Connect to Content and Experience Cloud APIs Using Identity Propagation

To connect to Content and Experience Cloud (CECS) using identity propagation, an administrator will need to configure your Visual Builder application in IDCS before you can use the default "Oracle Cloud Account" to connect to CECS in your application.

Content and Experience Cloud and Oracle Visual Builder are not provisioned together, and as a result the service administrator needs to perform the following steps in IDCS to add CECS as a resource of the Visual Builder application. This adds CECS as a resource to a specific application, so the administrator would need to perform these steps again for each new Visual Builder application, as well as for each new version of an application and duplicate of an application that connects to CECS using identity propagation.

  1. In the Configuration tab for the Visual Builder application in IDCS, expand the Client Configuration panel and click Add Scope in the Token Issuance Policy section.
  2. In the Select Scope dialog box, choose the scope corresponding to the CECS instance "/documents" endpoint and save the application. The added scope should now be visible in the Application in the Resources list.

    If other CECS functionality (for example, Social) is required, the corresponding scope will need to be added.

After the administrator has added the resource in IDCS, you can create a connection to CECS with identity propagation. If you don't have access to IDCS, the administrator will need to provide you with the CECS Scope that you need to enter in the Authentication tab.

When creating the service connection, you use the following authentication mechanism for the service connection:

Authentication mechanism Details
OAuth 2.0 User Assertion

To use this option you need to provide the following details:

  • Client Id and Secret. This is blank.
  • Token URL. This is blank.
  • Scope. This the scope added from IDCS corresponding to the CECS instance. This is the full scope, including "/documents".
  • Token Relay checkbox. This can enabled for Direct flows, or disabled for Proxy-based flows. If you choose to use Direct flows, CORS needs to be configured at the CECS REST endpoint definition to add the Visual Builder domain to the list of allowed origins.

To connect to Content and Experience Cloud:

  1. Open Service Connections in the Navigator and click Create Service Connection ( Create Service Connection icon ).
  2. Click Define by Endpoint in the Select Source pane of the Create Service Connection wizard.
  3. Select the HTTP method and type the URL of the endpoint in CECS.
    For example, the URL of your endpoint might be similar to the following: https://<CES_INSTANCE>/documents/api/<VERSION>/folders/{folderId}
  4. In the Authentication tab, select OAuth 2.0 User Assertion as the Authentication Mechanism.
  5. In the Scope field, enter the scope corresponding to the CECS instance that was added in IDCS.
    The Client Id, Secret and Token URL fields are blank.
  6. Optional: Select Token Relay if you are using a Direct (non-Proxy) flow.
    To use a Direct flow, the CECS administrator needs to add the Visual Builder domain to the list of Front Channel CORS Origins in the Security panel of the CECS Settings page.
  7. Test the service connection.
  8. Select "Allow anonymous access" if you want to make the Service Connection accessible to anonymous user of the app.
    If you select "Allow anonymous access", you can supply the allowed set of Fixed Credential authentication methods or by using "Same as authenticated user".