Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

FlexDeploy now supports the use of OAuth authentication for Oracle Integration Cloud. You can follow the below steps for configuring OAuth.

The following OAuth methods are currently supported:

  • Resource Owner

  • JWT User Assertion

Oracle Integration 3 instances only support OAuth authentication. Basic Auth cannot be used in FlexDeploy for v3 instances.

Resource Owner

Steps are:

  • Create a Confidential Application in Identity Console.

  • Create FlexDeploy Cloud Account under Integrations - Cloud.

Create a Confidential Application in Oracle Identity Console

  • Login to https://cloud.oracle.com and search for your Identity domain.

  • Click on Integrated applications, then click Add application to add new confidential application.

image-20240910-163025.png
  • Select Confidential Application and click Launch workflow.

image-20240214-083234.png
  • Give a meaningful name such as ‘FlexDeploy OAuth App’ and Click Next.

image-20240910-163233.png
  • On the Configure OAuth tab, select the following,

    • Resource Server Configuration, should be defaulted to Skip for later.

    • For Client Configuration, select Configure this application as a client now. Be sure to select the grant type of Resource Owner, Client Credentials

    • For Client Type, select Confidential. (Import certificate is not needed)

    • Token Issuance policy should be Specific. And Add scopes for your OIC Instances which you want to integrate using this application. Copy the scope that ends in /ic/api to notepad - see #7 in the second image below. Scope search works as Starts with (Case insensitive) for name or description and requires you to enter at least 3 characters.

image-20240910-163726.pngimage-20240910-164029.png
  • You can accept the default values throughout the rest of the configuration and click Finish.

  • Click Activate.

image-20240910-164316.png
  • Copy the client id and secret that show up after completing the application (you can access this from the configuration tab as well)

image-20240910-164411.png

Create the Cloud Account in FlexDeploy

Note that you will need scope URL that was copied in previous step.

image-20240108-102445.png

JWT User Assertion

JWT User Assertion requires an ssl certificate to be uploaded to Oracle Cloud Infrastructure and referenced in FlexDeploy. The key can be self-signed or from a more trusted chain.

  • Create Oracle Identity Application with the JWT Assertion grant type

  • Add cer file to Partner Settings

  • Create FlexDeploy Cloud Account

For JWT User Assertion, we need a certificate to be generated from the endpoint where FlexDeploy server is going to execute the plugin operations for OIC/VBCS.

Generate certificate

If you already have a public/private key and their keystore location feel free to skip this step.

Continuing with this step, we assume you don’t have third party certificates and going to generate a self signed cert.

Keystore

Create the Keystore.

keytool -genkey -keyalg RSA -alias <your_alias ex FlexDeploySandbox> -keystore <keystore_file ex FDSandboxkeystore.jks> -storepass <new_keystore_pass> -validity 365 -keysize 2048

 if you don’t need to use password in the command, you can remove -storepass <new_keystore_pass>, it will prompt to enter the keystore password.

Export to generate a cert file. Make sure that the aliases are unique.

keytool -exportcert -alias <your_alias ex FlexDeploySandbox> -file <filename ex flexdeployad.cer> -keystore <keystore_file ex FDSandboxkeystore.jks> -storepass <keystore_pass>

Create Oracle Identity Application with the JWT Assertion grant type

image-20240214-061654.pngimage-20240214-083234.png
  • Give it a meaningful name such as ‘FlexDeploy OAuth App’.

  • Click Next.

  • On the client configuration select Configure this application as a client now. Be sure to select the grant type of JWT Assertion, Client Credentials and add scopes for your OIC Instances where you want to use this application.

  • For Client Type, select Confidential. (Import certificate is not needed)

  • Copy the scope that ends in /ic/api to notepad

image-20240521-173514.pngimage-20240521-173604.png
  • You can accept the default values throughout the rest of the configuration.

  • Copy the client id and secret that show up after completing the application (you can access this from the configuration tab as well)

  • Click Finish and activate your application

Add cer file to Partner Settings

We have configured the signing certificate in the Confidential Application, IDCS requires to configure the signing certificate as a Trusted Partner Certificate as well. Go to Settings → Partner Settings and Import the cer file. Make sure to use the same alias name used to generate the file(ex FlexDeployDev).

image-20240214-085008.png

Create FlexDeploy Cloud Account

Lastly you need to create a cloud account in FlexDeploy specifying your client application information as well as the certificate information.

  • No labels