Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
stylenone

FlexDeploy now supports the use of OAuth authentication for Oracle Integration Cloud. You can follow the below steps for configuring OAuth for OIC.

...

Info

Oracle Integration 3 instances only support OAuth authentication. Basic Auth cannot be used in FlexDeploy for these v3 instances

Prerequisite

For JWT User Assertion, we need a certificate to be generated from the endpoint where FlexDeploy server is going to execute the plugin operations for OIC/VBCS. For Resource Owner, you can skip this prerequisite step.

1. Generate certificate

If you already have a public/private key and their keystore location feel free to skip this step.

Info

Continuing with this step, we assume you don’t have third party certificates and going to generate a self signed cert.

Keystore

1 Create the Keystore.

Code Block
keytool -genkey -keyalg RSA -alias <your_alias ex FlexDeploySandbox> -keystore <keystore_file ex FDSandboxkeystore.jks> -storepass <new_keystore_pass> -validity 365 -keysize 2048
Info

 if you don’t need to use password in the command, you can remove -storepass <new_keystore_pass>, it will prompt to enter the keystore password.

2 Export to generate a cert file. Make sure that the aliases are unique.

Code Block
keytool -exportcert -alias <your_alias ex FlexDeploySandbox> -file <filename ex flexdeployad.cer> -keystore <keystore_file ex FDSandboxkeystore.jks> -storepass <keystore_pass>

 

Resource Owner

.

Resource Owner

Steps are:

  • Create a Confidential Application in Identity Console

  • Create FlexDeploy Cloud Account

...

Create a Confidential Application in Oracle Identity Console

...

    Expand
    titleFor Classic IDCS
    Image Removed
    • Give it a meaningful name such as ‘FlexDeploy OAuth App’.

    • Click Next.

    • On the tab Configure OAuth,

      • Resource Server Configuration, should be defaulted to Skip for later.

      • Select Configure this application as a client now. Be sure to select the grant type of Resource Owner, Client Credentials and add scopes for your OIC Instances where you want to use this application.

      • Copy the scope that ends in /ic/api to notepad

      • For Client Type, select Confidential. (Import certificate is not needed)

    ...

    Expand
    titleFor Classic IDCS
    Image Removed

    ...

    • You can accept the default values throughout the rest of the configuration.

    • Copy the client id and secret that show up after completing the application (you can access this from the configuration tab as well)

    • Click Finish to activate your application

    ...

    Create the Cloud Account in FlexDeploy

    ...

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    ...

    JWT User Assertion

    JWT User Assertion requires an ssl certificate to be uploaded to Oracle Cloud Infrastructure and referenced in FlexDeploy. The key can be self-signed or from a more trusted chain.

    • Create Oracle Identity Application with the JWT Assertion grant type

    • Add cer file to Partner Settings

    • Create FlexDeploy Cloud Account

    ...

    For JWT User Assertion, we need a certificate to be generated from the endpoint where FlexDeploy server is going to execute the plugin operations for OIC/VBCS.

    Generate certificate

    If you already have a public/private key and their keystore location feel free to skip this step.

    Info

    Continuing with this step, we assume you don’t have third party certificates and going to generate a self signed cert.

    Keystore

    Create the Keystore.

    Code Block
    keytool -genkey -keyalg RSA -alias <your_alias ex FlexDeploySandbox> -keystore <keystore_file ex FDSandboxkeystore.jks> -storepass <new_keystore_pass> -validity 365 -keysize 2048
    Info

     if you don’t need to use password in the command, you can remove -storepass <new_keystore_pass>, it will prompt to enter the keystore password.

    Export to generate a cert file. Make sure that the aliases are unique.

    Code Block
    keytool -exportcert -alias <your_alias ex FlexDeploySandbox> -file <filename ex flexdeployad.cer> -keystore <keystore_file ex FDSandboxkeystore.jks> -storepass <keystore_pass>

    Create Oracle Identity Application with the JWT Assertion grant type

    ...

    Expand
    titleFor Classic IDCS
    Image Removed

    ...

    • Give it a meaningful name such as ‘FlexDeploy OAuth App’.

    • Click Next.

    • On the client configuration select Configure this application as a client now. Be sure to select the grant type of JWT Assertion, Client Credentials and add scopes for your OIC Instances where you want to use this application.

    • Copy the scope that ends in /ic/api to notepad

    • For Client Type, select Confidential. (Import certificate is not needed)

    ...

    titleFor Classic IDCS

    ...

    • You can accept the default values throughout the rest of the configuration.

    • Copy the client id and secret that show up after completing the application (you can access this from the configuration tab as well)

    • Click Finish and activate your application

    ...

    Add cer file to Partner Settings

    We have configured the signing certificate in the Confidential Application, IDCS requires to configure the signing certificate as a Trusted Partner Certificate as well. Go to Settings → Partner Settings and Import the cer file. Make sure to use the same alias name used to generate the file(ex FlexDeployDev).

    ...

    ...

    titleClassic IDCS

    ...

    Create FlexDeploy Cloud Account

    Lastly you need to create a cloud account in FlexDeploy specifying your client application information as well as the certificate information.

    ...