FlexDeploy now supports the use of OAuth authentication for Oracle Integration Cloud. You can follow the below steps for configuring OAuth.

The following OAuth methods are currently supported:

• Resource Owner

• JWT User Assertion

Resource Owner

Steps are:

• Create a Confidential Application in Identity Console.

• Create FlexDeploy Cloud Account under Integrations - Cloud.

Create a Confidential Application in Oracle Identity Console

• Login to https://cloud.oracle.com and search for your Identity domain.

• Click on Integrated applications, then click Add application to add new confidential application.

• Select Confidential Application and click Launch workflow.

• Give a meaningful name such as ‘FlexDeploy OAuth App’ and Click Next.

• On the Configure OAuth tab, select the following,

  • Resource Server Configuration, should be defaulted to Skip for later.

  • For Client Configuration, select Configure this application as a client now. Be sure to select the grant type of Resource Owner, Client Credentials

  • For Client Type, select Confidential. (Import certificate is not needed)

  • Token Issuance policy should be Specific. And Add scopes for your OIC Instances which you want to integrate using this application. Copy the scope that ends in /ic/api to notepad - see #7 in the second image below.

• You can accept the default values throughout the rest of the configuration and click Finish.

• Click Activate.

• Copy the client id and secret that show up after completing the application (you can access this from the configuration tab as well)

Create the Cloud Account in FlexDeploy

Note that you will need scope URL that was copied in previous step.

JWT User Assertion

JWT User Assertion requires an ssl certificate to be uploaded to Oracle Cloud Infrastructure and referenced in FlexDeploy. The key can be self-signed or from a more trusted chain.

• Create Oracle Identity Application with the JWT Assertion grant type

• Add cer file to Partner Settings

• Create FlexDeploy Cloud Account

For JWT User Assertion, we need a certificate to be generated from the endpoint where FlexDeploy server is going to execute the plugin operations for OIC/VBCS.

Generate certificate

Keystore

Create the Keystore.

keytool -genkey -keyalg RSA -alias <your_alias ex FlexDeploySandbox> -keystore <keystore_file ex FDSandboxkeystore.jks> -storepass <new_keystore_pass> -validity 365 -keysize 2048

Export to generate a cert file. Make sure that the aliases are unique.

keytool -exportcert -alias <your_alias ex FlexDeploySandbox> -file <filename ex flexdeployad.cer> -keystore <keystore_file ex FDSandboxkeystore.jks> -storepass <keystore_pass>

Create Oracle Identity Application with the JWT Assertion grant type

• Give it a meaningful name such as ‘FlexDeploy OAuth App’.

• Click Next.

• On the client configuration select Configure this application as a client now. Be sure to select the grant type of JWT Assertion, Client Credentials and add scopes for your OIC Instances where you want to use this application.

• For Client Type, select Confidential. (Import certificate is not needed)

• Copy the scope that ends in /ic/api to notepad

• You can accept the default values throughout the rest of the configuration.

• Copy the client id and secret that show up after completing the application (you can access this from the configuration tab as well)

• Click Finish and activate your application

Add cer file to Partner Settings

We have configured the signing certificate in the Confidential Application, IDCS requires to configure the signing certificate as a Trusted Partner Certificate as well. Go to Settings → Partner Settings and Import the cer file. Make sure to use the same alias name used to generate the file(ex FlexDeployDev).

Create FlexDeploy Cloud Account

Lastly you need to create a cloud account in FlexDeploy specifying your client application information as well as the certificate information.