Enterprise Application Integration: July 2022

Monday 4 July 2022

Oracle Fusion - Enable Federated SSO with Oracle Identity Cloud Service (IDCS) as Identity Provider

In this blog , I will explain what all configurations we need to perform to establish a federated SSO between IDCS which will act as IdP and Oracle Fusion - SaaS which will act as Service Provider - SP

Pre - Configurations :

IDCS :

Get the Oracle IDCS - IDP Metadata XML using this link: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata
Save the file - IDP_Metadata.xml
Note: In case if you get an error like Page Not Working then follow the below instructions to enable certificate access.

Login to IDCS admin console.
Go to Settings
Select Default Settings option
Enable - "Access Signing Certificate"
Save the changes.
Now access the metadata URL.

Fusion-SaaS:

Get Service Provider Meta Data.

Use the following URL and download the SP_MetaData.xml
https://login-ics-dev1-saasfaprod1.fa.ocs.oraclecloud.com/fed/sp/metadata

domain_name : ics-dev1

Get Tenant and Domain Names:

Example Fusion URL - https://fa-ics-dev1-saasfaprod1.fa.ocs.oraclecloud.com/fscmUI/
Tenant or POD Name : ics-dev1
Domain Name : saasfaprod1.fa.ocs.oraclecloud.com

Main Configurations:

Fusion-SaaS:

Login to SaaS application using Security Admin User.
Go to Security Console
Select Single Sign-On on left Menu
Click + Create Identity Provider.

Select Edit On Top
Provide following details.

Name : IDCS-IDP
Description : IDCS Identity Provider.
Name Id Format - Unspecified - Select from drop down.
Select Default Identifier Option.
Upload the Meta data file downloaded from IDCS - Refer Above Pre-config steps.
Save and Close

Select Service Provider Tab
Download the Service Provider Signing Certificate.

IDCS Configurations:

Create Fusion Application :

Login to IDCS
Go to Applications
Select Add ( + )
Select App Catalog
Search for Oracle Fusion
Select R13 app

Provide following details to the App -

Name : Fusion ERP SSO App
Description : Fusion ERP SSO App
Select required SaaS Applications
Go to Next Page
Open the SP_Metadata.xml file downloaded as part of pre-config step.
Get EntityId value

entityID="https://login-ics-dev1-saasfaprod1.fa.ocs.oraclecloud.com:443/oam/fed"

Assertion Consumer Value:

<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login-ics-dev1-saasfaprod1.fa.ocs.oraclecloud.com/oam/server/fed/sp/sso" index="1"/>

Upload the signing certificate that was downloaded from Fusion apps during SSO configuration. Refer Above Fusion activity .
Download Signing Certificate and Identity Provider Metadata and save as file and click “Next”
On the Provisioning tab DO NOT Enable Provisioning and click the Finish button to complete the application setup
Activate the application.

TEST and ENABLE SSO :

Login to SaaS application using Security Admin User.
Make sure the user is present in IDCS and updated as Federated. Same User is present in SaaS as well --- Note
Go to Security Console
Select Single Sign-On on left Menu
Select the IDCS-IDP created earlier.

Select Diagnostics and Activation
Select TEST
Select IDCS-IDP and Click Start SSO
It will take you to IDCS login Page.

Provide SSO credentials.
After Successful authentication Status will get updated as Success.
Enable Identity Provider.

OCI - OGW - Oracle Gateway Configurations

Oracle offers multiple API management tools. API Platform Cloud Service and Oracle Native Gateway or OCI Gateway are the prominent ones.

API Platform Cloud Service will be managed by customers. Customer is responsible for managing API security and Infrastructure. Customer needs to provision API PCS and then provision gateway server (Weblogic Server) to deploy all the application API.

API PCS provides a management console to create and manage APIs . API's will be published to gateway servers. Gateway servers will connect and poll the changes and deploy them on to the server.

Following network flow diagram will show how the traffic flow can be configured and how the gateway servers will interact with management servers and backend applications.

API PCS

Oracle offers Gateway - a fully managed service to manage APIs. Here the customer is responsible for creating and managing API definition and security. Underlying infrastructure is managed by Oracle.

