1. Security Guide
  2. Authentication

Authentication

Interactive End User Authentication

All interactive end user authentication is done through an Oracle Cloud Identity Management service. A valid user record is required in both the Oracle Cloud Identity Management cloud service and the Oracle Transportation Management service. If Federated Single Sign-On is also configured, a valid user record must exist in the external Identity Provider.

Single Sign-On Authentication

See the User Provisioning section of the Oracle Transportation and Global Trade Management Cloud Getting Started Guide.

Staying Logged into the Service: End User Session Timeout

The Oracle Transportation and Global Trade Management Cloud service has http session timeouts of 8 hours for invalidating inactive user sessions.

This means that any user after 8 hours must re-authenticate when the session gets timed out, and then they try to use a service resource.

The Oracle Cloud Identity Management cloud service also has a Session Settings capability where the Session Duration is also configured to be 8 hours by default.

Integration User Authentication

The service has numerous mechanisms for inbound data integrations. These include Web Services, REST, and basic HTTP requests. These integration mechanisms vary on which underlying authentication mechanisms are required or supported.

Web Service

There are inbound web services capabilities for the Oracle Transportation and Global Trade Management Cloud service. Please see the Oracle Transportation and Global Trade Management Cloud Integration Guide for more details on the configuring web service capabilities.

The web service capabilities adhere to the Web Service Security Specification. This specification is an OASIS standard for defining security related information as part of a SOAP message. See http://www.oasis-open.org/. The Username Token Profile is, as the name suggests, a standard way of specifying user credentials i.e. username and password. For inbound web services capabilities, user credentials must be specified in a Username Token when calling Oracle Transportation Management web services and must be transported using HTTPS.

The WS-Security token is passed in the SOAP envelope header. Following is an example of a username token with plain text.

<?xml version=”1.0” encoding=”UTF-8”?>
<env:Envelope xmlns:env=”http://schemas.xmlsoap.org/soap/envelope/”>
   <env:Header xmlns:env=”http://schemas.xmlsoap.org/soap/envelope/”>
      <wsse:Security xmlns=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd”>
         <wsse:UsernameToken>
            <wsse:Username>[you username]</wsse:Username>
            <wsse:Password Type=”#PasswordText”>[your password]</wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
   </env:Header>
   <env:Body>
   ...etc..
   </env:Body>
</env:Envelope>””””””””””

REST

The Oracle Transportation and Global Trade Management Cloud service has the ability to receive data integrations utilizing REST requests. The URLs used do differ depending on the type of authentication being used. See the Oracle REST API for Transportation and Global Trade Management Cloud and the Oracle Transportation and Global Trade Management Cloud Integration Guide for more details on this capability. Oracle Transportation and Global Trade Management Cloud supports the following authentication options:

  • Single Sign-On: Any attempt to use an Oracle Transportation and Global Trade Management service REST /logisticsRestApi/resources URI end point will use Single Sign-On Authentication.
  • HTTP Basic Authentication: Any attempt to use an Oracle Transportation and Global Trade Management service REST /logisticsRestApi/resources-int URI end point will require a HTTP basic authentication authorization header.
  • OAuth2 Authentication: Using Oracle Transportation and Global Trade Management service REST /logisticsRestApi/resources URI end points with OAuth2.

HTTP Request with Integration URLs

The Oracle Transportation and Global Trade Management service has the ability to receive data integrations utilizing different HTTP URL requests. Please note that these URLs do differ depending on your cloud deployment generation and the type of authentication being used.

For more specific information about the usage and details about this please refer to the Oracle Transportation and Global Trade Management Cloud Integration Guide.

HTTP Basic Authentication is supported for the following Integration URLs.

URLs Used for External Inbound Integration

Relative URL Description
/GC3/glog.integration.servlet.WMServlet WMServlet is the default URL to be used when sending the Transmission or Message XML.
/GC3/glog.integration.servlet.TransformerServlet TransformerServlet is used to apply an XSL transformation to an XML to convert it into a valid Transmission XML. Refer to the Transform Inbound XML with XSL section in the Oracle Transportation and Global Trade Management Cloud Integration Guide for additional details.
/GC3/glog.integration.servlet.DirLoadServlet DirLoad provides a faster option for loading data into the service by bypassing the application server. Refer to the DirLoad Section of the Oracle Transportation and Global Trade Management Cloud Integration Guide for additional details.
/GC3/glog.integration.servlet.DBXMLServlet Provides the ability to export and import DB XML data.
/GC3/gtm.integration.itm.servlet.ITMIntegrationServlet Receives XML from Oracle Enterprise Business Suite in its format, and converts these into proper Global Transportation Management format using XSL configured for processing.
/GC3/gtm.integration.aes.servlet.AESFilingResponseServlet Global Transportation Management files EDI report to Customs via Descartes (External vendor). In return, Customs processes the EDI and prepare an EDI response which is send to this servlet by Descartes. This servlet converts the EDI to proper XML format for processing.
/GC3/glog.integration.servlet.ExternalSystemServlet Provides testing ability to see data sent to an external system.
/GC3/glog.integration.servlet.BatchCSVUtilServlet Used for exporting CSV data to a remote host.

OAuth2 Authentication is supported for the following Integration URLs when your deployment is in Gen 2.

URLs for External Inbound Integration using OAuth2

Relative URL Description
logisticsXmlApi/Transmission Transmission should be used when sending a Transmission XML.
logisticsXmlApi/DeviceMessage DeviceMessage should be used when sending a Device Message XML. Refer to the Mobile Device Communications Chapter of the Oracle Transportation and Global Trade Management Cloud Integration Guide for additional details.
logisticsXmlApi/Transformer Transformer is used to apply an XSL transformation to an XML to convert it into a valid Transmission XML. Refer to the Transform Inbound XML with XSL section in the Oracle Transportation and Global Trade Management Cloud Integration Guide for additional details.
logisticsXmlApi/DirLoad DirLoad provides a faster option for loading data into the service by bypassing the application server. Refer to the DirLoad Section of the Oracle Transportation and Global Trade Management Cloud Integration Guide for additional details.
logisticsXmlApi/DBXMLServlet Provides the ability to export and import DB XML data.
logisticsXmlApi/ITMIntegration Receives XML from Oracle Enterprise Business Suite in its format, and converts these into proper Global Transportation Management format using XSL configured.
logisticsXmlApi/AESFilingResponse Global Transportation Management files EDI report to Customs via Descartes (External vendor). In return, Customs processes the EDI and prepare an EDI response which is send to this servlet by Descartes. This servlet converts the EDI to proper XML format for processing.