This section will provide an overview of various integration patterns within the context of security implementation and requirements for third-party applications. Each of the integration patterns illustrated comprises a client, service provider, and an applicable security integration pattern. Details of integration design, such as scenarios involving on-premise applications and their integration with the Cloud, are outside the scope of this section.
Integration of a third-party application results in an application's interaction or a transaction between that application and an Oracle Cloud service. In such an interaction, a client is the initiator of that transaction, where the client consumes either data or a service. The client can be a third-party cloud-based application running in the third party's cloud environment and accessing an Oracle Cloud service, or vice versa. In this context, a client can also be a script (Java script) rendered to a user's browser by the third-party cloud application, and invoking either the third-party cloud application itself or an Oracle Cloud service.
A service provider is typically the REST or SOAP endpoint or web-based application endpoint that is accessed by a client.
Integration of third-party cloud applications fundamentally involves one or both of the following high-level building blocks:
Web service integration between two applications -- a client application and a web service. Oracle Sales Cloud as well as a third-party cloud application can both play either or both of those roles, depending on the type of third-party cloud application you are implementing.
User interface integration (usually a user interface mashup) to provide an integrated and seamless experience for a user.
An integration solution for a third-party cloud application involves both web service and user interface integration. While there are many technical options available to achieve these integrations, Oracle recommends and supports a common set of integration patterns for Oracle Sales Cloud. This set takes factors such as interoperability, security, and usability into account. When implementing a solution for your cloud application, you will likely employ a one or more integration patterns from this common set.
The following table provides a summary of the security considerations relevant to certain integration patterns.
|Integration Pattern||Security Considerations|
|A third-party cloud application acts as a client and accesses Oracle Sales Cloud web services (most common pattern).||
|An Oracle Cloud service acts as a client and accesses a third-party cloud application web service.||
|iFrame user interface mashup with a user token:
A Fusion Applications cloud service page embeds a third-party application cloud application page in an iFrame. An Oracle Cloud service propagates a JWT user token as a URL parameter.
|Web single sign-on/identity federation with Fusion Applications acting as a SAML identity provider and a third-party cloud application environment acting as a SAML service provider.||