Sunday, May 7, 2023

Getting Started with Oracle Integration Cloud: A Beginner's Guide to create Service Account(Non Expiry) in OIC and Configure OIC Agent

 Before we start, let us understand some basics about two types of authentication which can used for publishing the integrations.

BASICAUTH is a type of authentication mechanism supported by Oracle Integration Cloud (OIC) that allows users to authenticate using a username and password combination. When using BASICAUTH, the user's username and password are transmitted in the HTTP header of the request. In OIC, you can use BASICAUTH to secure REST services that are exposed through an integration. When a client sends a request to a REST endpoint secured by BASICAUTH, they must include the appropriate username and password in the request header. If the provided credentials are valid, the client will be able to access the service.

OAuth (Open Authorization) is an authentication and authorization protocol supported by Oracle Integration Cloud (OIC) that allows users to securely grant access to their resources or data to third-party applications without sharing their login credentials. OAuth works by having the user grant access to their data to an application (referred to as a "client") through a process known as "authorization." This process involves the user being redirected to an authorization server (in this case, OIC) to authenticate and grant permission to the client to access their resources. Once permission is granted, the client receives an access token that allows it to access the user's resources.



The major problem which arise while using BASICAUTH and using an IDCS User is that it gets expired in every 120 days and thus again we need to change all integrations configurations. There are workaround available within IDCS using Group Policies through which we can make the user password as never expire which is all together an another topic for discussions. 

In this post, we will see, how we can create a service account for which the password will never expire using an OAuth token.

Go to IDCS:-



Go to the IDCS console and create a confidential application. Once the application is activated we will get the Client id and Client token.



 
using the above generated client id and token, we will invoke the the below curl command to get the access token.


curl -X POST https://idcs-*********************.identity.oraclecloud.com/oauth2/v1/token -u c086e**********4f0:dee***************54be57e -d 'grant_type=client_credentials&scope=urn%3Aopc%3Aidm%3A__myscopes__'


We will get the response for Access Token

Run the below curl command to create a new application

curl -X POST https://idcs-*****************.identity.oraclecloud.com/admin/v1/Apps -H 'Authorization: Bearer eyJ4NXQjUzI.............’  -H 'Content-Type: application/json' -d '{ "active": true, "isOAuthClient": true,"allowedGrants": ["client_credentials"],"basedOnTemplate": {"value": "CustomWebAppTemplateId"}, "clientType": "confidential", "displayName": "mgu_OIC_SVC_ACC_BASICAUTH", "name": "mgu_OIC_SVC_ACC_BASICAUTH", "schemas": ["urn:ietf:params:scim:schemas:oracle:idcs:App"]}'






Associate newly created IDCS application with OIC


The next step is to associate this confidential application with an OIC application ServiceUser role. This role gets created by default during OIC provisioning, and can be managed in IDCS


My oic instance:- https://*****-idmfguxp1uca-ia.integration.ocp.oraclecloud.com/ic/home


in IDCS:-
















Now all the configuration related to IDCS Confidential application and association of that application to default OIC application been completed.


Next, using the service account, we will now configure the OIC Agent. The step by step downloading the agent_installer and creating the agent Group will be discussed in the upcoming post. In this post, i am just passing the values inside the InstallerProfile.cfg file and checking if using the Oauth account, i am able to start the OIC agent or not


 cat InstallerProfile.cfg

# Required Parameters

# oic_URL format should be https://hostname:sslPort

oic_URL=https://*********-ia.integration.ocp.oraclecloud.com:443

agent_GROUP_IDENTIFIER=TEST

 

# Proxy Parameters

# proxy_NON_PROXY_HOSTS: a list of hosts that should be reached directly, bypassing the proxy. This is a list of patterns separated by '|'.

oic_IDCS_URL=https://idcs-*****.identity.oraclecloud.com:443

oic_CLIENT_ID=mgu_OIC_SVC_ACC_BASICAUTH

oic_CLIENT_SECRET=******************

oic_SCOPE=https://********-ia.integration.ocp.oraclecloud.com:443urn:opc:resource:consumer::all

proxy_HOST=

proxy_PORT=

proxy_USER=

proxy_PASSWORD=

proxy_NON_PROXY_HOSTS=


$ java -jar connectivityagent.jar

Proceeding to install a new agent ...

Enter your OIC username : *

Enter password:*

No Proxy Configuration Detected

Checking for trusted certificates ...

Making call to check OIC Version ...

Making call to check Agent group availability ...

Updating Agent with configuration details ...

Making call to register new agent instance ...

Making call for getting agent app id & keys...

Done with Agent installation & configuration... Starting Agent for message processing.

Agent started successfully...Now available for new messages...





 I hope this post will help someone. In the next post, i will talk about on step by step installing and configuring an OIC Agent. Till then, happy learning cloud.


References:-https://kumarsoablog.blogspot.com/2020/03/access-oic-rest-based-integrations.html

 https://docs.oracle.com/en/cloud/paas/integration-cloud/integration-cloud-auton/use-service-integration-account-no-password-expiration.html


at No comments:
Labels: ,
Subscribe to: Posts (Atom)