Mobile Development and OpenShift (Part 2)
Welcome to part two of a series of posts that cover AeroGear Services and how you can implement them. AeroGear Services is a new Openshift extension that helps you to provision and orchestrate your mobile applications on the backend. By the end of this post you will have provisioned the Identity Management Service on OpenShift and configured an Android Application to consume the service.
Getting Started
We will be picking up from where Part 1 ended, so if you have not complete Part 1 please do so before proceeding.
Now with OpenShift running, there is only on more tool we need to have installed in order to complete this Post and that is to have Android Studio installed. Android Studio would be one of the most popular tools for building Android Apps, there will be reference to using specific functions in Android Studio in this post, you can still follow along if you are more comfortable using a different editor or IDE.
Creating a Project
To begin you need to create a Project in OpenShift. A Project allows you to organize and manage your content in isolation from other Projects and Services in OpenShift.
To do this you simply click Create Project in the top right-hand corner, you will be presented with a dialog box, for this demo set the name as my-android-app and the display name as My Android App, feel free to use a description if you wish and then click create.
With a project created you can start provisioning services and adding them to your project.
Creating a Project
First we need to provision what type of Mobile Application you will be working with. In this case you will provision an Android App. From the catalog click Android App and follow the wizard. In the dialog box Add to Project select your Android App project which you just created, you can leave the Application Name as the default and for Package Name, you will use com.aerogear.androidshowcase which will correspond to the sample application you will be using later on. If you are working with a different Android App to the one mentioned later on set the Package Name to suit. To finish click next and then create.
Provisioning Identity Management
From the catalog select Identity Management, just like earlier you will be presented with a wizard. For this demo you can leave all the settings as default, just make sure you add Identity Management to your Android App project like before.
It is worth mentioning if you where building a Mobile Application for production leaving these settings as default would not suffice.
After you click Create the service will begin to provision. To track this progress click on your Android App project from the project list on the right hand side of the OpenShift console. Provisioning a service may take some time so while you wait you can begin to set up your Android Application.
Cloning the AeroGear Android Showcase Template
To save time, you can use the Android Showcase Template which was developed by the team at AeroGear. This application utilizes the AeroGear SDK which allows the application to consumer the services from OpenShift.
To clone the application :
$ git clone git@github.com:aerogear/android-showcase-template.gitOnce cloned you will need to checkout the community release :
$ cd android-showcase-template
$ git checkout 1.0.0With the community release checked out open the application in android studio, this may take some time as Gradle works its magic. Once the application has successfully opened in Android Studio, take some time to have a look through the code to get familiar with it.
Binding Identity Management
Back to the OpenShift Console, if you click on My Android App from your Project list on the right-hand side of the screen you will be brought to your Project Overview.
The screenshot above is a representation of the what the overview will look like by the end of this series of posts. As you can see there is a list of the services which you provisioned. What we are interested in right now is the Android myapp which you will see under the Mobile Clients heading, click on the app name myapp .
From here you can see details about your Android application, for now I will glaze over these details, but will dive in deeper later on in this series. Where you want to go is to the Mobile Services tab, click on Mobile Services and from this view you will now see Identity Management under the Unbound Services heading.
Binding is important as it is essentially a link between your mobile application and a service. It provides the details your app needs to communicate and interact with the service. Now let’s start and bind Identity Management.
Click on the Create Binding button next to Identity Management, you will be presented with a wizard where you can keep all these settings at default, click next and finally click bind and then close.
Keycloak
Keycloak allows you to add authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It’s all available out of the box. The next section will guide you through the basic configuration needed to get going. For more details checkout the Keycloak documentation.
Configuring Keycloak
Back at the Mobile Services tab you can wait till Identity Management Binds, once it completes you should see an expanded tab under Identity Management, where there will be some information and a couple of URL’s what you are interested in is the Keycloak URL, go ahead and right-click on the link and open in a new tab.
