B2B: How iProcurement Uses XML to Offer Multiple Catalog Products to Users, 14 of 16

B2B: How iProcurement Uses XML to Offer Multiple Catalog Products to Users, 14 of 16

User Authentication

When you first log into iProcurement, a random user identification number for the session is generated (a session "ticket"), encrypted with a one-way encryption (has) and stored in Oracle Procurement Server.

When you select a link for an externally hosted catalog, the encrypted session ticket, and URL for the user's authentication is sent. The following example shows the call that the catalog provider may expect:

https://www.extsupplier.com?url=oas.us.oracle.com/wr41102/plsql/icx_ext_
supplier.authenticate_user&ticket=128019274

where:

www.extsupplier.com is the URL provided by the external catalog
ias.us.oracle.com/wr41102/plsql/icx_ext_supplier.authenticate_user is the return customer URL (ias.us.oracle.com is the URL for the application server located outside the firewall)

The catalog provider then makes an HTTP call to the Procurement Server, using SSL, requesting verification of this encrypted ticket at the URL address sent with the user:

https://ias.us.oracle.com/wr41102/plsql/icx_ext_supplier.authenticate_
user?ticket=128019274

This is actually a call to a PL/SQL package stored in the database behind the client site firewall.

The external catalog provider makes a connection to an application server outside the firewall, which authenticates the catalog provider's digital certificate. It then allows the call to be made to the internal application server. Here the encrypted session ticket is verified against a stored version in the table, and the rest of the user information is returned to the catalog provider.

iProcurement XML Example 12: Valid Session XML Document

If the session ticket is valid, iProcurement pass your login back. This includes your name, delivery information, company, operating unit, requisition number, and a return URL to the Requisition Server as illustrated below:

<?xml version='1.0'?>
  <RequisitionUser>
   <userName>CBLACK</userName>
   <company>VIOP</company>
   <operatingUnit>Organization</operatingUnit>
   <shipTo>Philadelphia</shipTo>
   <deliverTo>Philadelphia</deliverTo>
   <reqToken>Req_Token</reqToken>
   <returnURL>ap411sun.us.oracle.com:5555/FJ_JAVA_SERV/faboujaw/PS/tpn_
redirect</returnURL>
  </RequisitionUser>