1. Administration Guide
  2. Enabling Report Generation and Printing Using Web Communication with OAuth Service

Enabling Report Generation and Printing Using Web Communication with OAuth Service

To generate and print reports using SOAP web service communication with OAuth, create a confidential app in the Oracle Identity Cloud Service.

  1. Sign in to the Oracle Identity Cloud Service.
  2. Navigate to Identity and Security > Domains.
  3. On the Domain page, select Integrated applications. This page is where you'll add an OAuth confidential client application.
  4. Select Add application.
  5. On the next page, select Confidential Application and select Launch workflow.
  6. On the Add Confidential Application page, provide a unique application Name and a Description.
  7. Select Submit. A new confidential application is created. On the new application page, you'll configure OAuth.
  8. Select the OAuth configuration tab.
  9. Select Edit OAuth configuration.
  10. Select the Configure this application as a client now option.
  11. Select the JWT Assertion option.
  12. Generate the certificate from your system using the command:
    openssl req -newkey rsa:4096 -subj "/CN=otm-oac-service" -x509 -sha256 -days 365 -nodes -out "./jwt-signing.crt" -keyout "./jwt-signing.key
  13. Scroll down and import the certificate generated in the prerequisite step above.
    Note:

    For the signing algorithm RS256, the certificate and the key generated using the command above will expire after 365 days. You'll have to regenerate the certificate and the key once they expire.

  14. Add a certificate, Alias.
  15. Select Import Certificate.
  16. Once the certificate is uploaded, Select Import.
  17. Select Submit to complete the OAuth.
  18. Turn on Add Resources.
  19. Select Add scopes.
  20. In Add scope, select the required scope. You can narrow down the search result to the Oracle Analytics Cloud resource that's mapped to the OTM instance by entering a search string consisting of the prefix ANALYTICSINST and part of the OAC Enterprise App Names (you can get this from the OTM application > Settings and Actions > OAC Enterprise App Names). For example, if the OAC Enterprise App Names is <Host Name>_APPID, the search string will be ANALYTICSINST_<Host_Name>.
  21. You can add a Primary audience for the access token of your confidential application. To get it, go to Business Process Automation > Reporting > Oracle Analytics Publisher. Take the part of the URL till .com.
  22. Select Submit.
  23. Keep these details accessible, as you’ll need them when setting up the external system in OTM.
  24. In the Security tab which is in parallel with Integrated applications, check in Trusted partner certificates whether the certificate you imported is present. If not, add it with the same Alias (KID).
  25. In OTM, create an External System using the following values:
    1. User Name: The Oracle Identity Cloud Service user name for Oracle Analytics Cloud.
    2. Authentication Type: OAuth 2.0 - JWT Bearer Token
    3. URL: The Primary audience appended with /xmlpserver/services/v2.
    4. Authorization Service Authentication Type: Private Key JWT
    5. Client Key ID: the Alias used in Oracle Identity Cloud Service
    6. Signing Certificate: the certificate used in Oracle Identity Cloud Service
    7. Scope: the scope added in Oracle Identity Cloud Service
    8. Audience: Oracle Identity Cloud ServiceURL (https://identity.oraclecloud.com/)
  26. In OTM, create a Report System using the Report System Type of “BI Publisher SOAP Web Service with OAuth”.