IBM Mobile Foundation V8.0 brings significant changes that modernize your MobileFirst application development, deployment, and management experience.
The Mobile Foundation SDK and command-line interface have been redesigned to give you greater flexibility and efficiency when developing your apps. Also, you can now use any of your preferred Cordova tools when you develop cross-platform apps.
Review the following sections to learn what is new for developing your apps.
New development and deployment process
You no longer create a project WAR file that needs to be installed in the application server. Instead, the MobileFirst Server is installed once, and you upload the server-side configuration of your apps, of the resource security or of the push service to the server. You can modify the configuration of your apps with the MobileFirst Operations Console.
MobileFirst projects no longer exist. Instead, you develop your mobile app with the development environment of your choice.
You can modify the server-side configuration of your apps and adapters without stopping the MobileFirst Server.
- For more information about the new development process, see Development concepts and overview
- For more information about the migration of existing applications, see the Migrating Cookbook.
- For more information about administering MobileFirst applications, see Administering MobileFirst applications.
Develop cross-platform apps with your preferred Cordova tools
You can now use your preferred Cordova tools (such as Apache Cordova CLI or Ionic Framework) to develop your cross-platform hybrid apps. You obtain these tools independently of Mobile Foundation, and then add MobileFirst plug-ins to provide MobileFirst back-end capabilities.
You can install the Mobile Foundation Studio Eclipse plug-in to manage your cross-platform Cordova apps that are enabled with Mobile Foundation in the Eclipse development environment. The Mobile Foundation Studio plug-in also provides additional MobileFirst CLI commands that you can run from within the Eclipse environment.
Previously MobileFirst client SDK was delivered as a single framework or JAR file. You can now choose to include or exclude specific functionalities. In addtion to the core SDK, each MobileFirst API has its own set of optional components.
New, improved development command-line interface (CLI)
The MobileFirst CLI has been redesigned for greater development efficiency, including for use in automated scripts. Commands now start with the prefix mfpdev. The CLI is included in the IBM MobileFirst Foundation Developer Kit, or you can quickly download the latest version of the CLI from npm.
Migration assistance tool
A migration assistance tool simplifies the procedure of migrating your existing apps to Mobile Foundation version 8.0. The tool scans your existing MobileFirst apps and creates a list of the APIs that are used in the file that are either removed, deprecated, or replaced in version 8.0. When you run the migration assistance tool on Apache Cordova applications that were created with the Mobile Foundation, it creates a new Cordova structure for the app that is compliant with version 8.0. For more information about the migration assistance tool.
Cordova Crosswalk WebView
Starting with Cordova 4.0 the pluggable WebView allows the default web runtime to be replaced. Crosswalk is now supported by Cordova applications with Mobile Foundation. Using the Crosswalk WebView for Android allows high performance and consistent user experience across a wide range of mobile devices. To take advantage of the Crosswalk capabilities, apply the Cordova Crosswalk plug-in.
Distributing MobileFirst SDK for Windows 8 and Windows 10 Universal apps with NuGet
The MobileFirst SDK for Windows 8 and Windows 10 Universal apps is available from NuGet at https://www.nuget.org/packages. To get started.
org.apache.http replaced by okHttp
org.apache.http has been removed from the Android SDK. okHttp will be used as the http dependency.
WKWebView support for iOS hybrid Cordova apps
You can now replace the default UIWebView in Cordova apps with WKWebView.
New features improve and extend the APIs that you can use to develop mobile applications. Use the latest APIs to take advantage of new, improved, or changed functions in Mobile Foundation.
Back-end invocation functions are supported only for adapter types that are supported. Currently, only HTTP and SQL adapters are supported, so back-end invokers
WL.Server.invokeSQL are supported, too.
New Java server-side API
A new Java server-side API is provided, which you can use to extend MobileFirst Server.
New Java server-side API for security
The new security API package,
com.ibm.mfp.server.security.external, and its contained packages, include the interfaces that are required for developing security checks and adapters that use the security-check context.
New Java server-side API for client registration data
The new client registration-data API package,
com.ibm.mfp.server.registration.external, and its contained packages, include an interface for providing access to persistent MobileFirst client registration data.
