to add synchronization capabilities tomobile

applications. Fundamental to Sync Framework is the ability to support offline and

collaborative data between devices and the back-end systems.

o KonyMobileFabricMessaging allows developers to upload push certificates for iOS,

Android, BlackBerry, andWindows 8 RT platforms.

l Shared services that can be shared with other apps, such as custom code .JAR files, integration

services, and orchestration services.

o The integration service of an application represents the application interaction with the

external data source.

o Service orchestration coordinates or integrates several services and exposes them as a

single service.

Important: Support for importing and exporting apps is available for identity services, such as

Kony SAP, KonyCustom Identity, Salesforce, and Facebook.

4.3.2 Use Cases

You use exporting and importing apps based on the following scenarios:



l Tomove an app from one workspace (Kony account) to another workspace of MobileFabric

installation. For example, a user completes the development of an app in a developer

environment and later wants tomove the app to a system integration testing (SIT) or user

acceptance testing (UAT) workspace. A user exports an app from a developer environment and

then imports the app into another workspace of MobileFabric installation. The user thenmoves

the app to a production workspace.

l Tomerge changesmade to an app in the repository (also known as check-in or commit) with the

changes you have on your machine, such asGIT source control management system.

For example, a user exports an app fromMobileFabric portal andmerges the services of the

app to the GIT repository.

Important: Tomerge configuration changesmade to an existing app to a source control

system (for example, GIT), youmust export an updated app with the same details as the

earlier version of the app in the source control system.

4.3.3 How to Export an App

When an app is exported from aworkspace, the exported app is saved with the same name of the app

- for example, ExportApp.zip. An exported .zip file has an app's configured services information,

such as icon files, certificates, .XML files, andmeta files.

Note: You cannot import an exported app after youmodify the structure in the exported app.

Support for importing an edited .zip (exported app) file is not available. If you try to import an edited

.zip file, the systemmay fail to import the app successfully.

An exported .zip file should have the correct folder structure. An exported .zip file should have

correct references inmeta files. For more details about the folder structure of an exported app,

refer to the Folder Structure of an Exported App section.



Important: Before exporting an app, do not unlink identity services that are referenced in the

integration services of the app.

If you unlink a referenced identity service in the Identity tab and try to export an app, the system

fails to export that app.

Important: Before exporting an app, do not unlink integration services that are referenced in the

orchestration services of the app. If you unlink a referenced integration service and try to export an

app, the system fails to export that app.

To export an app from a workspace (Kony account), follow these steps:

1. FromMobileFabric Console, click Apps. The Applications page appears.

2. In the Applications page, hover your cursor over the App menu button of one of the apps in the

list. Click Export.

The system saves the app as .zip file in your browser's default download

location.



Note: You can also export an App via API. For more details, refer to Continuous Integration -

Export an app via API

4.3.4 How to Import an App as a New App

With importing an app as a new app, you can create new apps quickly by reusing configurations from

existing apps. You save time because thismethod reduces the number of steps needed to re-create

an app. After you import an app as a new app, you canmodify configurations in the app as required.

After an app is exported, you can import it as a new app or overwrite an existing app across various

MobileFabric Consoles. When you import an app as a new app, the system imports the app into the

console. The imported app includes all data from the original app and the name of the app. The

imported app is listed in the Applications page.

To import an app as a new app, follow these steps:


2. In the Applications page, click the IMPORT button.

The Import App dialog appears.



3. In the Import App dialog, click Browse to display theMicrosoft WindowsOpen dialog.

4. In the Open dialog, locate your exported app (for example, ExportApp.zip file), and select

it. ClickOpen.

In the Import App dialog, the selected file is added under Import Options > App Name. To



remove the selected file, click the Remove button.

5. Under the Import Options, choose one of the options.

l Click Import as new to import the app as new. Click IMPORT. The app is imported as a

new app.

While importing an app as Import as new, if the existing app inMobileFabric Console has

the same name as the importing app, the system throws an error, shown below:



l ClickOverwrite existing app to overwrite an existing app.

If you choose theOverwrite existing app, the Select App list appears. Click the Select

App list, and select one of the existing apps from the list. Click IMPORT.

The system overwrites the existing app with the data in the .zip file.