As part of OCI gateway configurations, we need to create a gateway and then deployments (API definitions). Gateway will be created on a specific Compartment , VCN and Subnet.

Specific security groups can be added or can be used to control access to the gateway. We can use custom certificates while creating a gateway to enable mTLS connection.

Create a deployment/API

Provide a name. -- xxapi
Provide a path prefix -- ogw
Select create from Scratch Option
Select Authentication Policy to restrict access using JWT or Custom Authentication.

Authentication Token - Header
Header Name - Authorization
Authentication Schema -- Bearer
Issuer - https://identity.oraclecloud.com/
Audience - Add the scopes to be allowed.
Public Keys

In this example , we will use the static key
Static Key

Provide a Key Id
Format - JSON Web Key
Get the Json Webkey from IDCS. Use the following endpoint to get the key - https://idcs-.identity.oraclecloud.com/admin/v1/SigningCert/jwk

Note : Before accessing the key make sure access certificate is enabled in IDCS . Settings -> Default Settings and Toggle ON the Access Signing Certificate

Sample WebKey :

{"format":"JSON_WEB_KEY","kid":"SIGNING_KEY","kty":"RSA","key_ops":["verify"],"alg":"RS256","n":"giU9t2dMPM_c_XXXXXXXXXXXXXXXXXXXXUrfr4iyqz7ULr67uAWiJl5ETjE-FMQIMqRtrtbcnXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXKAPTpQj85ZM_8uzLdqvwr713IbNa0HEJ-Cia4jadNxVSiFNDWP-tUiX-M6yEq9CHL26vngNpDCvJ1-vf9hfwO0TQ","e":"AQAB"}

Remote JWKS : To retrieve the keys at run time.

Create Routes

Provide the incoming path

Sample :

/target/services/default/{contextRoot}/{client_ep*}

Select the methods to be allowed from Source.
Select the backend Type

HTTP
Oracle Function

Incase of HTTP backend provide the backend URL

https:/target_hostname/target/services/default/${request.path[contextRoot]}/${request.path[client_ep]}

Can define multiple routes pointing to multiple target applications.

Save changes.

OCI Command :

oci api-gateway deployment create --compartment-id ocid1.compartment.oc1..id_value --display-name dvpc2s --gateway-id ocid1.apigateway.oc1.eu-frankfurt-1.oci_id --path-prefix /dvpc2s --specification file:////home/VijayaKuma/tlndvpc2s.json

Friday 1 July 2022

Weblogic Maven Deployment

Use the following sample POM template for ADF deployment.

Maven Command for deployment:

Deploy Using SSL/T3S port and custom Keystore.

mvn -Dbuild.properties.file=${property} -Djavax.net.ssl.keyStoreType=JKS -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=CustomTrust -Djavax.net.ssl.trustStore=${trustStoreFile} -Dweblogic.security.CustomTrustKeyStoreType=JKS -Dweblogic.security.CustomTrustKeyStoreFileName=${trustStoreFile} -Dweblogic.security.CustomTrustKeyStorePassPhrase=welcome1 -Djavax.net.ssl.trustStorePassword=welcome1 pre-integration-test

Deploy Using HTTP/T3 port

mvn -Dbuild.properties.file=${property} pre-integration-test

WAR Deployment

<modelVersion>4.0.0</modelVersion>
<groupId>vk.services</groupId>
<artifactId>VKUAssertion</artifactId>
<version>1.0</version>
<description>Super POM for VKUAssertion</description>
<packaging>pom</packaging>
<build>
<resources>
<resource>
<directory>src/</directory>
<includes>
<include>**</include>
</includes>
</resource>
</resources>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>properties-maven-plugin</artifactId>
<version>1.0-alpha-2</version>
<executions>
<execution>
<phase>initialize</phase>
<goals>
<goal>read-project-properties</goal>
</goals>
<configuration>
<files>
<file>${build.properties.file}</file>
</files>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.oracle.adf.plugin</groupId>
<artifactId>ojmake</artifactId>
<configuration>
<ojmake>${oracleHome}/jdeveloper/jdev/bin/ojmake</ojmake>
<files>${basedir}/VKUAssertion.jws</files>
</configuration>
<executions>
<execution>
<phase>compile</phase>
<goals>
<goal>compile</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.oracle.adf.plugin</groupId>
<artifactId>ojdeploy</artifactId>
<configuration>
<ojdeploy>${oracleHome}/jdeveloper/jdev/bin/ojdeploy</ojdeploy>
<workspace>${basedir}/VKUAssertion.jws</workspace>


