Most Oracle SaaS FSM plugin operations require the FDFSM_CLOUD_ACCOUNT_CODE target property. The cloud account can be managed directly through the target property drop-down (available since version FlexDeploy 9.0.0.4) or on the Integrations > Cloud page. Below is a description of the Oracle SaaS cloud account properties. To validate your configurations, use the Test Connection option.
Prior to FlexDeploy 9.0.0.4, OAuthJWTAssertion required using a Java KeyStore for the Private Key and Certificate. When upgrading from FlexDeploy 9.0.0.3 or earlier, the Oracle SaaS cloud account will automatically migrate to use Private Key and Certificate credentials from the configured KeyStore, eliminating the need to maintain the KeyStore on the file system. As a result, the KeyStore Path, KeyStore Password, Private Key Alias, Private Key Password, and Certificate Algorithm properties are now replaced with the Private Key and Certificate properties.
Property Name | Property Code | Required | Description |
|---|---|---|---|
Oracle SaaS URL |
| Yes | URL of the Oracle SaaS environment. e.g. |
Auth Type |
| Yes | Authentication method for connecting to Oracle SaaS environment. Additional properties may be required depending on selection. Options: |
Username |
| Yes | The username for your Oracle environment. User will require Application Implementation Consultant or Application Implementation Administrator role or other roles needed to perform export and import setup activities. |
Password |
| Conditional | The password. Required for |
Oracle Identity Cloud Service URL |
| Conditional | The Oracle Identity Cloud Service URL (IDCS). e.g. Required for |
Client Id |
| Conditional | Client Id of OAuth application in Oracle Identity service. See more details below. Required for |
Client Secret |
| Conditional | Client Secret of OAuth application in Oracle Identity service. See more details below. Required for |
Client Scope |
| Conditional | Client Scope. See more details below. e.g. Required for |
Private Key |
| Conditional | Private Key to use for JWT Assertion. See more details below. Required for See Private Key type Credential for information on how to generate Private Key with Certificate and upload to FlexDeploy credential. |
Certificate |
| Conditional | Certificate to use for JWT Assertion. See more details below. Required for See Certificate type Credential for information on how to generate Private Key with Certificate and upload to FlexDeploy credential. Certificate also needs to be uploaded to Oracle Cloud, see more details below. |
OAuth Configurations for Oracle Cloud
FlexDeploy supports the use of OAuth authentication for various Oracle Cloud related application and services.
You can follow one of the 2 options for configuring OAuth: Resource Owner and JWT Assertion.
For both options, you will need to create Confidential Application in Oracle Identity domain. See detailed steps below. For additional context see https://docs.oracle.com/en-us/iaas/Content/Identity/applications/add-confidential-application.htm.
Resource Owner
Login to https://cloud.oracle.com and navigate to your Identity domain.
Click on Integrated applications, then click Add application to add new confidential application. Select Confidential Application and click Launch Workflow.
Give a meaningful name such as ‘FlexDeploy OAC Dev OAuth’ and Click Next.
On the Configure OAuth tab, select the following,
Resource Server Configuration, should be defaulted to Skip for later.
For Client Configuration, select Configure this application as a client now.
Be sure to select the grant type of Resource Owner, Client Credentials. Also, select Refresh Token to allow use of refresh token if access token has expired to get new access token.
For Client Type, select Confidential, which is default selection. (Import certificate is not needed)
Token Issuance policy should be Specific.
Check Add scopes for your resources which you want to integrate using this application. Select specific scope, copy the scope to notepad for use later. See #10 in the second image below. Scope search works as Starts with (Case insensitive) for name or description and requires you to enter at least 3 characters.
Click Add on Add scope popup.
Then click Next.
You can accept the default values throughout the rest of the configuration and click Finish.
Click Activate.
You can copy Client Id and Client Secret shown below for use with FlexDeploy integration instance configuration.
Now you can configure FlexDeploy Integration Instance as shown below and use it for build/deploy processes.
JWT Assertion
To use JWT Assertion, you need both a private key and a certificate. The certificate must be uploaded to Oracle Cloud Infrastructure and referenced in FlexDeploy. The private key can either be self-signed or issued by a trusted certificate authority.
See Credential Type - Private Key and Credential Type - Certificate for details on how to generate Private Key and Certificate for this setup. You will also need to upload .cer file (Certificate) to Oracle Cloud Identity service settings.
Login to https://cloud.oracle.com and search for your Identity domain.
Click on Integrated applications, then click Add application to add new confidential application. Select Confidential Application and click Launch Workflow.
Give a meaningful name such as ‘FlexDeploy OAC Dev OAuth’ and Click Next.
On the Configure OAuth tab, select the following,
Resource Server Configuration, should be defaulted to Skip for later.
For Client Configuration, select Configure this application as a client now.
Be sure to select the grant type of JWT assertion, Client Credentials. Also, select Refresh Token to allow use of refresh token if access token has expired to get new access token.
For Client Type, select Confidential, which is default selection. (Import certificate is not needed)
Token Issuance policy should be Specific.
Check Add scopes for your resources which you want to integrate using this application. Select specific scope, copy the scope to notepad for use later. See #10 in the second image below. Scope search works as Starts with (Case insensitive) for name or description and requires you to enter at least 3 characters.
Click Add on Add scope popup.
Then click Next.
You can accept the default values throughout the rest of the configuration and click Finish.
Click Activate.
You can copy Client Id and Client Secret shown below for use with FlexDeploy integration instance configuration.
Now we need to upload certificate to Partner Settings.
Go to your Identity Domain.
Client Settings, then click Trusted partner certificates.
Click Import certificate and upload .cer file. Click Import.
Now you can configure FlexDeploy Integration Instance as shown below and use it for build/deploy processes.
Generated Private Key and Certificate should be uploaded to FlexDeploy Credential store for use with Integration Instance. This can be done directly from Private Key and Certificate drop down on Integration Instance page.
