Configuring OAuth for Oracle ERP Cloud in OIC

Introduction

In a connected enterprise landscape, seamless and secure integrations are essential. Oracle Integration Cloud (OIC) simplifies this process by offering various adapters to connect with different applications, including Oracle ERP Cloud One essential aspect of this integration is implementing OAuth authentication, which ensures secure and token-based access to different applications.

This blog will provide a high-level overview of configuring OAuth for the ERP Cloud Adapter in OIC, focusing on the foundational steps required to establish a secure connection between OIC and Oracle ERP Cloud. We will also cover a unique step—raising a Service Request (SR) with Oracle to upload necessary certificates to Oracle Fusion—a lesser-known but essential part of the process.

OAuth Integration Flow between OIC and Oracle ERP Cloud

The diagram illustrates the overall architecture and workflow involved in setting up the OAuth authentication between Oracle Integration Cloud (OIC) and Oracle ERP Cloud. It highlights the flow between various components including Identity Cloud Service, Oracle ERP Cloud and OIC for secure token-based communication.

Oracle ERP Cloud

The Identity Provider within Oracle ERP Cloud is responsible for authenticating and validating requests. A trust relationship is configured between the Identity Provider and the Federation Provider in Identity Cloud Service (IDCS) to ensure seamless and secure authentication.

The REST/SOAP APIs in Oracle ERP Cloud are the primary endpoints that OIC invokes to carry out data transactions. To maintain a high level of security, these API requests must be validated using OAuth tokens. The tokens are issued and managed by IDCS, ensuring that only authenticated and authorized requests are processed by Oracle ERP Cloud.

Identity Cloud Service (IDCS)

The Identity Cloud Service (IDCS) functions as the central identity provider and authorization server, playing a crucial role in managing OAuth authentication and ensuring secure communication between Oracle Integration Cloud (OIC) and Oracle ERP Cloud.

Oracle Integration Cloud (OIC)

The ERP Cloud Adapter uses credentials, such as the client ID, client secret, scope, and authorization URLs, to retrieve OAuth tokens from the Identity Cloud Service (IDCS). These tokens authorize OIC to invoke APIs in Oracle ERP Cloud, ensuring that all interactions are authenticated and secure.

Key Steps to Configure OAuth Authentication

The configuration of OAuth authentication between Oracle Integration Cloud (OIC) and Oracle ERP Cloud involves several steps to ensure secure, token-based access. As a security protocol, OAuth allows client applications to access resources without requiring user credentials by using tokens instead. For secure communication between OIC and Oracle ERP Cloud, specific configurations must be completed within Oracle Identity Cloud Service (IDCS) and Oracle ERP Cloud.

This setup typically includes obtaining signing certificates to validate tokens, uploading these certificates to Oracle ERP Cloud to that the tokens are recognized, and configuring IDCS to handle access scopes and authorization settings. Additionally, creating a confidential client application in IDCS for OIC enables consistent, secure access and a streamlined data flow system.

The following steps provide a high-level outline of the key configurations needed to establish this OAuth setup.

1. Obtain JWK Signing Certificates from IDCS
   1. OAuth tokens rely on cryptographic validation, which requires signing certificates. These certificates, retrieved from Oracle Identity Cloud Service (IDCS) via REST APIs, verify the authenticity of tokens used in Oracle ERP Cloud.
   2. Using the IDCS REST API endpoint (/admin/v1/SigningCert/jwk), you can retrieve the required JWK (JSON Web Key) signing certificates from IDCS for token validation.

2. Upload Certificates to Oracle ERP Cloud Application
   1. Once you have obtained JWK certificates, they must be uploaded to the Oracle ERP Cloud Security Console to enable token validation. This step authorizes OICs request for access to Oracle ERP Cloud.
   2. As essential part of this step may include raising a Service Request (SR) with Oracle Support to ensure that the certificates are correctly uploaded and recognized by Oracle ERP Cloud. This process establishes secure API authentication, making certain that token requests from OIC to Oracle ERP Cloud are authorized and trusted.

3. Configuring IDCS as a Resource Server for Oracle ERP Cloud
   1. In IDCS, configure Oracle ERP Cloud as a resource server to manage access tokens and enforce authentication policies. This includes defining scopes, setting access token expiration, and enabling refresh tokens as needed.
   2. The resource server configuration ensures that Oracle ERP Cloud can validate OAuth tokens issued by IDCS, allowing secure and controlled access to Oracle ERP Cloud resources. Defining the necessary scopes ensures precise access levels, enhancing security within the integration.

4. Create the Confidential Client Application for OIC
   1. Finally, configure a confidential client application in IDCS specifically for Oracle Integration Cloud (OIC). This involves setting up a client ID, client Secret, and redirect URI that will be used during OAuth flows.
   2. The client application settings include OAuth authorization options like Authorization Code and Refresh Token. These settings enable Oracle Integration Cloud (OIC) to maintain secure, uninterrupted access to Oracle ERP Cloud, allowing OIC to authenticate once and manage token refreshes automatically. This approach minimizes the need for repeated authentications and supports efficient, continuous data exchange for daily operations.

5. (Optional) Creating a Local User for Non-Federated Instances
   1. If federation is not enabled, you must create a local user in IDCS that matches the user in Oracle Fusion Applications. This ensures the local user can be used in the OAuth setup and has the necessary roles and permissions for accessing ERP Cloud services.

Testing the OAuth Configuration

To test the OAuth configuration, create a connection in Oracle Integration Cloud (OIC) using the ERP Cloud Adapter, selecting the OAuth security policy and entering the required credentials. Use the Provide Consent option to initiate the OAuth authorization process, allowing OIC to access Oracle ERP Cloud securely. Once authorization is granted, test the connection within OIC to verify that OAuth authentication is correctly configured for secure token-based communication between OIC and Oracle ERP Cloud.

Conclusion

Configuring OAuth authentication between Oracle Integration Cloud (OIC) and Oracle ERP Cloud is a vital step for ensuring secure, token-based access between the two systems. By completing the necessary prerequisites, such as establishing trust between Oracle Fusion Applications and Oracle Identity Cloud Service (IDCS), and configuring client applications, you can seamlessly enable OAuth-based authentication. This not only safeguards your data but also streamlines communication between systems, allowing for smooth and secure operations in your integration processes.

Looking for a partner that can help take your Oracle products to the next level? Apps Associates has more than 20 years of experience executing for our customers. Contact us today to get started.

This blog was a collaboration between Ishan Agarwal, Principal Consultant and Tusarkant Swain, Senior Consultant in Business Integration & Automation Practice.

About the Author

Ishan Agarwal is a highly skilled Oracle Fusion Cloud Techno Functional consultant with a robust 13-year track record. Currently a Principal Consultant at Apps Associates, he specializes in Oracle SCM and Finance modules. Ishan's expertise extends to the Oracle Integration Cloud (OIC) tool, where he excels in architecting and implementing technical solutions. Recognized for his focused communication and analytical abilities, Ishan is a disciplined professional with a proven capacity to manage competing priorities seamlessly while delivering effective solutions in the dynamic realm of Oracle Cloud.