Implementation Guide for Oracle Self-Service E-Billing > Customizing User Management >

Using Impersonation with a Customer Service Application External to Oracle Self-Service E-Billing

This topic describes how to impersonate a Billing and Payment application user from a customer service application external to Oracle Self-Service E-Billing.

This procedure enables an external service application impersonate an E-Billing Oracle Self-Service E-Billing user directly, even though the external customer service representative users are not replicated in Oracle Self-Service E-Billing.

For an external user to impersonate an Oracle Self-Service E-Billing user, an impersonation token must be passed in the impersonation URL. The impersonation token is different from normal authentication token. Each generated token can only be used once in an HTTP request. If impersonation HTTP request need to be issued more than once, the new RS token request need to be issued as well.

To get the authenticated token, at least one Oracle Self-Service E-Billing customer service representative user must be enrolled, which can be used as a trusted user to access Oracle Self-Service E-Billing.

To impersonate a Billing and Payment application user from a customer service representative application external to Oracle Self-Service E-Billing

1. Verify that the following installation and setup activities are complete:
   • Oracle Self-Service E-Billing is installed and the following applications are deployed and connect with single Oracle Self-Service E-Billing database:
     • Billing and Payment
     • Customer Service Representative
     • Web Services
   • At least one customer service representative user is enrolled in Oracle Self-Service E-Billing, to be used as the trusted user. The Customer Service Representative application no longer needs to be running once the trusted user is created.

     If you use a single sign-on (SSO) system for authentication, the trusted user can be created in the SSO system with a customer service representative role.

2. Use the trusted customer service representative user to receive the authenticated impersonation token. The external customer service representative application must invoke the following resource:

   POST /rs/authentication/impersonation?csr_id=externalCSRId& target_user_id=ebillingUserId

   where:

• csr_id is the ID of the user in the external customer service application. This user does not exist in Oracle Self-Service E-Billing.
• Target_user_id is the ID of the Oracle Self-Service E-Billing user who is being impersonated.

  Use the following payload XML input with the resource:

<credential>

<username>trustedUserName</username>

<password>trustedUserPwd</password>

</credential>

Replace the following values in the XML file:

• username. The trusted user name in the Oracle Self-Service E-Billing Customer Service Representative application.
• password. The trusted user password in the Oracle Self-Service E-Billing Customer Service Representative application.

  If Oracle Self-Service E-Billing authenticates the user successfully, then it returns an impersonation token, for example:

<token> gI59AFXTa0p6XFgvMzPNOGMMNhYOhKKbcjGN0K8es6fYM5Po</token>

3. Generate the following HTTP request from the external customer service application to the Oracle Self-Service E-Billing server to create a authenticated Web browser session for impersonation

   https://$Hostname:$SSL_Port/$Application/impersonate?csrid=$CSR_UserID&userid=$User_ID&token=$Impersonation_Token

   where:

   • hostname is the name of the server where you installed the Billing and Payment application.
   • SSL_port is the port number where you installed the Billing and Payment application.
   • Application is the name of the Billing and Payment application.
   • CSR_UserID is the user ID of the CSR performing the impersonation.
   • Impersonation_Token is the impersonate token for this impersonate session.

About Impersonation Auditing

Oracle Self-Service E-Billing audits impersonation actions and regular billing-related activities that are performed during impersonation sessions in the EDX_UMF_USER_AUDIT database table.

The EDX_UMF_USER_AUDIT table includes the following information for impersonation activity:

• USER_ID. The ID of the user or customer service representative user who performed the action or had actions performed on his behalf by the user identified in the IMP_CSR_ID field during an impersonation session.
• TARGET_USER_ID. The ID of the user whose information was processed by another user during impersonation.
• IMP_CSR_ID. Indicates that the action was performed during an impersonation session and identifies the CSR user who impersonated the user identified in the USER_ID field. The IMP_CSR_ID field can be an ID from an external customer service application.
• TRUST_USER. The name of the trust user who has a customer service representative role and is required to get authentication for access to Oracle Self-Service E-Billing, if the impersonation session is initiated by an external customer service system and the external user does not exist in Oracle Self-Service E-Billing.

Table 5 shows sample data for various types of impersonation actions that Oracle Self-Service E-Billing audits