|Oracle8i Application Developer's Guide - XML
Release 3 (8.1.7)
Part Number A86030-01
B2B: How iProcurement Uses XML to Offer Multiple Catalog Products to Users, 14 of 16
When you first log into iProcurement, a random user identification number for the session is generated (a session "ticket"), encrypted with a one-way encryption (has) and stored in Oracle Procurement Server.
When you select a link for an externally hosted catalog, the encrypted session ticket, and URL for the user's authentication is sent. The following example shows the call that the catalog provider may expect:
The catalog provider then makes an HTTP call to the Procurement Server, using SSL, requesting verification of this encrypted ticket at the URL address sent with the user:
This is actually a call to a PL/SQL package stored in the database behind the client site firewall.
The external catalog provider makes a connection to an application server outside the firewall, which authenticates the catalog provider's digital certificate. It then allows the call to be made to the internal application server. Here the encrypted session ticket is verified against a stored version in the table, and the rest of the user information is returned to the catalog provider.
If the session ticket is valid, iProcurement pass your login back. This includes your name, delivery information, company, operating unit, requisition number, and a return URL to the Requisition Server as illustrated below:
<?xml version='1.0'?> <RequisitionUser> <userName>CBLACK</userName> <company>VIOP</company> <operatingUnit>Organization</operatingUnit> <shipTo>Philadelphia</shipTo> <deliverTo>Philadelphia</deliverTo> <reqToken>Req_Token</reqToken> <returnURL>ap411sun.us.oracle.com:5555/FJ_JAVA_SERV/faboujaw/PS/tpn_ redirect</returnURL> </RequisitionUser>