Prerequisites for Creating a Connection
Before you set up the Oracle Utilities Adapter:
-
Upload a trusted public certificate (if required). Typically, the certificate is included with Oracle Integration. See Upload a Certificate to Connect with External Services.
-
Make sure the Oracle Utilities server is running and accessible.
-
Know the host name address and port number of the Oracle Utilities server.
-
Know the user name and password used to access the Oracle Utilities server.
-
Gather the required credentials and access token URI if using OAuth.
-
Download the connectivity agent. See Download and Run the Connectivity Agent Installer in Using Integrations in Oracle Integration 3.
-
Upload the required Oracle Identity Cloud Service certificate to the connectivity agent when using the OAuth Client Credentials security policy.
JWT Assertions Outbound Use
- Manually create a signing key for upload on the Certificates page. See
Upload a Certificate to Connect with External Services.
The service provider typically provides instructions on how to generate the signing keys and the format. For an example, see Required Keys and OCIDs.
- Create the JWT header and JWT payload JSON files. You upload both files
on the Connections page when configuring the Oracle Utilities
Adapter to support JWT assertions. For example:
JWT Header JSON File Example JWT Payload JSON File Example { "alg": "RS256", "typ": "JWT", "kid": "assert" }Where:alg: Algorithm. Identifies the specific type of JWT signing algorithm. This is a required header for the JWT assertion. Oracle Identity Cloud Service currently supports RS256.typ: Type. Identifies the type of assertion, which is always JWT.kid: Key identifier. Used to identify the trusted third-party certificate to validate the assertion signature. Thex5torkidclaim must be present in the JWT assertion header
{ "sub": "utilitiesApplicationUser", "jti": "8c7df446-bfae-40be-be09-0ab55c655436", "iat": 1589889699, "exp": 1589909699, "iss": "d702f5b31ee645ecbc49d05983aaee54", "aud": "https://identity.oraclecloud.com/" }Where:- JWT issuer (
iss): A unique identifier for the entity that issued the assertion. This is typically the entity that holds the key material used to sign or integrity-protect the assertion. Examples of issuers are OAuth clients (when assertions are self-issued) and third-party security token services. If the assertion is self-issued, the issuer value is the client identifier (client_id). If the assertion was issued by a security token service (STS), the issuer must identify the STS in a manner recognized by the authorization server. The assertion must contain an issuer. - JWT subject (
sub): The subject typically identifies an authorized accessor for which the access token is being requested (that is, the resource owner or an authorized delegate). In some cases, this may be a pseudo-anonymous identifier or other value denoting an anonymous user. For client assertions, the client ID value must be the Oracle Identity Cloud Service applicationnameattribute. For user assertions, the claim value must be the user name. - JWT audience (
aud): A value that identifies the party or parties to process the assertion. The assertion must contain an audience that identifies the authorization server as the intended audience. The authorization server must reject any assertion that does not contain its own identity as the intended audience (in this case, for Oracle Identity Cloud Service,https://identity.oraclecloud.com/). - Expires at (
exp): The time (UNIX epoch time) at which the JWT assertion expires. This is a required claim for the assertion. - Issued at (
iat): The date when the assertion was issued. - JWT ID (
jti): The JWT ID claim is a unique identifier for the JWT.
Note:
Carefully review the JWT documentation of your service provider and ensure that you follow all required guidelines to correctly create the header and payload files. The content of each file varies from one service provider to another.