With this new API, you can return the JAX-RS application for the adapter.
String getPropertyValue (String propertyName)
With this new API, you can get the value from the adapter configuration (or default value).
Updated Java server-side API
An updated Java server-side API is provided, which you can use to extend MobileFirst Server.
The signature of this new API has not changed in this version. However, its behavior is now identical to that of
String getPropertyValue (String propertyName), which is described in New Java server-side API.
In V7.0.0 and V7.1.0, the Java API was accessible through the WLServerAPIProvider interface. For example:
These static interfaces are still supported, to allow adapters that were developed in previous versions of the product to compile and deploy. Old adapters that do not use push notifications or the previous security API continue to work with the new version. Adapters that do use push notifications or the previous security API break.
Updated C# client-side API for Windows 8 Universal and Windows Phone 8 Universal
The C# client-side API for Windows 8 Universal and Windows Phone 8 Universal have changed.
New Java client-side APIs for Android
public void getDeviceDisplayName(final DeviceDisplayNameListener listener);
With this new method, you can get the display name of a device from the MobileFirst Server registration data.
public void setDeviceDisplayName(String deviceDisplayName,final WLRequestListener listener);
With this new method, you can set the display name of a device in the MobileFirst Server registration data.
New Objective-C client-side APIs for iOS
(void) getDeviceDisplayNameWithCompletionHandler:(void(^)(NSString *deviceDisplayName , NSError *error))completionHandler;
With this new method, you can get the display name of a device from the MobileFirst Server registration data.
(void) setDeviceDisplayName:(NSString*)deviceDisplayName WithCompletionHandler:(void(^)(NSError* error))completionHandler;
With this new method, you can set the display name of a device in the MobileFirst Server registration data.
Updated REST API for the administration service
The REST API for the administration service is partly refactored. In particular, the API for beacons and mediators is removed and most REST services for push notification are now part of the REST API for the push service.
Updated REST API for the runtime
The REST API for the MobileFirst runtime now provides several services for mobile clients and confidential clients to call adapters, obtain access tokens, get Direct Update content, and more. Most of the REST API endpoints are protected by OAuth. On a development server, you can view the Swagger doc for the runtime API at:
Multiple certificate pinning support
Starting with iFix 184.108.40.206-IF201706240159, Mobile Foundation supports pinning of multiple certificates. This allows users to have secure access to multiple hosts. Prior to this iFix, Mobile Foundation supported pinning of a single certificate. Mobile Foundation has introduced a new API, which allows connection to multiple hosts by allowing the user to pin public keys of multiple X509 certificates (purchased from a certificate authority) to the client application. A copy of all the certificates should be placed in your client application. During the SSL handshake, the IBM Mobile Foundation client SDK verifies that the public key of the server certificate matches the public key from one of the certificates that are stored in the app.
The security framework in Mobile Foundation was entirely redesigned. New security features were introduced, and some modifications were made to existing features.
Security framework overhaul
The MobileFirst security framework was redesigned and reimplemented to improve and simplify security development and administration tasks. The framework is now inherently based on the OAuth model, and the implementation is session-independent. See Overview of the MobileFirst security framework.
On the server side, the multiple building blocks of the framework were replaced with security checks (implemented in adapters), allowing for simplified development with new APIs. Sample implementations and predefined security checks are provided. See Security checks. Security checks can be configured in the adapter descriptor, and customized by making runtime adapter or application configuration changes, without redeploying the adapter or disrupting the flow. The configurations can be done from the redesigned MobileFirst Operations Console security interfaces. You can also edit the configuration files manually, or use the MobileFirst CLI or mfpadm tools.
Application-authenticity security check
MobileFirst application-authenticity validation is now implemented as a predefined security check that replaces the previous "extended application authenticity checking". You can dynamically enable, disable, and configure application-authenticity validation by using either MobileFirst Operations Console or mfpadm. A stand-alone MobileFirst application-authenticity Java tool (mfp-app-authenticity-tool.jar) is provided for generating an application-authenticity file.
The support for confidential clients was redesigned and reimplemented using the new OAuth security framework.
