1. Security Guide
  2. Using OAuth with Siebel REST Inbound Web Services

Using OAuth with Siebel REST Inbound Web Services

This topic shows how to configure inbound REST requests using OAuth 2.0.

How to Configure Inbound REST Requests Using OAuth 2.0

You can use OAuth 2.0 protocol in the Siebel REST API to send authentication information to access Siebel resources. In general, the Siebel REST API layer contacts the OAuth server over a secure channel (for example, HTTPS) to validate the access token received or to obtain additional token information. The Siebel application supports only the introspection method of validating incoming access tokens. The following prerequisites are required on the Siebel side before configuring OAuth for authentication. You must install and set up the components, including OAuth components, to suit your own business needs.

  • The Siebel Object Manager must be configured for SSO when OAuth is enabled for authentication. The related security adapter is also required in SSO mode. In SSO mode, when used with a custom security adapter, the specified value is passed as the password parameter to a custom security adapter if the value corresponds to the value of the TrustToken parameter defined for the custom security adapter. For more information about configuring SSO, see Siebel Security Guide.
  • The Siebel REST API layer contacts the OAuth server over a secure channel to validate or get token information. To enable HTTPS, the required certificates from the OAuth server must be installed in the environment where the Siebel REST API is hosted.
Note: Siebel supports only the introspection method when validating incoming tokens. Using the signature method to validate incoming tokens is unavailable. However, if you are using JWT tokens and the signature method is required for validation, then you must do the following:
  • Configure Siebel REST API for SSO. For more information about configuring SSO, see Siebel Security Guide.
  • Configure the OAuth token validation using an API Gateway. This must be done before the request reaches the Siebel application. For more information on Oracle API Gateway, see your supporting documentation.

The following topics discuss the procedure to configure Siebel REST API for OAuth authentication and a sample client to generate token and access Siebel REST API with generated token.

  • Siebel Object Manager setup with SSO
    • Setting Siebel EAI Object Manager For LDAP/SSO
    • Setting Siebel EAI Object Manager For DB/SSO
  • Configuration of OAuth Client And Introspection Client in OAuth Server
    • Configure and register OAuth Client in OAuth Server
    • Configure and register Introspection Client in OAuth Server
  • Configuration of Application Interface (AI) For OAuth Configuration
    • Configuring OAuth As Authentication Type for REST Inbound
  • Client application using Siebel REST with OAuth
    • Generate Token
    • Validate/Introspect the token
    • Access Siebel REST API with the generated Token
Note: Performing these actions will require two system restarts at different points.