Important: While overwriting an app, if the app names are same, the new data will

override the existing data.

Based on various services configured in an existing app, the system overwrites the

existing data from a .zip file. Consider the following examples:

l While overwriting an app, if a provider in that Kony account exists with the

importing identity provider name, the system fails to import the .zip file.

l While overwriting an app, if the existing app has identity, integration, and

orchestration services, these serviceswill be unlinked from the existing app.



l While overwriting an app, if the names of the existing app's integration and

orchestration services are the same as those in the .zip file, these serviceswill be

updated.

l While overwriting an app, all non-shared services (synchronization and

messaging) are overwritten into the existing app. The existing app will only contain

new data. You cannot retrieve old data in the existing app.

Note: You can also import an App via API. For more details, refer to Continuous

Integration - Import an app via API

4.3.5 How to Import an App to an Existing App

You can update an existing app's configurationswith the latest configurationsmade in another app in

different workspace. You can reuse the updated configurations from other apps to save time and

development cost.

After an app is exported, you can import the app to an existing app inMobileFabric Console.

While importing an app to an existing app, if the app names are same, the system overrides the

existing data with new data in the imported .zip file. The app namewill not be changed.

If the app names are different and you try to import an app, the existing app and data will be

overwritten with new app name and information in the .zip file.

To import an app to an existing app, follow these steps:


2. In the Applications page, hover your cursor over the Appmenu button of one of the apps from

the list. The App menu appears.



3. Click Import. The Import App dialog appears.



4. In the Import App dialog, click Browse to displayMicrosoft WindowsOpen dialog.

5. In the Open dialog, locate your exported app (for example, ExportApp.zip file), and select

it. ClickOpen.

In the Import App dialog, the selected file is added. To remove the selected file, click the

Remove button.

6. Click IMPORT to import the app. The existing app is updated with the data in the imported .zip.



Note: You can also import an App via API. For more details, refer to Continuous Integration -

Import an app via API

4.3.6 Folder Structure of an Exported App

The folder structure of an exported an app (a .zip file) has folders, files, and certificates configured for

that app. Do not make any changes to the folder structure outsideMobileFabric Console. If youmake

changes to the folder structure of an app, the systemmay throw an error while importing that app. The

following section explains the hierarchical directory tree of an exported app:

//Folder structure of an exported app

/Apps

/App1

Meta.json

Icon file

/_Messaging

Meta.json

AppleCert1.p12

AppleCert2.p12

AppleCert3.p12

AppleCert4.p12

/_Sync

Meta.json

/SyncScope1

Meta.json

Syncobject1.xml

Syncobject2.xml

/App2

/_Identity

/Identity1



Meta.json

Metadata1.xml

/_Integration

/Service1

/Endpoints

Endpoint1.xml

/Operations

Operation1.xml

Operation2.xml

WSDLFile

/_Orchestration

/Orch1

Operation1.xml

Operation2.xml

/_JARs

Jar1.jar

Jar1.meta

The logical flow of an exported app folder structure has four levels of folders. The primary, or root, level

is the Apps folder, which contains all sublevel folders including files andmetadata. The following table

explains hierarchical levels of an exported app folder structure:

Root Second Level Third Level Fourth Level

Apps




/App1

l Meta.json

l Icon file

/_Messaging

l Meta.json

l AppleCert1.p12

/_Sync

l Meta.json

/SyncScope1

l Meta.json

l Syncobject1.xml

/_Identity

/Identity1

l Meta.json

l Metadata1.xml

/_Integration

/Service1

/Endpoints

l Endpoint1.xml




/Operations

l Operation1.xml

WSDLFile

/_Orchestration

/Orch1

l Operation1.xml

/_JARs

l Jar1.jar

l Jar1.meta

4.3.6.1 Apps Section

The root level (for example, App1) section has details of the appsmeta file, icon file, messaging (meta

file and certificates), and sync (meta file and objects). While exporting an app, an .zip file is

saved with the root app name. You can rename an exported .zip file, if required.

