Configuring your Mobile App and Mobile Service in OpenShift


Registering a Mobile App

After provisioning Mobile Developer Console, the next step is to register the Mobile App that you are going to develop.


To create a Mobile App:

  1. Log into the OpenShift console.

  2. Choose project where you have previously deployed Mobile Developer Console.

  3. Open Mobile Developer Console by clicking on its route in the Overview screen.

  4. Log into the Mobile Developer Console.

  5. Click on Create Mobile App button.

  6. Enter a name for your Mobile App.

  7. Click Create button.

Provisioning your First Service

Mobile Services provide commonly required features for mobile app development.

This section introduces the procedures for using Mobile Services by guiding you through the process using the Identity Management service. For a full list of available services, see Mobile Services

To provision the Identity Management mobile service:

  1. Log into the OpenShift console.

  2. Choose a project where you have previously provisioned Mobile Developer Console.

  3. Select Catalog from the left hand menu.

    You can filter the catalog items to only show mobile specific items by selecting the Mobile tab.

  4. Choose the Identity Management service.

  5. Follow the wizard for provisioning that service.

    If prompted to Create a Binding, choose Do not bind at this time.
When completing the Identity Management provisioning wizard, you are prompted to enter configuration data. For the purposes of this guide, keep the default values. For more information about the Identity Management provisioning wizard fields, see Identity Management Configuration.

Once the wizard steps are completed, navigate to the Project Overview in OpenShift to see the newly provisioned service. Provisioning a service may take some time.

Additional resources

Identity Management Configuration

  • Keycloak admin username: Username for Keycloak administration

  • Keycloak admin password: Password for the Keycloak admin user

  • Name of the Keycloak realm: Name of the keycloak realm. (defaults to current namespace)

A realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control.
  • Connect to an existing shared service: Select if you want to use an existing service and you have the URL and credentials to use that service.

  • URL of the shared service: Enter a value if you want to use an existing shared service.

Binding a Mobile App with the Identity Management Service

To use mobile services, you must represent your mobile app in Mobile Developer Console, and that app must be associated with the mobile service. This association is called binding and it is necessary for your mobile app to use that service.

To bind a Mobile App with a mobile service:

  1. Launch Mobile Developer Console

  2. Click on the Mobile App on the Overview screen

  3. Navigate to Mobile Services tab.

    mobile clients services all unbound
    It is possible to bind a Mobile App with a mobile service in the OpenShift console, however such bindings are not valid for the purposes of this procedure.
  4. Press Bind to App in the Identity Management

  5. Fill out the binding parameters required by the Identity Management Service.

    mobile clients services idm parameters
    Use Public when binding a Mobile App to a Identity Management. When binding mobile services to each other, use Bearer.

The Identity Management service will now be expandable, details about the service can be viewed.

mobile clients services all idm provisioned

Configuring the Service

The following section will guide you through configuring the schema of the redirect url and web origin for a client in Keycloak. This is required to enable OpenID authentication. For an explanation of these terms, see Keycloak Documentation.

Choose the schema of a redirect url

  • Android

  • iOS

  • Cordova

  • Xamarin

It is recommended to use the package name of the Android app as the schema of the redirect url to avoid conflicts. (e.g. com.aerogear.androidshowcase)

It is recommended to use the Bundle Identifier of the iOS app as the schema of the redirect url. (e.g. org.aerogear.ios-showcase-template)

Redirect url is http://localhost/*, without :/callback. Web Origin is http://localhost/*.

Depending on the platform, set the redirect as described in either the Android or the iOS tab.

Configuring Keycloak

  1. Log into the OpenShift console and navigate to the Project Overview.

  2. Navigate to the Mobile App screen.

  3. Select the Mobile Services tab.

  4. If a binding to the Identity Management service is in progress, a spinning icon is displayed to the right of the Identity Management entry. Wait for the binding process to complete.

  5. If the Keycloak Realm URL URL is not visible, expand the Identity Management Service by clicking the > icon.

  6. Click on the Keycloak Realm URL link to open the Keycloak Administration Console.

  7. Log in to the Administration console using the credentials you specified when Provisioning the service (defaults to admin:admin).

  8. Select Clients from the left navigation menu.

  9. Select your client from the list of clients. The name of your client is derived from the name of the Mobile App, the name of the mobile development platform and the client type, for example myapp-android-public.

  10. Add <schema>:/callback as an additional entry to Valid Redirect URIs. See Choose the schema of a redirect url to determine the value for <schema>.

  11. Add <schema> as an additional entry to Web Origins. See Choose the schema of a redirect url to determine the value for <schema>.

  12. Save your changes.

  13. Create a new user account as described in Creating a New User.

  14. Set up credentials for the new user as described in User Credentials.