JustWare has a mobile application that allows active JustWare users the ability to access and perform basic case actions from a mobile device. The JustWare Mobile product is an HTML5 web app, meaning it can be accessed from any mobile device with a modern web browser.
The diagram below demonstrates the recommended set up for installing JustWare Mobile.
|
|
If you don't already have MSDTC (Microsoft Distributed Transaction Coordinator) setup on your DMZ, this must be done in order for JustWare Mobile to work correctly. For some information on MSDTC see http://technet.microsoft.com/en-us/library/dd337629(v=WS.10).aspx and for instructions on how to install your MSDTC see http://support.microsoft.com/kb/301600. |
In order to use JustWare Mobile, there are some specific users that need to be created and those users need specific rights and permissions. The following users are needed to run JustWare Mobile and need to be created before you install JustWare Mobile as these users are used in the installation process:
| User | Permissions |
|---|---|
| API User |
This user needs View, Insert and Update access to the JustWare Database. This user's credentials will be used when using JustWare Mobile. If you already have an API user created, then you could use that one. If you do not have the JustWare API, you will still need to create this user as the JustWare Mobile has its own API. |
| JustWare Database User |
Needs to be a SQL Account with the following permissions:
|
To install JustWare Mobile you will need to run the following installers in this order:
For information on each of these installers, see below.
The Message Broker facilitates messages between components of the JustWare, API, and JustWare Mobile.
Select the Installation option desired. If this is a new install, select Install.
| Field | Description |
|---|---|
| Service Name |
This read-only field displays the service name that was specified on the previous page. |
| Install Location | Specify the file path for the service. Click on the browse button to find an existing path or create a new path. |
| Bind Address | Specify the machine's address for which you want the Message Broker bound to. Enter * to have the Message Broker bind to all available addresses. |
| Bind Port | This is the TCP Port that the Message Broker will listen on. |
Click Finish.
These services handle authentication between JustWare Mobile and JustWare.
Select the Installation option desired. If this is a new install, select Install.
Specify the location where the User Security Services will be installed.
Specify the address and port for the Message Broker that was installed previously.
| Field | Description |
|---|---|
| Address |
Enter the IP address or host name where the Message Broker was installed. |
| Port | Enter the port number that was specified in the Message Broker installer. |
Click Finish.
These services handle writing to the database through the API.
Select the Installation option desired. If this is a new install, select Install.
Specify the location where the User Security Services will be installed.
Select the Installation option desired. If this is a new install, select Install.
| Field | Description |
|---|---|
| Username | Enter the username that will be used to connect to the installed JustWare API. |
| Password | Enter the password associated with the above username. |
Enter the correct information into the following fields to create a connection between this installation and the JustWare Database. Only integrated security connections are enabled.
| Field | Description |
|---|---|
| Username | This field is disabled. |
| Password | This field is disabled. |
| Server | Engage the drop-down list to see a list of all available servers. Select the correct server that has the JustWare database. The server name can also be typed in the field. |
| Database | Select the correct database from the drop-down list. This list is filtered to show only the databases available on the server specified above. The database name can also be typed in the field. |
| Test Connection | Use this button to ensure that a connection can be made with the selected database. Complete the fields above before using the Test Connection button. |
Specify the address and port for the Message Broker that was installed previously.
| Field | Description |
|---|---|
| Address |
Enter the IP address or host name where the Message Broker was installed. |
| Port | Enter the port number that was specified in the Message Broker installer. |
Click Finish.
These services handle writing to the database through the API.
Select the Installation option desired. If this is a new install, select Install.
Specify the location where the User Security Services will be installed.
| Field | Description |
|---|---|
| Username | Enter the username that will be used to connect to the File System. |
| Password | Enter the password associated with the above username. |
Specify the address and port for the Message Broker that was installed previously.
| Field | Description |
|---|---|
| Address |
Enter the IP address or host name where the Message Broker was installed. |
| Port | Enter the port number that was specified in the Message Broker installer. |
Click Finish.
This installs the JustWare Mobile product and the JustWare Mobile API.
Select the Installation option desired. If this is a new install, select Install.
Before you begin the installation process, you must ensure that your system has the correct components. This page will automatically begin verifying the necessary components. If you system does not have all the components necessary, you must install those components on your system before continuing to ensure that JustWare Mobile functions properly.
Also on this page is a list of additional information you will need during the installation process.
Click Next to continue.