//Sample data in apps (root) section of an exported app folder

structure

/App1

Meta.json

Icon file

/_Messaging

Meta.json

AppleCert1.p12

AppleCert2.p12



/_Sync

Meta.json

/SyncScope1

Meta.json

Syncobject1.xml

Syncobject2.xml

App Meta File

The appsmeta (meta.jason) file has configuration (shared and non-shared) details of an app, such as

icon file, identity services, integration services, and orchestration services, shown below:

//Sample data in the app meta file of an exported app folder

structure

{

"Icon": "Iconfile",

"description": "description",

"Identity": [--> referencing identity providers

"Identity1","Identity2"

],

"Integration": [

"Service1","Service2", referencing integration services

],

"Orchestration": [

"Orch1","Orch2", referencing orchestration services

],

}

App Icon File

The icon file is an image file for an app.



Messaging Section

Themessaging section has referenced (non-shared) messaging services configured for an app, such

asmeta file and certificates configured for messaging services.

//Sample data in the messaging section of an exported app folder

structure

/_Messaging

Meta.json

AppleCert1.p12

AppleCert2.p12

AppleCert3.p12

AppleCert4.p12

Messaging Meta file

Themessagingmeta file contains information about configurations, such as ID, password, certificates,

and push URL for messaging services for different platforms (Android, iPad, iPhone, BlackBerry,

Windows 7, andWindows 8).

Important: The configuration details, ID, password and push URL are not encrypted in themeta

file.

//Sample data in the messaging meta file of an exported app folder

structure

{

"appleProdmode" : true/false,

"iphonecertprod" : {

"certName" : "AppleCert1.p12",

"passwd" : "",

},



"iphonecertdev" : {


"passwd" : "",

},

"ipadcertprod" : {


"passwd" : "",

},

"ipadcertdev" : {


"passwd" : "",

},

"Android": {

"Key": "",

},

"Blackberry": {

"id": "",

"passwd": "",

"pushurl": "",

},

"Windows": {

"id": "",

"passwd": "",

"windows7": true/false,

"windows8": true/false,

},

}

Synchronization Section

The synchronization section has the referenced (non-shared) SyncScopes configured for an app. A

syncobject.xml file includes Sync objects of an app, such as attributes, target and source

relationships, client-side filters, and life-cycle methods.



The following is the folder structure of a synchronization service:

//Sample data in the synchronization section of an exported app

folder structure

/_Sync

Meta.json

/SyncScope1 --> SyncScope1 is the name of the SyncScope

Meta.json

Syncobject1.xml

Syncobject2.xml

SyncConfig Meta file (/_Sync/Meta.json)

The SyncConfig meta file has information about database types.

Note: MobileFabric 6.0.2 supports onlyMySQL database.

//Sample data in the SyncConfig meta file of an exported app folder

structure

{

"PersistentDBType": "MYSQL/Oracle/MYSQL Server",

}

SyncScope Meta File (/_Sync//Meta.json)

The SyncScopemeta file has information about SyncScope configuration parameters specific to Sync

(such asChangeTrackingPolicy, ConflictPolicy, namespace, and strategy). The SyncScopemeta file

refers to an integration service and Sync interceptor jar.

The following is themeta file structure of a SyncScope service:



//Sample data in the SyncScope meta file of an exported app folder

structure

[

"SyncScope1": {--> Sync scope name

"Strategy": "",

"NameSpace": "",

"ChangeTrackingPolicyType": "",

"SoftDeleteFlag": "",

"LastUpdateTimeStamp": "",

"ConflictPolicyType": "",

"DataSource": "Service1", --> Referencing integration service

"SyncJar": "Jar1", --> referencing Sync interceptor jar

"className": "sample", --> Class name used in case of custom

Sync

},

]

4.3.6.2 Identity Section

The identity section has the referenced (shared) identity services configured for an app.

The following is the folder structure of an identity service:

//Sample data in the identity section of an exported app folder

structure

/Identity

/Identity1 --> Identity1 is the name of the identity service

Meta.json

Metadata1.xml --> This metadata is required for identity



providers that have metadata, such as, SAML.

.

Identity meta file

The identitymeta.json file has the configuration, type andmetadata file information of the identity

service. The identitymetadata is required only for SAML identity services.

