Implementation Guide for Oracle Self-Service E-Billing > Customizing the Customer Service Representative Application >

Using Impersonation with a Customer Service Application External to Oracle Self-Service E-Billing

Customer service representatives can impersonate a Billing and Payment application user directly from a customer service application external to Oracle Self-Service E-Billing, even though the external customer service representative users are not replicated in Oracle Self-Service E-Billing.

For an external user to impersonate an Oracle Self-Service E-Billing user, an impersonation token is used as follows:

• An impersonation token must be passed in the impersonation URL.
• The impersonation token is different from an authentication token.
• To get the authenticated token, at least one Oracle Self-Service E-Billing customer service representative user must be enrolled, which can be used as a trusted user to access Oracle Self-Service E-Billing.
• Each generated token can be used only once in an HTTP request. If an impersonation HTTP request must be issued more than once, then the new RS token request must be issued as well.

To impersonate a Billing and Payment application user from an external customer service representative application

1. Verify that the following installation and setup activities are complete:
   • Oracle Self-Service E-Billing is installed and the following applications are deployed and connect with single Oracle Self-Service E-Billing database:
     • Billing and Payment
     • Customer Service Representative
     • Web Services
   • At least one customer service representative user is enrolled in Oracle Self-Service E-Billing, to be used as the trusted user. The Customer Service Representative application no longer needs to be running once the trusted user is created.

     If you use a single sign-on (SSO) system for authentication, then the trusted user can be created in the SSO system with a customer service representative role.

2. Use the trusted customer service representative user to receive the authenticated impersonation token. The external customer service representative application must invoke the following resource:

   POST /rs/authentication/impersonation?csr_id=externalCSRId&target_user_id=ebillingUserId

   where:

• csr_id is the ID of the user in the external customer service application. This user does not exist in Oracle Self-Service E-Billing.
• Target_user_id is the ID of the Oracle Self-Service E-Billing user who is being impersonated.

  Use the following payload XML input with the resource:

<credential>

<username>trustedUserName</username>

<password>trustedUserPwd</password>

</credential>

Replace the following values in the XML file:

• username. The trusted user name in the Oracle Self-Service E-Billing Customer Service Representative application.
• password. The trusted user password in the Oracle Self-Service E-Billing Customer Service Representative application.

  If Oracle Self-Service E-Billing authenticates the user successfully, then it returns an impersonation token, for example:

<token>gI59AFXTa0p6XFgvMzPNOGMMNhYOhKKbcjGN0K8es6fYM5Po</token>

3. Generate the following HTTP request from the external customer service application to the Oracle Self-Service E-Billing server to create a authenticated Web browser session for impersonation

   https://$Hostname:$SSL_Port/$Application/impersonate?csrid=$CSR_UserID&userid=$User_ID&token=$Impersonation_Token

   where:

   • hostname is the name of the server where you installed the Billing and Payment application.
   • SSL_port is the port number where you installed the Billing and Payment application.
   • Application is the name of the Billing and Payment application.
   • CSR_UserID is the user ID of the CSR performing the impersonation.
   • Impersonation_Token is the impersonate token for this impersonate session.