How does AuraPlayer handle security? Follow
Security On premise:
Usually, AuraPlayer is installed on premise on the Oracle Forms server itself if you have Forms 11g or on Tomcat / Weblogic if you have Forms 10g. Then we inherit out of the box all the weblogic / Tomcat security features including advanced security such as SAML. The mobile app can then connect to the Webservice either through a mobile backend cloud Service of Oracle or directly over HTTPS connection directly to the on premise service. Many organizations place AuraPlayer in a DMZ for added security and either open the app over VPN to the Webservices or open the URL and connect using via HTTPS to the Webservices directly.
We support all security protocols that weblogic supports. Once you set the security on weblogic our entire application inherits it.
We have service level security implemented on our server itself. So basic authentication can be set on a specific service or on all the services. This " authentication" support. You can configure it per web service or for all the services. When a service is configured to use basic authentication, they have to add username/password to the webservice request. The username/password are configured in weblogic, or can be configured in our application (we have an API). We can also use all the security/authentication that are configured in weblogic.
Sign-on authentication to Forms:
Whatever application calls our web services MUST supply the username/password of the Forms system, otherwise, the webservice will return an ORA error that it can not connect or access the system in the DB - so that's another layer of security.
Security related protocols:
Https is the traffic protocol between the app and the AuraPlayer Webservice. Then between the AuraPlayer Webservice and the Oracle Forms session the communication is in encrypted forms protocols. This can only be interpreted by AuraPlayer’s patent pending technology.