The following is themeta file structure of an identity service:

//Sample data in the identity meta file of an exported app folder

structure

{

"name": ,

"displayName": ,

"version": ,

"loginText": ,

"metaPreference": ,

"type": ,

"config": {}, --> configuration details of the identity provider

}

4.3.6.3 Integration Section

The integration section has the referenced (shared) integration services configured for an app, such

as endpoints details of a particular service type, operations details of a particular service type, and

additional attributes/elements for design time data.

The following is the folder structure of an integration service:

//Sample data in the integration section of an exported app folder

structure



/_Integration

/Service1 --> Service1 is the name of the integration service

/Endpoints --> only one endpoint per service is allowed

Endpoint1.xml

/Operations

Operation1.xml

Operation2.xml

WSDLFile

This section contains theWeb ServicesDescription Language (WSDL) file used by the soap

integration service.

Endpoints file

The endpoints file has configured endpoints including the integration type, address, and credentials.

The following is the endpoint file structure of an integration service:

//Sample data in the endpoints file of an exported app folder

structure

config1

value1



Operation file

This file contains XMLs of operations configured for an integration service.

WSDLFile

This section contains theWSDL file used by the soap integration service.

4.3.6.4 Orchestration Section

This section contains only oneoperation.xml file. The orchestration section has the referenced

(shared) orchestration services configured for an app.

The following is the folder structure of an orchestration service:

//Sample data in the orchestration section of an exported app folder

structure

/_Orchestration

/Orch1 --> Orch1 is the name of the orchestration service

Operation1.xml --> looping or concurrent operation

Operation file

An operation file of an orchestration service has looping or composite operation configured for an

orchestration service.

4.3.6.5 Custom Code JARs Section

This section has the referenced (shared) custom code JAR files configured for an app.

The following is the folder structure of custom code JARs:

//Sample data in the custom code JARs section of an exported app

folder structure



/_JARs

Jar1.jar --> The JAR file

Jar1.meta.json --> Meta for the JAR file contains

information about dependent jars.

Jar2.jar

Jar2.meta.json

4.3.6.6 JAR Meta File

This file containsmetadata of the JAR file.

The following is the structure of a JAR meta file:

//Sample data in the JAR meta file of an exported app folder

structure

{

"dependent_jars": [ --> JARs files that depend on other JAR

files.

"jar1.jar","jar2.jar"

]

}

4.4 Identity

Identity is a service that validates the authentication of the users before accessing your application.

KonyMobileFabric allows various types of validations that include:

l Microsoft Active Directory

l Salesforce

l SAML



l Kony SAP Gateway

l KonyCustom Identity Service

l Facebook

l KonyUser Repository

You can setup an identity service based on the type of the users who are allowed to access your

application. To restrict access to your company's internal audience, useMicrosoft Active Directory

authentication. To allow access to your application to a larger audience, you can use Salesforce,

SAML, Facebook, or KonyUser Repository authentication.

Note: Setting up an identity service is optional. Youmay choose not to implement any

authentication services for your application.

4.4.1 Microsoft Active Directory

You can enableMicrosoft Active Directory authentication for your application so that only those users

listed in Active Directory can access your application.

Note: NTLM authentication is not supported for Microsoft Active Directory identity service.

From the Identity page, configure Active Directory service by using one of thesemethods:

l Configuring a new Active Directory Service

l Using an existing Active Directory Service

4.4.1.1 Configuring a New Active Directory Service

The process of configuring your Active Directory service depends on the authenticationmode.

MobileFabric supports the following authenticationmodes:

l Security AssertionMarkup Language (SAML) - It is an XML based open standard data format

for exchanging authentication and authorization data between parties, in particular, between an



identity provider and a service provider.

l Lightweight Directory Access Protocol (LDAP/LDAPS) - It is an open source application

protocol that is commonly used for Single sign-on (SSO) where one user's password is shared

among various apps. The following LDAP protocols are supported:

o LDAPWithout SSL - Your credentials are not encrypted before sending them for

authentication.

o LDAPS(With SSL) - Your credentials are encrypted before sending them for

authentication.

SAML

To create an Active Directory service using SAML authentication mode, follow these steps:

1. From the console's left pane, click Apps. In the Applications page that appears, click Custom

Apps.

In the Configure tab, a new app is added, and you are directed to the Identity page of the new

app.