<project>WebService</project>


<profile>VKUAssertion</profile>
<outputfile>${project.build.directory}/${project.build.finalName}.war</outputfile>
</configuration>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>deploy</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.oracle.weblogic</groupId>
<artifactId>weblogic-maven-plugin</artifactId>
<version>12.2.1-3-0</version>
<executions>
<execution>
<id>wls-deploy</id>
<phase>pre-integration-test</phase>
<goals>
<goal>redeploy</goal>
</goals>
<configuration>
<adminurl>${SERVER_URL}</adminurl>
<user>${USER_NAME}</user>
<password>${PASSWORD}</password>

<source>${project.build.directory}/${project.build.finalName}.war</source>
<targets>${TARGET_SERVER}</targets>
<verbose>true</verbose>
<remote>true</remote>
<upload>true</upload>
<name>${project.build.finalName}</name>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<parent>
<groupId>com.oracle.adf</groupId>
<artifactId>adf-parent</artifactId>
<version>12.2.1-4-0</version>
<relativePath/>
</parent>
<repositories>
<repository>
<name>OracleMaven</name>
<id>maven.oracle.com</id>
<url>https://maven.oracle.com</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<name>OracleMaven</name>
<id>maven.oracle.com</id>
<url>https://maven.oracle.com</url>
</pluginRepository>
</pluginRepositories>
</project>

EAR Deployment:

<?xml version="1.0" encoding="UTF-8" ?>

<groupId>vk.services</groupId>

<artifactId>VKUApplication1</artifactId>

<description>Super POM for VKUApplication1</description>

<build>

</includes>

</resource>

</resources>

<groupId>org.codehaus.mojo</groupId>

<artifactId>properties-maven-plugin</artifactId>

<version>1.0-alpha-2</version>

<phase>initialize</phase>

<goals>

<goal>read-project-properties</goal>

</goals>

<files>

<file>${build.properties.file}</file>

</files>

</configuration>

</execution>

</executions>

</plugin>

<groupId>com.oracle.adf.plugin</groupId>

<artifactId>ojmake</artifactId>

${oracleHome}/jdeveloper/jdev/bin/ojmake

</ojmake>

<files>

${basedir}/VKUApplication1.jws

</files>

</configuration>

<phase>compile</phase>

<goals>

<goal>compile</goal>

</goals>

</execution>

</executions>

</plugin>

<groupId>com.oracle.adf.plugin</groupId>

<artifactId>ojdeploy</artifactId>

${oracleHome}/jdeveloper/jdev/bin/ojdeploy

</ojdeploy>

${basedir}/VKUApplication1.jws

</workspace>

VKUApplication1

</profile>

${project.build.directory}/${project.build.finalName}.ear

</outputfile>

</configuration>

<phase>package</phase>

<goals>

<goal>deploy</goal>

</goals>

</execution>

</executions>

</plugin>

<groupId>com.oracle.weblogic</groupId>

<artifactId>weblogic-maven-plugin</artifactId>

<id>wls-deploy</id>

<phase>pre-integration-test</phase>

<goals>

<goal>redeploy</goal>

</goals>

<adminurl>${SERVER_URL}</adminurl>

<password>${PASSWORD}</password>

<source>${project.build.directory}/${project.build.finalName}.ear</source>

<targets>${TARGET_SERVER}</targets>

<name>${project.build.finalName}</name>

</configuration>

</execution>

</executions>

</plugin>

</plugins>

</build>

<groupId>com.oracle.adf</groupId>

<artifactId>adf-parent</artifactId>

</parent>

<name>OracleMaven</name>

<id>maven.oracle.com</id>

<url>https://maven.oracle.com</url>

</repository>

</repositories>

<name>OracleMaven</name>

<id>maven.oracle.com</id>

<url>https://maven.oracle.com</url>

</pluginRepository>

</pluginRepositories>

</project>

SOACS Maven Deployment

Maven Setup:

First we need to download and install Maven.