The revised OAuth-based security framework supports web applications. You can now register web applications with MobileFirst Server to add security capabilities to your application and protect access to your web resources. For more information about developing MobileFirst web applications, see Developing web applications. The application-authenticity security check is not supported for web applications.
Cross-platform applications (Cordova apps), new and changed security features
Additional security features are available to help protect your Cordova app. These features include the following:
- Web resources encryption: Use this feature to encrypt the web resources in your Cordova package to help prevent someone from modifying the package.
- Web resources checksum: Use this feature to run a checksum test that compares the current statistics of the web resources of the app with the baseline statistics that were established when it was first opened. This check helps to prevent someone from modifying the app after it is installed and opened.
- Certificate pinning: Use this feature to associate the certificate of an app with a certificate on the host server. This feature helps to prevent information that is passed between the app and the server from being viewed or modified.
- Support for the Federal Information Processing Standard (FIPS) 140-2: Use this feature to ensure that data that is transferred is compliant with the FIPS 140-2 cryptography standard.
- OpenSSL: To use OpenSSL data encryption and decryption with your Cordova app for the iOS platform, you can use the cordova-plugin-mfp-encrypt-utils Cordova plug-in.
Device Single Sign-On
Device single sign-on (SSO) is now supported by way of the new predefined
enableSSO security-check application-descriptor configuration property.
In contrast to earlier versions of MobileFirst, starting with V8.0
- If a client application accesses an unprotected resource, the application does not receive updates, even if an update is available on MobileFirst Server.
- After it has been activated, Direct Update is enforced on every request for a protected resource.
The supported method and provided artifacts for protecting resources on external servers were modified:
- A new, configurable MobileFirst Java Token Validator access-token validation module is provided for using the MobileFirst security framework to protect resources on any external Java server. The module is provided as a Java library (mfp-java-token-validator-8.0.0.jar), and replaces the use of the obsolete MobileFirst Server token-validation endpoint to create a custom Java validation module.
- The MobileFirst OAuth Trust Association Interceptor (TAI) filter, for protecting Java resources on an external WebSphere Application Server or WebSphere Application Server Liberty server, is now provided as a Java library (com.ibm.imf.oauth.common_8.0.0.jar). The library uses the new Java Token Validator validation module, and the configuration of the provided TAI changed.
- The server-side MobileFirst OAuth TAI API is no longer required and was removed.
- The passport-mfp-token-validation MobileFirst Node.js framework, for protecting Java resources on an external Node.js server, was modified to support the new security framework.
- You can also write your own custom filter and validation module, for any type of resource server, which uses the new introspection endpoint of the authorization server.
Integration with WebSphere DataPower as an authorization server
You can now select to use WebSphere DataPower as the OAuth authorization server, instead of the default MobileFirst Server authorization server. You can configure DataPower to integrate with the MobileFirst security framework.
LTPA-based single sign-on (SSO) security check
Support for sharing user authentication among servers that use WebSphere light-weight third-party authentication (LTPA) is now provided by using the new predefined LTPA-based single sign-on (SSO) security check. This check replaces the obsolete MobileFirst LTPA realm, and eliminates the previous required configuration.
Mobile-application management with MobileFirst Operations Console
Some changes were made to the support for tracking and managing mobile applications, users, and devices from MobileFirst Operations Console. Blocking device or application access is applicable only to attempts to access protected resources.
MobileFirst Server keystore
A single MobileFirst Server keystore is used for signing OAuth tokens and Direct Update packages, and for mutual HTTPS (SSL) authentication. You can dynamically configure this keystore by using either MobileFirst Operations Console or mfpadm.
Native encryption and decryption for iOS
Mobile Foundation now supports Windows 10 Universal apps, bitcode builds, and Apple watchOS 2.
Support for universal applications for Windows 10 Native
With Mobile Foundation, you can now write native C# Universal App Platform applications to use the MobileFirst SDK within your app.
Support for Windows hybrid environments
Windows 10 Universal Windows Platform (UWP) support for Windows hybrid environments. For more information on how to get started.
BlackBerry end of support
The BlackBerry environment is no longer supported in Mobile Foundation.
Bitcode builds are now supported for iOS projects. However, the MobileFirst application-authenticity security check is not supported for apps built with bitcode.