2. On the Identity tab, click Add New Identity Services > Configure new.

A new identity service is added.



3. In the Enter Service Name text box, type a name for the service.

4. From the Type of Identity list, select Microsoft Active Directory.



5. From the AuthMode list, select SAML.



6. Downloadmetadata from your identity provider from the following link:

How to downloadmetadata fromActive Directory Federation Service (ADFS)

7. From theMetadata Mode, select an option to uploadmetadata.

l If you clickMetadata File, the system displaysMetadata File option. Click Browse to

navigate to your identity provider metadata file that you downloaded, and then click

Open. The system uploads your metadata file - for example, idpmetadata.xml.

l If you clickMetadata URL, the system displaysMetadata URL text box. Enter the URL

for themetadata.

8. Under the Choose Assertion Consumer Service Binding, by default, this field is set to the

Artifact Binding. Choose one of the following options:


http://blogs.technet.com/b/rmilne/archive/2014/04/28/how-to-install-adfs-2012-r2-for-office-365.aspx


l Artifact Binding to transmit SAML request and responsemessages in a single protocol

using two different bindings.

l Post Binding - to transmit SAML protocolmessageswithin the encoded content of an

HTML form control.

9. In theMapping of IDP SAML attributes (Optional), provide the information if required. This

information is used for fetching profile or other information and to retrieve user information from

an identity provider while logging in through SAML protocol.

10. Click Save to create your identity provider and generate the service provider'smetadata. The

system adds a button, Download Kony SP Metadata, for the newly created identity provider,

shown below.

11. Hover your cursor over the required service from the list, click the Settings button, and then click

Download Kony SP Metadata, shown above. The system downloads themetadata file

generated by your authentication service (service provider) into your local system. For example,

spmetadata.xml.

12. Upload service provider'smetadata to your identity provider (ADFS). For more details, refer to

How to Upload Service Provider'sMetadata to ADFS.



13. Once you uploaded your service providersmetadata, now, in your KonyMobileFabric console,

publish your app.

14. In the Publish tab, navigate to your published app, and use the app key and app secret of your

app to build the app.

15. Build your app by using KonyMobileFabric SDKs, and deploy the app to a device.

16. From the device, log in to your app by using the SAML identity provider that you configured.

Once you are authenticated successfully, the system retrieves the profile information from the

identity provider. The profile information depends onmapped attributes. If no attributes are

mapped, Kony service provider shows an empty profile.

How to Upload Service Provider's Metadata to Active Directory Federation Service (ADFS)

To upload your service provider's metadata to ADFS, follow these steps:

1. Log in to your IDP Active Directory Federation Services 2.0 (AD FS).

Note: If your ADFS is configured on a system different from the current system, you need

to copy themetadata file to your AD FS system.

2. In the left pane, navigate to AD FS > Trust Relationships > Relying Party Trusts.

3. From the Actions pane, click the Add Relying Party Trust. The Add Relying Party Trust

Wizard appears.



4. Click Start.

5. In the Select Data Source, select the Import data about the relying party from a file option.

Click Browse to locate themetadata file that you just downloaded - for example,

spmetadata.xml.



6. Click Next. The followingmessage window appears.

7. ClickOK to close themessage window and to proceed.



8. In the Specify Display Name, enter the name, and click Next.

9. Select the Permit all users to access this relying party if that option is not already selected,

and click Next.



10. In the Ready to Add Trust, under theMonitoring tab, leave the fields as they are, and then click

Next.



11. In the Finish, click Close.

The Edit Claim Rules dialog appears. You need to configure the claims that you want to return

by AD FS.



12. Click Add Rule. The Add Transform Claim Rule Wizard dialog appears.

13. From the Claim rule template list, select the Send LDAP Attributes as Claims, and then click

Next.



14. In the Choose Rule Type, enter the following details:

a. In the Claim rule name text box, enter the name for the rule.

b. From the Attribute store list, select Active Directory.

c. In theMapping of LDAP attributes to outgoing claim types, youmust map at least one

attribute to the Name ID as SAML validates the Name ID attribute. If the Name ID is not

mapped, the system throws an exception. The Name ID should not be empty - for

example, User-Principal-Name to Name ID.

