Search This Blog

Friday, May 19, 2023

Oracle FA - Credential Store Framework (CSF) Key Registration with Oracle Integration Cloud for Business Events

The purpose of this entry is to provide information regarding registering CSF keys and configuring connectivity between the Fusion based ERP application and Oracle OIC!

As discussed in prior entries, Cloud ERP provides business events which can be subscribed to by Oracle Integration. To enable the trust between OIC and ERP, in a FA-based SaaS instance, the outbound call of a webservice uses a OWSM security policy which retrieves the credentials for the call from a CSF Key.

Credential Store Framework (CSF) keys are credentials that use basic authentication (username and password) to certify the access of users and system components. Once the registration process is completed then the CSF keys will help to trigger the business events and call-backs from ERP to OIC, and after catching the event in OIC, we can apply our business logic and perform any other action, such as calling an external API, sending an email, writing the output to a database, and more.

For this to work we must create a local IDCS account with admin privileges in OIC, and use that ID in the CSF key configuration. We must note that Oracle now also has a token based alternative, but that will be covered in another entry.

To generate the CSF key, follow the below steps:

a. Login into the OIC instance with the user credentials and navigate to the Integration home page.

b. Click on the username from the top right corner of the OIC page and select About.

c. The CSF Key will be generated by appending the identity domain and OIC admin. The format for the csf key generation is mentioned in the below table.


Format: <Identity Domain><Service Instance>

Now, follow the step by step process to configure CSF key:

a. Navigate to Oracle ERP SOA Composer to configure CSF key from the below mentioned url.

b. SOA Composer URL - https://<erphostname>/soa/composer

c. Login to the cloud application with your Oracle Cloud ERP user credentials

Note that you will need the following two roles, to perform the following actions:

SOA_OPERATOR_ROLE_JOB
SOA_DESIGNER_ROLE_JOB

d. Once the login is successful then click on the Manage Security from the right side of the page. Then click on the Manage Security and another popup will be open to provide the Manage Credentials details. Please refer to the below table to provide the Manage Credentials details.

Once the details are provided then click on the Register button to complete configuring the CSF KEY.

#

Element

Description

value

1

csf-key

Specify the csf key as extracted from the section before.

<Identity Domain><Service Instance>

2

User Name

Enter the OIC admin user name

Local account we talked about earlier.

3

Password

 

Enter the password for accessing OIC application

<PASSWORD>

4

Confirm Password

Renter the same password for second time

<PASSWORD>


Now it's time to verify the configuration has been done successfully.

Once the CSF Key configuration is completed then the CSF Key verification should be done.

a. Access the below mentioned FA Cloud instance by executing the following URL in a browser.

NOTE – Access the Event Subscription URL from IE, Firefox or Edge Browsers. Do not use Google Chrome browser
 
b. Event Subscription URL – https://<erphostname>/ soa-infra/PublicEvent/subscriptions

If the event subscription url doesn’t work from the browser, then use the same URL in Postman to test it.

In the basic authentication section in Postman, pass the credentials for the local user and run the endpoint.

With this, OIC will now be able to listen to business events from ERP. One additional point to note, if you ever change the password for the account used for this setup, this trust will be broken. Also, rather than using the "update" option when changing the password and following these steps, you have to "register" again, because the changes won't take effect due to caching.


No comments:

Post a Comment