How do I configure Pass-Through authentication?
The pass-through authentication (PTA) option helps track the actual usage of users accessing Knowledge Advanced for B2C Service from Oracle Field Service. When you select PTA as the security policy in Oracle Field Service, Oracle B2C Service acts as an IDP. This security policy uses PTA in Oracle B2C Service to create the contact and provide access to Knowledge Advanced for B2C Service.
Follow these steps:
What to do next
PTA Fields and Values
Name |
Value |
Description |
PTA_ENABLED |
Yes |
Enables the use of PTA login integration. |
PTA_ENCRYPTION_KEYGEN |
3 |
Specifies the type of keygen method to use for PTA encryption. 3 ? RSSL_KEYGEN_NONE |
PTA_ENCRYPTION_METHOD |
aes256 |
Specifies the encryption scheme PTA logins should use. aes256 ? 256 bit AES in CBC mode |
PTA_ENCRYPTION_PADDING |
1 |
Specifies the type of padding method to use for PTA encryption. 1 ? RSSL_PAD_PKCS7 |
PTA_IGNORE_CONTACT_PASSWORD |
Yes |
Specifies whether contact passwords are honored during PTA logins. If enabled, contact passwords are ignored and users can log in through PTA with just a user name. |
PTA_SECRET_KEY |
< User defined value > |
Specifies the secret key used to validate login integration parameters, when encryption is disabled, or to decode the PTA string when encryption is enabled. If encryption is disabled, you must pass this value as a p_li_passwd parameter encoded within the PTA login string. If encryption is enabled, you must not include this value within the PTA string and use only to encrypt the value sent. Requests that send an invalid value are rejected. This key used as the "Secret Key" in the new configuration page of Oracle Knowledge. |
NOTE: As part of the new user authentication process, Oracle B2C Service expects an email address as a required field. Oracle Field Service uses the user email address configured in a custom property selected as "Email for password reset" on the "Display" screen for this purpose. If you haven't enabled this email address, or you've provided an invalid email address, Oracle Field Service generates a dummy email address in the format " <Oracle Field Service_login>@<Oracle Field Service_instance_id >. invalid". If a domain isn't available in the email address field, the application doesn't create a contact. So, make sure that you've configured a valid email id in Oracle Field Service.
Security Policy as a Basic Authentication
This policy supports the existing single user-based access to Knowledge Advanced for B2C Service.
Name |
Value |
Description |
---|---|---|
PTA_ENABLED |
Yes |
Enables the use of PTA login integration. |
PTA_ENCRYPTION_KEYGEN |
Empty value |
Specifies the keygen method used for PTA encryption. |
PTA_ENCRYPTION_METHOD |
Empty value |
Specifies the encryption method you want to use. |
PTA_ENCRYPTION_PADDING |
Empty value |
Specifies the padding method used for PTA encryption. |
PTA_IGNORE_CONTACT_PASSWORD |
No |
Specifies whether contact passwords are honored during PTA logins. If enabled, contact passwords are ignored and users can log in through PTA with just a username. |
PTA_SECRET_KEY |
Empty value |
Specifies the secret key used to validate login integration parameters when encryption is disabled, or to decode the PTA string when encryption is enabled. |
Oracle Field Service - Knowledge Advanced for B2C Service Authentication Workflow
When a user opens Knowledge Advanced for B2C Service pages from Oracle Field Service, Oracle Field Service initiates a request to Oracle B2C Service for authentication.
It validates whether a user that's present in Oracle B2C Service is using the user id.
If a valid user id is present in Oracle B2C Service, the user is authorized to access the Knowledge Advanced for B2C Service pages.
If there's no user present in Oracle B2C Service, Oracle Field Service creates a new contact in Oracle B2C Service with User login, user last name, and email. The user login and user last name are taken from the Oracle Field Service login details. The email is taken from restore password (if email id is defined there) and updated in Oracle B2C Service.
If there's no valid email available in Oracle Field Service, a dummy email is created in Oracle B2C Service with the format, <Oracle Field Service_login>@<Oracle Field Service_instance_id>.invalid. Make sure that you've a valid email id in Oracle Field Service, before you create a new request in Knowledge Advanced for B2C Service, so that the contact in Oracle B2C Service is created with a valid email id.