Other mappings are optional - for example, Given-Name, Surname.



d. Click Finish. The system creates the rule and displays the Edit Claim Rules dialog.

15. Click Apply, and then clickOK. The identity provider is configured, and the system displays the

IDP AD FS dialog.

LDAP/LDAPS

To create Active Directory service using LDAP/LDAPS authentication mode, follow these steps:


2. In the Enter Service Name text box, Type a unique name for the service.

3. From the Type of Identity list, select Microsoft Active Directory.



4. From the AuthMode list, select LDAP/LDAPS.

5. Under Configure Active Directory, provide the following details:

a. In the Domain Name text field, enter a name.

b. In the Ldap URL field, enter the fully qualified ldap URL for example:ldap://myldapserver.com:389

c. In the Root Domain field, enter the distinguished root domain name. example:dc=mycompany,dc=com



d. In the Root Domain Scope field, enter the scope under which it needs to search for

users. For example: dc=mycompany, dc=com, or OU=users.

If the root domain scope is not defined, the Root Domain Scope field will be defaulted to

root domain. If root domain scope is defined, only scope is considered, and root domain is

ignored.

Note: Base DN for LDAP search. If unspecified, it will default to Root Domain.

e. In the Login Attribute, select the appropriate identifier from the drop-down list.

f. In the Federation ID, select the appropriate identifier from the drop-down list.

6. After entering the above details, click SAVE to save the service. They system displays the

Identity page. The new identity service is created for your app.

4.4.1.2 Using Existing Active Directory Service

To use an existing service, follow these steps:

1. On the Identity tab, click Add New Identity Services > Use Existing.

2. In the Existing Services page, hover your cursor over the required Active Directory service

from the list, click the Settings button, and then click Select.

The service is added and is available in the Identity page of your app.



Note: Existing Services contain a list of services created within the same parent account.

4.4.2 Salesforce

MobileFabric allows your users to authenticate using Salesforce credentials.

Note: NTLM authentication is not supported for Salesforce identity service.

To configure Salesforce authentication, follow one of these methods:

l Configuring a New Salesforce service

l Using an Existing Salesforce Service

4.4.2.1 Configuring a New Salesforce Service

The process of configuring your Salesforce service depends on the authenticationmode. MobileFabric

supports the following authenticationmodes:

l OAuth2.0: In thismode, a user is directed to a secure login page of Salesforce portal. After

validating the credentials, the user is directed toMobileFabric page with an authorization code.

l Username and Password: In thismode, users provide the Salesforce credentials. MobileFabric,

in turn, communicates these details to Salesforce. On successful authorization, Salesforce

authorizesMobileFabric to allow the users access the application.

Note: For basic authentication on an untrusted network, Salesforce requires you to type the

password followed by the security token in the Password box. For example, if your

password is "password" and your security token is "xxxx," then the password submitted to

Salesforce is "passwordxxxx." This type of authentication helps in ensuring that the integrity



of your credentials is not compromised.

If you forget your security token, you can reset it by following the stepsmentioned in the link:

https://help.salesforce.com/HTViewHelpDoc?id=user_security_token.htm&language=en_

US

OAuth 2.0

To create a Salesforce service using OAuth 2.0 authentication mode, follow these steps:

1. From the console's left pane, click Apps. Click Custom Apps.


app.



https://help.salesforce.com/HTViewHelpDoc?id=user_security_token.htm&language=en_UShttps://help.salesforce.com/HTViewHelpDoc?id=user_security_token.htm&language=en_US



3. Type a unique name for the service.

4. From the Type of Identity list, select Salesforce.



5. From the AuthMode list, select OAuth (Recommended).

Note: Salesforce URL and Callback URL are pre-populated. In your Salesforce

connected app, you need to type this CallbackURL.



6. In the SalesForce Client ID box, type the client IDprovided by Salesforce after you have

registered your application.

7. In the Sales Force Client Secret box, type the client secret provided by Salesforce after you

have registered your application.

8. Click Save.

Username/Password

To create a Salesforce service using Username/Password auth mode, follow these steps:

1. On the Identity tab, click Add New Identity Services > Configure New.

2. Type a unique name for the service.

3. From the Type of Identity list, select Salesforce.



4. From the AuthMode list, select Username/Password.

Note: Salesforce URL and Callback URL are pre-populated. In your Salesforce

connected app, you need to type this CallbackURL.