Download maven from this site - https://maven.apache.org/download.cgi
Unzip the downloaded file.
Add MAVEN_HOME system variable / Environment Variable

MAVEN_HOME = C:\Vijaya\SW\Maven\apache-maven-3.8.6

Add Maven bin folder to PATH variable.

PATH = C:\Vijaya\SW\Maven\apache-maven-3.8.6/bin

Run mvn --version to check the setup

Update local repository:

We need to set up a local maven repository for deploying applications using maven.

First we need to install SOACS on our local machine. Download the SOA installer jars from Oracle and install it on a local machine.

Update Local Repository with SOA plugins: Follow the below steps to configure a local repository with SOA plugins.

Go to the following Oracle installation path .

cd C:\Oracle\Middleware\Oracle_Home\oracle_common\plugins\maven\com\oracle\maven\oracle-maven-sync\12.2.1

Execute the following maven commands.

mvn install:install-file -Dfile=oracle-maven-sync-12.2.1.jar -DpomFile=oracle-maven-sync-12.2.1.pom

mvn com.oracle.maven:oracle-maven-sync:push -DoracleHome=C:/Oracle/Middleware/Oracle_Home -DoverwriteParent=true

mvn com.oracle.maven:oracle-maven-sync:push -Doracle-maven-sync.oracleHome=C:/Oracle/Middleware/Oracle_Home

mvn com.oracle.maven:oracle-maven-sync:push -Doracle-maven-sync.oracleHome=C:/Oracle/Middleware/Oracle_Home -Doracle-maven-sync.testonly='true'

mvn archetype:crawl -Dcatalog=C:\Users\vijaya\.m2\archetype-catalog.xml

Create a Maven SOA Project and update the POM files.

Use the following POM files as a template.

Application POM:

<groupid>SampleApplicationSOA</groupid>

<artifactid>SampleApplicationSOA</artifactid>

<module>SampleProject1</module>

<module>SampleProject2</module>

</modules>

</project>

Project POM:

<?xml version="1.0" encoding="UTF-8" ?>

<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"

xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<groupId>SampleProject1</groupId>

<artifactId>SampleProject1</artifactId>

<groupId>com.oracle.soa</groupId>

<artifactId>sar-common</artifactId>

</parent>

<scac.input.dir>${project.basedir}/SOA/</scac.input.dir>

<scac.output.dir>${project.basedir}/target</scac.output.dir>

<scac.input>${scac.input.dir}/composite.xml</scac.input>

<scac.output>${scac.output.dir}/out.xml</scac.output>

<scac.error>${scac.output.dir}/error.txt</scac.error>

<scac.displayLevel>1</scac.displayLevel>

<composite.name>${project.artifactId}</composite.name>

<composite.revision>1.0</composite.revision>

<composite.partition>default</composite.partition>

<regenerateRulebase>false</regenerateRulebase>

<keepInstancesOnRedeploy>false</keepInstancesOnRedeploy>

<scatest.result>${scac.output.dir}/testResult</scatest.result>

<input>${project.artifactId}</input>

</properties>

<build>

<groupId>org.codehaus.mojo</groupId>

<artifactId>properties-maven-plugin</artifactId>

<version>1.0-alpha-2</version>

<phase>initialize</phase>

<goals>

<goal>read-project-properties</goal>

</goals>

<files>

<file>${build.properties.file}</file>

</files>

</configuration>

</execution>

</executions>

</plugin>

<groupId>com.google.code.maven-replacer-plugin</groupId>

<artifactId>replacer</artifactId>

<id>replace-schema-file</id>

<phase>prepare-package</phase>

<goals>

<goal>replace</goal>

</goals>

<file> ${scac.input.dir}/wsm-assembly.xml</file>

<token>@@TARGET_SERVER1@@</token>

<value>${TARGET_SERVER1}</value>

</replacement>

<token>@@TARGET_SERVER2@@</token>

<value>${TARGET_SERVER2}</value>

</replacement>

</replacements>

</configuration>

</execution>

</executions>

</plugin>

<groupId>com.oracle.soa.plugin</groupId>

<artifactId>oracle-soa-plugin</artifactId>

<compositeName>${project.artifactId}</compositeName>

<composite>${scac.input}</composite>

<sarLocation>${scac.output.dir}/sca_${project.artifactId}_rev${project.version}.jar</sarLocation>