Specify the following fields to configure IIS to work in conjunction with the JustWare Mobile site:
| Field | Description |
|---|---|
| Web Site | Select the correct Web site from the list. This list is generated by the available Web sites in IIS that are located on the computer being used. |
| Virtual Directory | Type a virtual directory to be used. Ensure that the virtual directory you type is not in use by another Web site, because the installer cannot overwrite an existing virtual directory. |
| Application Pool | Select the Application Pool to be used. This list is compiled from the list of available Application Pools listed in IIS. |
| Rewrite HTTP to HTTPS |
Selecting this check box will rewrite the url to HTTPS, meaning, when someone types in HTTP the url will automatically be changed to HTTPS. In order to use HTTPS, there must be a certificate bound to the Web site specified above. To learn more about binding and creating security certificates, see the Enabling HTTPS section of this Help. Note: In order to use the Rewrite to HTTPS feature, you must have IIS Rewrite URL installed on the server. This download can be found at: http://www.iis.net/download/URLRewrite |
Enter the correct information into the following fields to create a connection between this installation and the JustWare Database:
| Field | Description |
|---|---|
| SSPI |
Select this check box to use Windows Authentication to connect to the JustWare database instead of providing a username and password. Selecting this will disable the Username and Password fields. |
| Username | Type in the username that will be used to connect to the JustWare database. |
| Password | Type in the password that will be used to connect to the JustWare database. |
| Server | Engage the drop-down list to see a list of all available servers. Select the correct server that has the JustWare database. The server name can also be typed in the field. |
| Database | Select the correct database from the drop-down list. This list is filtered to show only the databases available on the server specified above. The database name can also be typed in the field. |
| Test Connection | Use this button to ensure that a connection can be made with the selected database. Complete the fields above before using the Test Connection button. |
Specify the following fields to configure IIS to work in conjunction with the JustWare Moble API:
| Field | Description |
|---|---|
| Web Site | Select the correct Web site from the list. This list is generated by the available Web sites in IIS that are located on the computer being used. |
| Virtual Directory | Type a virtual directory to be used. Ensure that the virtual directory you type is not in use by another Web site, because the installer cannot overwrite an existing virtual directory. |
| Application Pool | Select the Application Pool to be used. This list is compiled from the list of available Application Pools listed in IIS. |
| Rewrite HTTP to HTTPS |
Selecting this check box will rewrite the url to HTTPS, meaning, when someone types in HTTP the url will automatically be changed to HTTPS. In order to use HTTPS, there must be a certificate bound to the Web site specified above. To learn more about binding and creating security certificates, see the Enabling HTTPS section of this Help. Note: In order to use the Rewrite to HTTPS feature, you must have IIS Rewrite URL installed on the server. This download can be found at: http://www.iis.net/download/URLRewrite |
Specify the address and port for the Message Broker that was installed previously.
| Field | Description |
|---|---|
| Address |
Enter the IP address or host name where the Message Broker was installed. |
| Port | Enter the port number that was specified in the Message Broker installer. |
Click Finish.
JustWare Mobile is for use by JustWare users. Before a user can log into JustWare Mobile, they must be an active app person in JustWare with mobile privileges. To give a user mobile access, select the Mobile User checkbox in the Application Person code table.
All active app persons are granted privileges to JustWare Mobile on install. This setting can be configured by JustWare administrators in JustWare’s System Administration section. Once configured, users can visit their JustWare Mobile URL and use the same domain credentials and password they use in JustWare to log in.
Because sensitive data is stored in JustWare, we have taken steps to ensure JustWare Mobile is as secure as possible. The information in this section outlines JustWare’s security paradigm and how it keeps your data secure.
The primary means of authentication and authorization in JustWare Mobile uses JSON Web Tokens (JWT). These tokens are a compact method for the application to identify and verify incoming clients and provide correct data as requested.
The token’s contents are structured in JavaScript Object Notation (JSON) with a header declaring itself as a JWT and a JWT Claims Set consisting of multiple claims used by the application which consists of:
A unique token Globally Unique Identifier (GUID) as the JWT ID
Base64url encoding is applied to both the header and claims set. A unique signature generated from these items using an HMAC SHA-256 cryptographic hash algorithm and a private key is attached onto the end of the token for data integrity and authorization.
The tokens are for one-time-use requests to the API and have a limited lifespan of twenty minutes from when they are generated. By design, the tokens allow no storage of usernames and passwords on the client or the server beyond what is needed for validation. The private key used to generate tokens is stored only on the server and never transmitted. In the case of compromise, changing the server’s private key would generate different token signatures and effectively invalidate every existing token generated by the previous key.
More details about JWTs can be found at https://tools.ietf.org/html/draft-ietf-oauth-json-web-token.
JustWare Mobile is developed for use by named JustWare users. Before a user can log into JustWare Mobile, they must be an active application person in JustWare with mobile privileges. All active app persons are granted privileges to JustWare Mobile on install of JustWare Mobile. This setting is configurable by JustWare administrators in JustWare’s System Administration section. Once configured, users visit their JustWare Mobile URL and use the same domain credentials and password they use to login to JustWare.
When the server receives a login request, it first authorizes the received credentials through Active Directory, similar to JustWare. Then the server looks up whether that associated app person has privileges for mobile. Upon successful authorization, a new token associated with that user is generated and transmitted back to the client for use in accessing more data through the application. No additional data is stored on the server on login.
If a user is authenticated and their password is close to expiration, the user will receive a notification before proceeding. There is no mechanism for users to update their JustWare passwords through JustWare Mobile.
When the client makes a request to the API for data, such as the user’s active case list or a case’s details, the client will transmit their stored token alongside the request. The server will evaluate this token before responding. Requests to the API without a token are not possible.
The server first attempts to decode the token. The server takes its private key and generates a signature with that token’s header and claims set. That signature is compared with the one supplied with the token. A mismatch indicates that the received token has either been altered, generated with a different private key, or exposed to some other form of tampering and is rejected.
To defend against reuse, the token’s JWT ID is checked against a list of other JWT IDs used. If there is a match, that means this token has been used previously and is rejected. Otherwise, the JWT ID is recorded.
Afterward, the username inside the token is used to complete the API call for data. A new token is generated for the user with a refreshed expiration time and sent along with the data back to the client. In cases where the request is rejected for any reason, an ‘unauthorized’ response is sent back to the client without a token.