Before we start, let us understand some basics about two types of authentication which can used for publishing the integrations.
BASICAUTH is a type of authentication mechanism supported by Oracle Integration Cloud (OIC) that allows users to authenticate using a username and password combination. When using BASICAUTH, the user's username and password are transmitted in the HTTP header of the request. In OIC, you can use BASICAUTH to secure REST services that are exposed through an integration. When a client sends a request to a REST endpoint secured by BASICAUTH, they must include the appropriate username and password in the request header. If the provided credentials are valid, the client will be able to access the service.
OAuth (Open Authorization) is an authentication and authorization protocol supported by Oracle Integration Cloud (OIC) that allows users to securely grant access to their resources or data to third-party applications without sharing their login credentials. OAuth works by having the user grant access to their data to an application (referred to as a "client") through a process known as "authorization." This process involves the user being redirected to an authorization server (in this case, OIC) to authenticate and grant permission to the client to access their resources. Once permission is granted, the client receives an access token that allows it to access the user's resources.
The major problem which arise while using BASICAUTH and using an IDCS User is that it gets expired in every 120 days and thus again we need to change all integrations configurations. There are workaround available within IDCS using Group Policies through which we can make the user password as never expire which is all together an another topic for discussions.
In this post, we will see, how we can create a service account for which the password will never expire using an OAuth token.
Go to IDCS:-
Go to the IDCS console and create a confidential application. Once the application is activated we will get the Client id and Client token.
using the above generated client id and token, we will invoke the the below curl command to get the access token.
curl
-X POST
https://idcs-*********************.identity.oraclecloud.com/oauth2/v1/token
-u c086e**********4f0:dee***************54be57e -d
'grant_type=client_credentials&scope=urn%3Aopc%3Aidm%3A__myscopes__'
We will get the response for Access Token
Run the below curl command to create a new application
curl -X POST https://idcs-*****************.identity.oraclecloud.com/admin/v1/Apps
-H 'Authorization: Bearer eyJ4NXQjUzI.............’ -H 'Content-Type: application/json' -d '{
"active": true, "isOAuthClient":
true,"allowedGrants":
["client_credentials"],"basedOnTemplate":
{"value": "CustomWebAppTemplateId"},
"clientType": "confidential", "displayName":
"mgu_OIC_SVC_ACC_BASICAUTH", "name":
"mgu_OIC_SVC_ACC_BASICAUTH", "schemas":
["urn:ietf:params:scim:schemas:oracle:idcs:App"]}'
Associate newly created IDCS application with OIC
The next step is to associate this confidential application
with an OIC application ServiceUser role. This role gets created by default
during OIC provisioning, and can be managed in IDCS
My oic instance:- https://*****-idmfguxp1uca-ia.integration.ocp.oraclecloud.com/ic/home
in IDCS:-
Now all the configuration related to IDCS Confidential
application and association of that application to default OIC application been
completed.
Next, using the service account, we will now configure the OIC Agent. The step by step downloading the agent_installer and creating the agent Group will be discussed in the upcoming post. In this post, i am just passing the values inside the InstallerProfile.cfg file and checking if using the Oauth account, i am able to start the OIC agent or not
cat
InstallerProfile.cfg
# Required Parameters
# oic_URL format should be https://hostname:sslPort
oic_URL=https://*********-ia.integration.ocp.oraclecloud.com:443
agent_GROUP_IDENTIFIER=TEST
# Proxy Parameters
# proxy_NON_PROXY_HOSTS: a list of hosts that should be
reached directly, bypassing the proxy. This is a list of patterns separated by
'|'.
oic_IDCS_URL=https://idcs-*****.identity.oraclecloud.com:443
oic_CLIENT_ID=mgu_OIC_SVC_ACC_BASICAUTH
oic_CLIENT_SECRET=******************
oic_SCOPE=https://********-ia.integration.ocp.oraclecloud.com:443urn:opc:resource:consumer::all
proxy_HOST=
proxy_PORT=
proxy_USER=
proxy_PASSWORD=
proxy_NON_PROXY_HOSTS=
$ java -jar
connectivityagent.jar
Proceeding to install a new agent ...
Enter your OIC username : *
Enter password:*
No Proxy Configuration Detected
Checking for trusted certificates ...
Making call to check OIC Version ...
Making call to check Agent group availability ...
Updating Agent with configuration details ...
Making call to register new agent instance ...
Making call for getting agent app id & keys...
Done with Agent installation & configuration... Starting
Agent for message processing.
Agent started successfully...Now available for new
messages...
I hope this post will help someone. In the next post, i will talk about on step by step installing and configuring an OIC Agent. Till then, happy learning cloud.
References:-https://kumarsoablog.blogspot.com/2020/03/access-oic-rest-based-integrations.html
https://docs.oracle.com/en/cloud/paas/integration-cloud/integration-cloud-auton/use-service-integration-account-no-password-expiration.html