1. Getting Started Guide
  2. Set Up Authentication

5Set Up Authentication

Create an IDCS Confidential App

The out-of-the-box OTM Order Shipment Status skill uses 3-legged OAuth supported by Oracle Identity Cloud Service (IDCS). Users of the Digital Assistant have to be valid Oracle Transportation and Global Trade Management Cloud users with suitable REST API and Digital Assistant accesses configured using Access Control List in Oracle Transportation and Global Trade Management Cloud. Your IDCS administrator needs to create a confidential app in your Oracle Transportation and Global Trade Management Cloud's IDCS instance to perform user authentication.

In addition to these steps, see the Add a Confidential Application instructions in the Administering Oracle Identity Cloud Service guide.

  1. Log in to IDCS administration console using the credentials provided.
  2. Under Identity domain click Applications.
  3. Click Add application.
  4. Select Confidential Application and click Launch workflow.
  5. Provide a Name and click Next.
  6. Resource Server Configuration.
    1. Select Configure this application as a resource server now.
    2. Provide a value for Access token expiration.
    3. Select the Allow token refresh check box.
    4. Provide a value for the Primary Audience e.g. https://{host-id}/ where {host-id} is the Transportation and Global Trade Management Cloud server. The actual value may depend on whether the target application is REST API - https://{host-id}/logisticsRestApi/ - or XML integration - https://{host-id}/logisticsXmlApi/.
    5. Select Add scopes and click Add.
    6. Enter a unique name for the Scope. This can be any text, this scope name will be selected or used at later steps.
  7. Client configuration
    1. Select Configure this application as a client now and Client Credentials as the Allowed Grant Types.
    2. Select Authorization Code and Refresh Token as Allowed Grant Types.
    3. Provide a value for the Redirect URL. This is the URL where users will be redirected to ODA after authentication/authorization in Oracle Identity Cloud Service. Refer to ODA documentation for coming up with your own Redirect URL.
    4. Turn on Bypass Consent.
    5. Under the Token Issuance Policy section, select the All radio button for the Authorized Resources.
  8. Select Next.
  9. Under Web tier policy select Skip and do later.
  10. Click Finish.
  11. Click Edit OAuth configuration.
  12. Under Client configuration > Token Issuance policy select Add resources.
  13. Click Add scope, select the drop-down against the Confidential application we are created and select the available scope under this application and click Add.
  14. Click Save Changes.
  15. Click Activate and Activate application.
  16. Make a secure note of the Client ID and Client Secret.

Configure the ODA Instance to Point to the IDCS Instance

In this section, your ODA administrator adds the newly created IDCS confidential app to the list of Authentication Services on your ODA instance. Later on you will point your OTM Order Shipment Status skill to this Authentication Service, that way any login to your digital assistant skill will be directed to the right authentication service.

For more details, see the ODA Documentation.

  1. Open your ODA instance.
  2. Under Settings > Authentication Service, create a new authentication service.
  3. In the Grant Type field, select Authorization Code.
  4. In the Identity Provider field, select Oracle Identity Cloud Service.
  5. Enter a Name.
  6. In the Token End Point URL field, enter https://<idcs-service-Instance>/oauth2/v1/token.
  7. In the Authorization End Point URL field, enter https://<idcs-service-instance>/oauth2/v1/authorize.
  8. In the Client ID and Client Secret fields, enter the Client ID and Client Secret that were generated in the previous step from the IDCS Confidential App.
  9. In the Scopes field, enter the scope that was generated in the previous step from the IDCS Confidential App (Client configuration > Token Issuance policy > Resources > Scope).
  10. In the Subject Claim field, enter sub.

Configure the ODA Instance to Point to the OTM Instance

Here, your ODA administrator points your Digital Assistant skill to the corresponding Oracle Transportation and Global Trade Management Cloud instance so that it can query the right source for data.

  1. Open the OTM skill that you pulled from the skill store.
  2. Navigate to Settings.
  3. Navigate to the Configuration tab.
  4. Under Custom Parameters, click on OTMInstance to edit it. Then enter your OTM instance URL.
  5. Under Custom Parameters, click on AuthenticationService to edit it. Enter the new authentication service that you created in the previous section.