Apple watchOS 2
Apple watchOS 2 is now supported and requires bitcode builds.
New Mobile Foundation capabilities are introduced to help you deploy and manage your apps. You can now update your apps and adapters without restarting MobileFirst Server.
Improved DevOps support
MobileFirst Server has been significantly redesigned to better support your DevOps environment. MobileFirst Server is installed once into your application server environment, and no changes to the application server configuration are required when you upload an application or change the MobileFirst Server configuration.
You do not need to restart MobileFirst Server when you update your apps or any adapters that your apps depend on. You can perform configuration operations, or upload a new version of an adapter or register a new application while the server is still handling traffic.
Configuration changes and development operations are protected by security roles.
You can upload development artifacts to the server in various ways to give you more operational flexibility:
- MobileFirst Operations Console is enhanced: In particular, you can now use it to register an application or a new version of an application, to manage app security parameters, and to deploy certificates, create push notification tags, and send push notifications. The console now also includes contextual help guides.
- Command-line tool
Development artifacts that you upload to the server include adapters and their configuration, security configurations for your apps, push notification certificates, and log filters.
Running applications that were created on IBM Bluemix on Mobile Foundation
Developers can migrate IBM Bluemix applications to run on Mobile Foundation. Migration requires that you make configuration changes to your client application to match Mobile Foundation APIs.
Mobile Foundation as a service on IBM Bluemix
You can now use the IBM Mobile Foundation on Bluemix service on IBM Bluemix to create and run your enterprise mobile apps.
No .wlapp files
In previous versions, applications were deployed to MobileFirst Server by uploading a .wlapp file. The file contained data that described the application and, in the case of hybrid applications, the required web resources also. In V8.0.0, instead of the .wlapp file:
- You register an app in MobileFirst Server by deploying an application descriptor JSON file.
- To update Cordova applications by using Direct Update, you upload an archive (.zip file) of the modified web resource to the server. The archive file no longer contains the web preview files or skins that were possible in previous versions of Mobile Foundation. These have been discontinued. The archive contains only the web resources that are sent to the clients, as well as checksums for Direct Update validations.
To enable Direct Update of client Cordova apps that are installed on end-user devices, you must now deploy the modified web resources as an archive (.zip file) to the server. To enable secure Direct Update, a user-defined keystore file must be deployed in MobileFirst Server and a copy of the matching public key must be included in the deployed client application.
Adapters are Apache Maven projects.
Adapters are now treated as Maven projects. You can create, build, and deploy adapters by using standard command-line Maven commands or using any IDE that supports Maven, such as Eclipse and IntelliJ.
Adapter configuration and deployment in DevOps environments
- MobileFirst Server administrators can now use the MobileFirst Operations Console to modify the behavior of an adapter that has been deployed. After reconfiguration, the changes take effect in the server immediately, without the need to redeploy the adapter, or restart the server.
- You can now "hot deploy" adapters, meaning deploy, undeploy, and redeploy them at run time, while MobileFirst Server is still serving traffic.
Changes in the adapter descriptor file
The adapter.xml descriptor file has changed slightly. For more information on the structure of the adapter descriptor file for adapters, see the Adapters tutorials.
Integration with Swagger UI
MobileFirst Server now integrates with Swagger UI. For any adapter, you can view the associated API by clicking View Swagger Docs in the Resources tab in the MobileFirst Operations Console. The feature is available in development environments only.
Support for JAX-RS 2.0
JAX-RS 2.0 introduces new server-side functionality: server-side asynchronous HTTP, filters and interceptors. Adapters can now exploit these new features.
Mobile Foundation on IBM Containers
Mobile Foundation on IBM Containers released for V8.0.0 is available on the IBM Passport Advantage site. This version of Mobile Foundation on IBM Containers is production ready and supports enterprise dashDB™ transactional database on IBM Bluemix.
Note: See the prerequisites for deploying Mobile Foundation on IBM Containers.
Deploying MobileFirst Server on IBM PureApplication System
You can now deploy and configure MobileFirst Server to the supported Mobile Foundation System Pattern on IBM PureApplication System.
All supported Mobile Foundation system patterns now include support for an existing IBM DB2 database. IBM MobileFirst Foundation Application Center is now supported on a Virtual System Pattern.
