Securing RESTful Web Services with OAuth

Various options exist for implementing the OAuth Server. This service may be provided by Oracle Identity Manager, Oracle Cloud Infrastructure Identity Access Manager, Identity Domains, or by another application. Oracle recommends using Identity Domains and leverage the out-of-the-box integration with Weblogic and Oracle Web Service Manager. The remaining steps in this guide are based on using the recommended approach.

Be aware that the documentation for these systems mention Oracle Identity Cloud Service (IDCS), but Oracle Customer Experience for Utilities no longer uses IDCS. The same setup described in that documentation can be used interchangeably with IDCS or with Identity Domains.

If your implementation uses an Oracle Cloud Infrastructure Identity Access Manager (IAM) Identity Domain as the OAuth server, you should complete the following tasks outlined in Securing RESTful Web Services Using OWSM with IDCS:

• Configure Security Provider with Weblogic Server

• Secure REST Services using OWSM OAuth2 security policies. Attach the Oracle Web Service Manager (OWSM) security policy globally to the REST web services and configure trust.

• Perform OAuth2 configuration. This task can be done at this point in your implementation, or later, as a part of the Verifying Access to Customer to Meter with OAuth, discussed in the Prepare Your Oracle Utilities Environments topic.

See also:

• "Enable OAuth on the Product" in the Oracle Utilities Customer to Meter Security Guide, available in the Oracle Utilities Customer to Meter library.

• Web Services Best Practices for Oracle Utilities Application Framework, available in My Oracle Support Document 2214375.1.