HMAC Signature Validation
To support validation of HMAC-based digital signatures of incoming requests for invoking Oracle Integration flows, use the HMAC_SIGNATURE_VALIDATION
managed security policy. You can customize the security policy as needed for a connection definition.
Overview
The HMAC policy validates the HMAC signature(s) part of incoming requests. The security policy validates signatures sent by an HTTP Client based on HMAC validation function (JQ) defined in the policy.
This security policy asserts the client ID value that is provided in clientIdentifier
and checks that the clientID is associated with a ServiceInvoker role.
To add the HMAC Signature Validation policy to your document, use the available authentication scheme template. See Implement a New Connection Definition.
Note:
You can use the policy to verify multiple signatures in a single request.Security Properties
A connection definition that uses this
security policy defines the following properties in the
securityProperties
section. See Connection Properties and Sample Code.
The values in the name
,
displayName
,
shortDescription
, and
description
columns list the default values
that appear when you insert a security policy into an adapter
definition document. You can update these values if needed.
name | displayName | shortDescription | description | Data type | Required | Recommendation |
---|---|---|---|---|---|---|
|
|
|
|
String |
Yes |
|
|
|
|
|
String |
Yes |
|
|
|
|
|
Password |
Yes |
"hidden":false |
|
|
|
|
CHOICE |
Yes |
"hidden":true |
|
|
|
|
String |
No |
|
|
|
|
|
String |
Yes |
|
Sample Code: Digital Signature Validation (HMAC)
"securityPolicies": [
{
"type": "managed",
"policy": "HMAC_SIGNATURE_VALIDATION",
"description": "Validates HMAC Signature",
"displayName": "HMAC SIGNATURE VALIDATION",
"scope": "TRIGGER",
"securityProperties": [
{
"name": "signature",
"hidden": true,
"required": true,
"default": "${connectivity::hexDecode(.request.headers.digest)}"
},
{
"name": "signatureString",
"displayName": "Request Signature Location",
"hidden": true,
"required": true,
"default": "${.request.body}"
},
{
"name": "signatureAlgorithm",
"displayName": "Request Signature Location",
"hidden": true,
"required": true,
"default": "HMACSHA256"
},
{
"name": "secret",
"displayName": "Shared Secret",
"hidden": false,
"required": true
},
{
"name": "timestampValidator",
"displayName": "Timestamp Validation",
"hidden": true,
"required": true,
"default": ""
},
]
}
]