MobileFirst Server has been redesigned to help reduce the time and cost of deploying and updating your apps. In addition to the redesign of the MobileFirst Server, Mobile Foundation expands the number of installation methods available.
The new MobileFirst Server design introduces two new components, MobileFirst Server live update service and MobileFirst Server artifacts.
MobileFirst Server live update service is designed to help reduce the time and cost of incremental updates for your apps. It manages and stores the server-side configuration data of the apps and adapters. You can change or update various parts of your app with rebuilding or redeploying your app:
- Dynamically change or update app behavior based on user segments that you define.
- Dynamically change or update server-side business logic.
- Dynamically change or update app security.
- Externalize and dynamically change app configuration.
MobileFirst Server artifacts provide resources for MobileFirst Operations Console.
Along with the redesign of MobileFirst Server, more installation options are now provided. In addition to the manual installation, Mobile Foundation gives you two options to install MobileFirst Server in a server farm. You can also install MobileFirst Server in Liberty collective.
You can now install the MobileFirst Server components in a server farm by using Ant tasks, or with the Server Configuration Tool. For more information, see the following topics:
- Installing a server farm
- Tutorials about MobileFirst Server installation
MobileFirst Server also supports Liberty collective. For more information about the server topology and various installation methods, see the following topics:
- Liberty collective topology
- Running the Server Configuration Tool
- Installing with Ant Tasks
- Manual installation on WebSphere Application Server Liberty collective
MobileFirst Analytics introduces a redesigned console with information presentation improvements and role-based access controls. The console is also now available in a number of different languages.
The MobileFirst Analytics Console was redesigned to present information in an intuitive and more meaningful fashion, and uses summarized data for some event types.
You can now sign out of the MobileFirst Analytics Console by clicking on the gear icon.
The MobileFirst Analytics Console is now available in the following languages:
- Portuguese (Brazilian)
- Simplified Chinese
- Traditional Chinese
The MobileFirst Analytics Console now shows different content based on the security role of the logged-in user.
For more information, see Role-based access control.
MobileFirst Analytics Server uses Elasticsearch V1.7.5.
Analytics support for web applications was added with the new web analytics client-side API.
Some event types were changed between earlier versions of MobileFirst Analytics Server and V8.0. Because of this change, any JNDI properties that were previously configured in your server configuration file must be converted to the new event type.
The push notification service is now provided as a stand-alone service hosted on a separate web application.
Earlier versions of Mobile Foundation embedded the push notification service as part of the application runtime.
The programming model spans across the server to client, and you need to set up your application for push notification service to work on your client applications. Two types of clients would interact with push notification service:
- Mobile client applications
- Back-end server applications
Security for push notification service
Mobile Foundation authorization server enforces the OAuth protocol to secure push notification service.
Push notification service model
The event source-based model is not supported. The push notification capability is enabled on Mobile Foundation by the push service model.
Push REST API
You can enable back-end server applications that are deployed outside MobileFirst Server to access push notification functions by using REST API for push in the Mobile Foundation runtime.
Upgrading from existing event source-based notification model
The event source-based model is not supported. The push notification capability is enabled entirely by the push service model. All existing event source-based applications need to be migrated to the new push service model.
Sending push notifications
You can choose to send an event-source based, tag-based, or broadcast-enabled push notification from the server.
Push notifications can be sent by using the following methods:
- Using MobileFirst Operations Console, two types of notifications can be sent: tag and broadcast. See Sending push notification with the MobileFirst Operations Console.
- Using Push Message (POST) REST API, all forms of notifications can be sent: tag, broadcast, and authenticated.
- Using REST API for the MobileFirst Server administration service, all forms of notifications can be sent: tag, broadcast, and authenticated.
Sending SMS notifications
You can configure the push service to send a short message service (SMS) notification to user devices.
Installation of the push notification service
The push notification service is packaged as a MobileFirst Server component (MobileFirst Server push service).
Push service model is supported on Windows Universal Platform apps
You can now migrate native Windows Universal Platform (UWP) applications to use the push service model to send push notifications.
MobileFirst Application Center is now supported in Bluemix (based on containers) via BYOL scripts.