5. In the SalesForce Client ID box, type the client IDthat is provided by Salesforce after you have

registered your application.

6. In the Sales Force Client Secret box, type the client secret that is provided by Salesforce after

you have registered your application.

7. Click Save.

4.4.2.2 Configuring an Existing Salesforce Service


1. On the Identity tab, click Add New Identity Services > Use Existing to open the Existing

Service page.

2. Select the required Salesforce service from the list of available services- for example, shown

below:


Note: Existing Services contain a list of services created within the same parent account.

4.4.3 SAML

Security Assertion Markup Language (SAML) is an XML-based open standard data format for

exchanging authentication and authorization data between parties, such as an identity provider and a

service provider. SAML defines three roles:



l Service provider (resource server) provides you the information.

l Client (web browser/user) interacts with the resource server, like a web app being served

through a web browser.

l Identity provider (IdP) (authorization server) owns the user identities and credentials, and

authenticates a user.

SAML allows single sign-on (SSO) with web browsers or other clients. With SSO, a user logs in once

with a name and password, and accessesmultiple resources.

When a user logs into an application (mobile app or web app), the service provider issues an

authentication request to a SAML identity provider through the user agent (usually a web browser.)

Once the user logs in (as part of SAML identity provider log-in), the IdP generates a SAML token that

includes assertions about the user (such as user name, email, or other authorization information). The

service provider verifies the SAML token (identity provider of the user information), and provides

access to its services or resources.When the process completes, the user can interact with the

application/web resources.

Note: NTLM authentication is not supported for SAML identity service.

4.4.3.1 Prerequisites

To enable SAML ADFS login, follow these steps:

1. From http://www.oracle.com/technetwork/java/UnlimitedJCEPolicy, downland JCE files for

your Java version.


http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html


TheUnlimitedJCEPolicyJDK7.zip (unlimited strength) contains the following files:

l local_policy.jar

l US_export_policy.jar

l README.txt

2. In your MobileFabric install folder, go to theUSERINSTALLDIR/jre/lib/security

folder. Replace the policy files with the unlimited strength policy files (local_policy.jar and US_

export_policy.jar) that you downloaded from theOracle website.

3. Restart MobileFabric server.

The following sections tell you how to configure and use an SAML service:

l Configuring a new SAMLservice

l Using an existing SAML service



4.4.3.2 Configuring a New SAML Service

To create a SAML service, follow these steps:



app.






4. From the Type of Identity list, select SAML.

5. Downloadmetadata from your identity provider from the following links:

l How to downloadmetadata fromSalesforce


https://help.salesforce.com/apex/HTViewHelpDoc?id=identity_provider_enable.htm&language=th


6. From theMetadata Mode, select an option to uploadmetadata.

l If you clickMetadata File, the system displaysMetadata File option. Click Browse to

navigate to your identity provider metadata file that you downloaded, and then click

Open. The system uploads your metadata file - for example, idpmetadata.xml.

l If you clickMetadata URL, the system displaysMetadata URL text box. Enter the URL

for themetadata.

7. Under the Choose Assertion Consumer Service Binding, by default, this field is set to the

Artifact Binding. Choose one of the following options:

l Artifact Binding to transmit SAML request and responsemessages in a single protocol

using two different bindings.

l Post Binding - to transmit SAML protocolmessageswithin the encoded content of an

HTML form control.



8. In theMapping of IDP SAML attributes (Optional), provide the information if required. This

information is used for fetching profile or other information and to retrieve user information from

an identity provider while logging in through SAML protocol.

9. Click Save to create your identity provider and generate the service provider'smetadata. The

system adds a button, Download Kony SP Metadata, for the newly created identity provider,

shown below.


Download Kony SP Metadata, shown above. The system downloads themetadata file

generated by your authentication service (service provider) into your local system. For example,

spmetadata.xml.

11. Upload service provider'smetadata to your identity provider (Salesforce). For more details,

refer to How to Upload Service Provider'sMetadata to Salesforce.