As this service has been provisioned using a self-signed certificate you will get a warning in the browser, you can ignore this warning and proceed to KeyCloak. From the KeyCloak home page click on the Administration Console. The default login credentials are:
- username :
admin - password :
admin
You are now in the Keycloak Administration Console, first order of buisness will be setting valid redirects and web origins so our Keycloak service knows where to redirect traffic too and where to accept traffic from.
To do this, click on Clients from the navigation menu, you will be presented with a list of clients from your Keycloak realm.
From the list of clients select your app which should be named myapp-android-public. Here you need to tell Keycloak what are valid Redirects and what web origins to trust. Go ahead and add com.aerogear.androidshowcase:/callback in the valid redirect and add com.aerogear.androidshowcase as a web origin.
Now keycloak will accept traffic to and from our example application, next you will need to create a user so you can log into the app, click users from the menu in the keycloak console, click add a user, go ahead and fill out the form with whatever details you wish and click save.
Next click on Credentials and let’s give our new user a password. To do this add a new password of your choice, something secure like 1234 :) toggle temporary password to off and then click Reset Password.
And that is it, you now have Keycloak running in OpenShift, with a user created and the web-origins set along with the redirect url. It is time to configure the AeroGear Showcase Template App.
Configuring the AeroGear Android Showcase Template
AeroGear provide a number of Showcase Template Applications for the following platforms:
For this demo you will use the Android Application. To clone the application and checkout the community release version:
$ git clone git@github.com:aerogear/android-showcase-template.git
$ git checkout 1.0.0Once cloned open the application in android studio, this may take some time as Gradle works its magic. Once the app has successfully opened in android studio you will need to make one small change to it. We need to let the application know where OpenShift is running and what Mobile Services we have provisioned.
To do this you need to return to the OpenShift console, from the console home page click on your project from the project list. Select the Android myapp from under the Mobile Clients heading and you should see the following.
On the right hand side of the screen you should see Mobile Client Config. This configuration contains all the relevant information needed for the AeroGear SDK’s. Simply copy this configuration and return to Android Studio. Where you need to paste the configuration into the mobile-services.json file. This file is located at app/src/main/assets in the project.
Running the AeroGear Android Showcase Template
And that is it, hit that big green play button in Android Studio which will bring up your AVD manager, select an emulator and away you go, the application will boot in the emulator. Now since we since OpenShift is running locally it was provisioned with a self signed certificate, this will cause issues for your application when it tries to communicate with OpenShift. To overcome these issues you will need to get a copy of your clusters certificate and push it to the device, this can be done by entering the following command:
$ oc get secret router-certs — template=’{{index .data “tls.crt”}}’ -n default | \
base64 — decode | sed -e ‘1,/^ — — -END RSA PRIVATE KEY — — -$/ d’ > /tmp/localcluster.crtTo push the cert to the device you can use adb with the following command:
$ adb push /tmp/localcluster.crt /sdcard/Download/localcluster.crtNow on the emulator itself navigate to files/downloads and you should see the localcluster.crt file, click on it to install the certificate to the device, you may be prompted to add a screen lock to the device, follow these steps. Now with that done, you have a running application on an emulator and it is able to communicate and interact with services on OpenShift.
Recap
What have you covered? You installed all the pre-requisites needed to run OpenShift, cloned the AeroGear Mobile-Core repository and utilized the install script to provision Openshift. Created an Openshift project and provisioned two services, Android App and Identity Management, then bound the services. Cloned the AeroGear Android Showcase Template, copied the Mobile Service Config to the application, configured the application to allow a self signed cert.
Wait there is more!
From here, play around with the Application you have running, the team at AeroGear have the menu segmented into the different services, So for now focus on Identity Management, where you can find links to documentation, play around with signing in through Keycloak, and experiment with single sign on.
I hope you found this post useful, If you feel I glazed over any aspects in this post feel free to reach out on IRC at #aerogear or check out the AeroGear documentation
Stay tuned for the next instalment, where I will go through adding Metrics to the application and checking out Grafana dashboard to see what kind of analytics you can get through AeroGear Services.
