OIC: Two Methods to receive Callback/Business Events from ERP – OAuth(New) and CISF Keys(Old)

Check if the Token-Based Authentication Scheme is Now Enabled for Event Integrations

Open in SOAP UI /POSTMan :-
https://<Fusion_Server_host_url>/soa-infra/PublicEvent/subscriptions

The token-based authentication scheme is added in the Oracle ERP Cloud Adapter for business and FBDI event messages originating from Oracle Fusion Applications. For token-based authentication, the EHF-Token must be present in the HTTP headers of the event message. In the absence of the EHF-Token, Oracle Integration checks for the CSF key credentials for authentication. Token-based authentication removes the dependency on the CSF entry in Oracle SOA Composer.

Process to use OAuth Token in OIC to avoid Password Expiry and CSF Key configuration in ERP Adapters:-


Obtain the certificates :-

Do GET from POSTMAN :<OIC_IDCS_URL>/admin/v1/SigningCert/jwk
From the response Copy the 2 certs to to separate files.
Each File should look like this :-
—–BEGIN CERTIFICATE—–
<The decrypted Key>
—–END CERTIFICATE—–
Load them in FA:-
1. Go to Fusion Application > Tools > Security Console > API Authentication >
2. Now Create API Authentication Provider
Param Values :-
Trusted User :- https://identity.oraclecloud.com
Select Token Type :- JWT/SAML/STS
3. Import Certificate.

Go to IDCS and create a Resource Application :-
1. Go to Applications > Create > Confidential Application >
Give Name Relevant to Fusion Application

Client SettingsSelect Skip For Later
Resources Settings1. Configure this application as a client Server now.
2. Check Refresh token allowed
3. In Primary Audience : Give Fusion Server URL:443
4. Add Scope :- Scope :- / Description :- All Check Requires Consent
Click Add.
WebTier Policy Settings Select Skip for Later
Authorization Select Skip and Finish

If the IDCS is same with which OIC and ERP fusion is using Create a local user in IDCS. The user name should be same like we use in logging in to the Fusion Application. Associate Service Developer role to this user. ***

Create an IDCS Client App in IDCS***

Go to Applications > Create > Confidential Application >

Client SettingsConfigure this application as a client now.
Check Refresh token , Authorization code.
Put redirect url :- :443/icapis/agent/oauth/callback
Add scope :- Select the app created under SECTION 1
Resources SettingsSkip for Later
WebTier Policy SettingsSkip for Later
AuthorizationCopy the Client ID and Secret

Finish and Activate the app***

Configure ERP Adapter in OIC

OIC using different IDCS than ERPOIC using Same IDCS as ERP
Login using your normal OIC User which you use daily to develop.***Login using the OIC User for which the name is similar to the fusion user.

ERP Adapter Settings:-

Security PolicyOAuth Authorization Code Credentials
Client IdEnter the one you copied after creating the client IDCS application.
Client KeyEnter the one you copied after creating the client IDCS application.
Auth code URI<IDCS URI>/oauth2/v1/authorize
Access token URI <IDCS URI>/oauth2/v1/token
Scope<Fusion Server:443>/<ONE SPACE> offline_access (Needed for refresh tokens)

Now Provide Consent

For Different IDCS, Followed by the POPUP a new page will appear where we need to enter Fusion User and Password and then the authorization page will appear.For Same IDCS we have already logged in using the newly created user so we will be directly pushed to the authorization page.

Now we need to Test and Validate and Save the erp connection.

Refer:-
https://www.ateam-oracle.com/trigger-oic-integration-using-oauth
https://www.ateam-oracle.com/trigger-oic-integration-using-oauth-client-credentials
https://www.youtube.com/watch?v=HY1rVixlcPo

To Receive Callback using CISF Keys:-

For this method there are already lot of blogs available.
For Older Method :- Use CSF (Credential Store Framework) Key
Go to :- https://acme.fa.us6.oraclecloud.com/soa/composer
csfkey:-
Key Name :- <identity_domain><service_instance>
User Name:- OIC User Name
Password:- OIC Password

ERP user (The one used in connection ) should have :-
Integration Specialist Role
Attachments User Role (To Read/Write from UCM)
Manage Webservice Catalog(FND_MANAGE_CATALOG_SERVICE_PRIV) –
This is done in Tools > Security Consoles of the ERP Fusion Cloud

Also,
To receive Callbacks from the ERP within OIC environment, the cloud certificates must be imported in OIC to authenticate SAML assertion from Oracle ERP cloud. The ERP cloud certificates can be retrieved from Catalog Service WSDL as follows:

Acquire ERP Cloud certificates

R12 URL: https://hostname:port/fndAppCoreServices/ServiceCatalogService?WSDL
R13 URL: https://hostname:port/fscmService/ServiceCatalogService?WSDL
Total 4 Certificates we will receive from here which needs to be uploaded in OIC:-

Links:-
https://www.techsupper.com/2020/03/subscribe-oracle-erp-business-events-in-oracle-integration.html
https://www.ateam-oracle.com/using-business-events-with-integration-cloud-part-1
https://www.ateam-oracle.com/using-business-events-with-integration-cloud-part-2
http://niallcblogs.blogspot.com/2019/03/692-687-oic-subscribing-to-fusion-erp.html

Thanks for Reading. Kindly Subscribe the blog for more updates.


One thought on “OIC: Two Methods to receive Callback/Business Events from ERP – OAuth(New) and CISF Keys(Old)

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.