1. Securing Applications
  2. Configure Inbound Authentication

Configure Inbound Authentication

Third-party application users can access a service of Oracle Applications Cloud if inbound authentication is configured for them. You can use an Oracle API Authentication Provider to configure inbound authentication for such users.

To configure inbound authentication, you need a public certificate and a trusted issuer which contains the tokens.

Oracle Applications Cloud supports the JSON Web Token (JWT), Security Assertion Markup Language (SAML), and Security Token Service (STS) tokens. Use the Security Console to configure the trusted issuer and public certificate details. The default trusted issuer is Oracle (www.oracle.com) and you can't delete it.

We recommend that you use JWT for inbound authentication for a system account that's created for a specific application. For authentication, JWT uses a combination of a public certificate and trusted issuer whereas a system account's password expires soon based on the security policy. In addition, you must ensure that the system account's credentials are valid.

Note: For more information about how to configure a JWT for inbound authentication, see Configure JWT Authentication Provider in the Related Topics section.

How Inbound Authentication Works

When a third-party application user sends an authentication request to access a service of Oracle Applications Cloud, these actions occur in the background:

  1. The third-party application generates a JWT that includes trusted issuer and public certificate information.

  2. Oracle Web Services Manager authenticates the generated JWT by verifying whether the trusted issuer and public certificate are valid.

  3. On successful authentication, the third-party application gets access to the Oracle Applications Cloud service.

Here's how you configure an Oracle API Authentication Provider for inbound authentication:

  1. On the Security Console, click API Authentication.

  2. Click Create Oracle API Authentication Provider.

  3. On the Oracle API Authentication Provider Details page, click Edit.

  4. On the API Authentication Configuration Details page, enter a name for the Trusted Issuer. Ensure that the name of Trusted Issuer matches the value of ISS in the JWT token.

  5. Select one or more token types that you want to include in the trusted issuer.

  6. Click Save and Close.

  7. On the Oracle API Authentication Provider Details page, click the Inbound API Authentication Public Certificates tab and click Edit. You can use the default Oracle public certificate or add a new one.

  8. On the Inbound API Authentication Public Certificates page, click Add New Certificate to add a different public certificate.

  9. Enter the Certificate Alias name

  10. Click Browse and select the public certificate that you want to import.

    Note: If the public certificate includes a certificate chain then import the complete chain.

  11. Click Save. The newly added certificate alias is displayed on the Inbound API Authentication Public Certificates page.

  12. Click Done to return to the API Authentication page.

Related Topics