<serverUrl>${SOACS_HOST_NAME}</serverUrl>

<user>${SOACS_USER_NAME}</user>

<password>${SOACS_PASSWORD}</password>

<compositeRevision>${composite.revision}</compositeRevision>

<revision>${composite.revision}</revision>

<scacInputDir>${scac.input.dir}</scacInputDir>

<appHome>${project.basedir}/..</appHome>

<oracleHome>${ORACLE_HOME}/soa</oracleHome>

<input>${input}</input>

</configuration>

</plugin>

</plugins>

</build>

<name>OracleMaven</name>

<id>maven.oracle.com</id>

<url>https://maven.oracle.com</url>

</repository>

</repositories>

<name>OracleMaven</name>

<id>maven.oracle.com</id>

<url>https://maven.oracle.com</url>

</pluginRepository>

</pluginRepositories>

</project>

Note: If we are using MDS resources (wsdl/xsd) then we need to provide the local mds path details for compilation and packaging.

Use the following adf-config.xml file

<?xml version="1.0" encoding="windows-1252" ?>

<adf-config xmlns="http://xmlns.oracle.com/adf/config" xmlns:adf="http://xmlns.oracle.com/adf/config/properties"

xmlns:sec="http://xmlns.oracle.com/adf/security/config">

<adf:adf-properties-child xmlns="http://xmlns.oracle.com/adf/config/properties">

<adf-property name="adfAppUID" value="XxScmSDTLightAppSOA-8435"/>

</adf:adf-properties-child>

<sec:adf-security-child xmlns="http://xmlns.oracle.com/adf/security/config">

<CredentialStoreContext credentialStoreClass="oracle.adf.share.security.providers.jps.CSFCredentialStore"

credentialStoreLocation="../../src/META-INF/jps-config.xml"/>

</sec:adf-security-child>

<adf-mds-config xmlns="http://xmlns.oracle.com/adf/mds/config">

<mds-config xmlns="http://xmlns.oracle.com/mds/config">

<persistence-config>

<metadata-namespaces>

</metadata-namespaces>

<metadata-store-usages>

<metadata-store-usage id="mstore-usage_2">

<metadata-store class-name="oracle.mds.persistence.stores.file.FileMetadataStore">

</metadata-store>

</metadata-store-usage>

<metadata-store-usage id="mstore-usage_3">

<metadata-store class-name="oracle.mds.persistence.stores.file.FileMetadataStore">

</metadata-store>

</metadata-store-usage>

</metadata-store-usages>

</persistence-config>

</mds-config>

</adf-mds-config>

</adf-config>

${soamds.apps.home} : Pass local MDS path while running Maven command.

${soa.oracle.home} : Pass either local MDS or SOA install directory path where seeded resources are present.

Maven Command to Deploy:

mds_path=$(pwd)/soamp/mds

MIDDLEWARE_HOME_SOA= C:\Oracle\Middleware\Oracle_Home\ (SOA installation path)

mvn -Dbuild.properties.file=${property} -Dsoa.oracle.home=${MIDDLEWARE_HOME_SOA}/soa -Dsoamds.apps.home=${mds_path} pre-integration-test

In case if we have to use an SSL port for the deployment and if we need to use a custom trust store to connect then we can use the following maven command.

mvn -Dbuild.properties.file=${property} -Dsoa.oracle.home=${MIDDLEWARE_HOME_SOA}/soa -Dsoamds.apps.home=${mds_path} -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.trustStore=${trustStoreFile} -Djavax.net.ssl.trustStorePassword=**** -Djavax.net.ssl.keyStore=${trustStoreFile} -Djavax.net.ssl.keyStorePassword=*** pre-integration-test

Enterprise Application Integration

Monday 4 July 2022

Oracle Fusion - Enable Federated SSO with Oracle Identity Cloud Service (IDCS) as Identity Provider

IDCS Configurations:

OCI - OGW - Oracle Gateway Configurations

Friday 1 July 2022

Weblogic Maven Deployment

SOACS Maven Deployment

IDCS - Identity Federation with Azure and Google (SAML IDP & Social IDP)

Report Abuse

Labels