Service Integration Account with No Password Expiration in OIC
In most cases, you authenticate your custom Oracle Integrations using Basic Authentication and for this, you create a username/password in the Oracle IDCS and grant a certain role(ServiceUser, ServiceInvoker, etc.)
Oracle Integration provides a Service Integration account in which the password does not expire. The service integration account consists of a generic application role created with specific predefined rules.
You can use this account to install the connectivity agent or authenticate the custom integrations. For the Basic Authentication, we can use generic credentials: the client ID (that ends with _BASICAUTH) and the associated client secret.
Flow to create Service Integration Account
The following image depicts the complete flow to create the Service Integration account:
REST APIs used to create Service Integration applications
For all the APIs, please update the following variables:
- IDCS_HOST
- access_token
- app_name
- OracleIntegration_AppID
- ServiceIntegration_APP_ID
API to create Service Integration application
POST https://{IDCS_HOST}/admin/v1/Apps
Authrorization: Bearer {access_token}
Sample Request:
{
"active":true,
"allUrlSchemesAllowed":false,
"allowAccessControl":false,
"allowedGrants":[
"client_credentials",
"urn:ietf:params:oauth:grant-type:jwt-bearer"
],
"attrRenderingMetadata":[
{
"name":"aliasApps",
"visible":false
}
],
"basedOnTemplate":{
"value":"CustomWebAppTemplateId"
},
"clientType":"confidential",
"displayName":"{app_name}_BASICAUTH",
"editableAttributes":[
{
"name":"allowedGrants"
},
{
"name":"protectableSecondaryAudiences"
},
{
"name":"asOPCService"
},
{
"name":"accessTokenExpiry"
},
{
"name":"linkingCallbackUrl"
},
{
"name":"isOAuthResource"
},
{
"name":"appIcon"
},
{
"name":"clientType"
},
{
"name":"refreshTokenExpiry"
},
{
"name":"trustScope"
},
{
"name":"landingPageUrl"
},
{
"name":"audience"
},
{
"name":"samlServiceProvider"
},
{
"name":"isLoginTarget"
},
{
"name":"redirectUris"
},
{
"name":"allowedScopes"
},
{
"name":"tags"
},
{
"name":"logoutUri"
},
{
"name":"allowedOperations"
},
{
"name":"termsOfUse"
},
{
"name":"serviceParams"
},
{
"name":"certificates"
},
{
"name":"aliasApps"
},
{
"name":"schemas"
},
{
"name":"isWebTierPolicy"
},
{
"name":"trustPolicies"
},
{
"name":"logoutPageUrl"
},
{
"name":"secondaryAudiences"
},
{
"name":"displayName"
},
{
"name":"serviceTypeURN"
},
{
"name":"icon"
},
{
"name":"description"
},
{
"name":"isOAuthClient"
},
{
"name":"allowedTags"
},
{
"name":"showInMyApps"
},
{
"name":"isObligationCapable"
},
{
"name":"isMobileTarget"
},
{
"name":"allowOffline"
},
{
"name":"idpPolicy"
},
{
"name":"appSignonPolicy"
},
{
"name":"postLogoutRedirectUris"
},
{
"name":"isFormFill"
},
{
"name":"loginMechanism"
},
{
"name":"serviceTypeVersion"
},
{
"name":"errorPageUrl"
},
{
"name":"signonPolicy"
},
{
"name":"identityProviders"
},
{
"name":"isSamlServiceProvider"
},
{
"name":"appThumbnail"
},
{
"name":"loginPageUrl"
},
{
"name":"scopes"
},
{
"name":"allowAccessControl"
},
{
"name":"isKerberosRealm"
},
{
"name":"allUrlSchemesAllowed"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:encryptionAlgorithm"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:groupAssertionAttributes"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:includeSigningCertInSignature"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:signResponseOrAssertion"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:assertionConsumerUrl"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:nameIdUserstoreAttribute"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:logoutResponseUrl"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:succinctId"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:logoutRequestUrl"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:partnerProviderId"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:nameIdFormat"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:logoutBinding"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:userAssertionAttributes"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:signatureHashAlgorithm"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:metadata"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:encryptAssertion"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:logoutEnabled"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:encryptionCertificate"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:signingCertificate"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:samlServiceProvider:App:federationProtocol"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:webTierPolicy:App:webTierPolicyJson"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:bundleConfigurationProperties"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:isAuthoritative"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:enableSync"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:adminConsentGranted"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:connected"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:flatFileBundleConfigurationProperties"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:threeLeggedOAuthCredential"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:bundlePoolConfiguration"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:flatFileConnectorBundle"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:revealPasswordOnForm"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:userNameFormTemplate"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:userNameFormExpression"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:formCredentialSharingGroupID"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:formCredMethod"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:syncFromTemplate"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:configuration"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:formFillUrlMatch"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillAppTemplate:AppTemplate:formType"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:masterKey"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:maxRenewableAge"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:maxTicketLife"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:supportedEncryptionSaltTypes"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:realmName"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:ticketFlags"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App:defaultEncryptionSaltType"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:requestable:App:requestable"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:revealPasswordOnForm"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:userNameFormExpression"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:formType"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:formCredMethod"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:configuration"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:formFillUrlMatch"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:formCredentialSharingGroupID"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:formFillApp:App:userNameFormTemplate"
},
{
"name":"urn:ietf:params:scim:schemas:oracle:idcs:extension:dbcs:App:domainApp"
},
{
"name":"active"
},
{
"name":"grantedAppRoles"
},
{
"name":"userRoles"
},
{
"name":"adminRoles"
},
{
"name":"clientSecret"
}
],
"infrastructure":false,
"isAliasApp":false,
"isManagedApp":false,
"isMobileTarget":false,
"isOAuthClient":true,
"isOAuthResource":false,
"isOPCService":false,
"isSamlServiceProvider":false,
"isUnmanagedApp":false,
"isWebTierPolicy":false,
"loginMechanism":"OIDC",
"migrated":false,
"name":{app_name}_BASICAUTH",
"showInMyApps":false,
"trustScope":"Explicit",
"urn:ietf:params:scim:schemas:oracle:idcs:extension:requestable:App":{
"requestable":false
},
"schemas":[
"urn:ietf:params:scim:schemas:oracle:idcs:App",
"urn:ietf:params:scim:schemas:oracle:idcs:extension:requestable:App"
]
}
API to search role
GET https://{IDCS_URL}/admin/v1/AppRoles?attributes=groups,urn:ietf:params:scim:schemas:oracle:idcs:extension:user:User:appRoles&filter=displayName+co+%22ServiceInvoker%22+and+app.value+eq+%22{OracleIntegration_AppID}%22
Authrorization: Bearer {access_token}
Sample Response:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"Resources": [
{
"uniqueName": "5569e9ee9d83434dfdfd3434vdf_ServiceInvoker",
"app": {
"value": "5569e9ee9d81dfdf34343434dfd5e6440bd1b8d4e",
"display": "dev01-axabreabdoi2-hy"
},
"displayName": "ServiceInvoker",
"id": "<OracleIntegration_APP_ROLE_ID>"
}
],
"startIndex": 1,
"itemsPerPage": 50
}
API to grant Service Integration application to Oracle Integration role
POST https://{IDCS_URL}/admin/v1/Grants
Authrorization: Bearer {access_token}
Sample Request:
{
"app": {
"value": "{OracleIntegration_AppID}"
},
"entitlement": {
"attributeName": "appRoles",
"attributeValue": "{OracleIntegration_APP_ROLE_ID}"
},
"grantMechanism": "ADMINISTRATOR_TO_APP",
"grantee": {
"value": "{ServiceIntegration_APP_ID}",
"type": "App"
},
"schemas": ["urn:ietf:params:scim:schemas:oracle:idcs:Grant"]
}
So, these are the APIs that you have to use to create a Service Integration application.
Please watch the following video to know all the steps in detail:
If you liked the article, please like, comment, and share.
Please look at my YouTube channel for Oracle Integration-related videos and don’t forget to subscribe to our channel to get regular updates.
Further Readings
Scheduled parameters to maintain Last Run Date Time in Oracle Integration
How to Customize the Lock Screen in Oracle Visual Builder
Merging two CSV files into a single file in Oracle Integration
ERP Integration using File Based Data Import: Oracle Integration