12. Once you uploaded your service providersmetadata, now, in your KonyMobileFabric console,

publish your app.

13. In the Publish tab, navigate to your published app, and use the app key and app secret of your

app to build the app.



14. Build your app by using KonyMobileFabric SDKs, and deploy the app to a device.

15. From the device, log in to your app by using the SAML identity provider that you configured.

Once you are authenticated successfully, the system retrieves the profile information from the

identity provider. The profile information depends onmapped attributes. If no attributes are

mapped, Kony service provider shows an empty profile.

How to Upload a Service Provider's Metadata to Salesforce

To upload your service provider's metadata to Salesforce, follow these steps:

1. Log in to your salesforce account and create a connected application. For more details about

creating a connected app, refer to

https://help.salesforce.com/apex/HTViewHelpDoc?id=connected_app_

create.htm&language=en_US.

2. Once you create a connected application, in theWeb App Settings section, select the Enable

SAML check box to enable your connected app for SAML service provider.

3. From your service provider metadata file you downloaded at Step 4 in the Configuring a New

SAMLService section, do the following:

l copy the value of the entityID. For example: kony:100000001:providername

l copy the value of the AssertionConsumerService URL. For example:

https://100000001.auth.konycloud.com/saml/SSO/alias/kony:100000001:providername

?provider=providername

4. In theWeb App Settings section, do the following:


https://help.salesforce.com/apex/HTViewHelpDoc?id=connected_app_create.htm&language=en_UShttps://help.salesforce.com/apex/HTViewHelpDoc?id=connected_app_create.htm&language=en_US


a. In the Entity Id text box, paste the value that you copied for entityID in Step 3 in this

section.

b. In the ACS URL text box, paste the value that you copied for

AssertionConsumerService URL in Step 3 in this section.

5. Click Save to save your settings for SAML. The connected app is created.

Important: While logging on by using the SAML provider, ensure that you have required

permission set to access the connected app.

4.4.3.3 How to Use an Existing SAML Service



Services page.


Select.




Note: The Existing Services page contains a list of services created within the same parent

account.

4.4.4 Kony SAP Gateway

You can enable Kony SAP Gateway authentication for your application so that only those users

registered with an external SAP services can access these services in the application.

The following sections tell you how to configure and use a Kony SAPGateway service:

l How to Configure a New Kony SAPGateway

l How to Use an Existing Kony SAPGateway Identity Service

4.4.4.1 How to Configure a New Kony SAPGateway

To configure a Kony SAPGateway, follow these steps:



app.



4. In the Name text box, enter a unique name for the service.

5. From the Type of Identity list, select Kony SAPGateway.

6. In the Gateway address, enter connect.kony.com.

7. In the Port text box, enter a valid port between 1 to 65535.

8. In the Header parameter name prefix * text box, enter KonySAP.

9. Under User ID and Password, provide valid credentials that you created while registering with

Kony SAP services.

10. In the Default Caller ID, provide the ID that Kony SAPGateway uses for logging and auditing.



11. In the Default Caller Group, provide the ID that Kony SAPGateway uses for logging and

auditing. This information is optional.

12. Click Save. The identity provider is configured.

4.4.4.2 How to Use an Existing Kony SAPGateway Identity Service

To use an existing Kony SAPIdentity Service, follow these steps:


Services page.

2. Hover over a service, and click the Settings button, and then click Select.


Note: The Existing Services page contains a list of services created within the same parent

account.

4.4.5 Kony Custom Identity Service

KonyMobileFabric identity service supports federating authentication and authorization with external

identity services over standard protocols.

Federated Identity: An electronic identity that maps attributes of a person acrossmultiple identity

services.



To authenticate users before accessing KonyMobileFabric services, KonyMobileFabric supports

various types of identity services, such asMicrosoft Active Directory, Salesforce, SAML, SAP, Kony

SAP Gateway and KonyUser Repository. Each of these identity services agrees on a specific input

and output format for authentication. The input and output formats differ based on back-end providers.

With KonyMobileFabric's custom authentication, a user can log in to any back-end provider's custom

protocols by providing any parameters that the back-end provider supports, such as a userid and

password, or a secret key.

Important: Custom identity service APIs should support application/ x-www-form-urlenc