URL Patterns
Overview
To align, simplify and standardize the URL structures for the Oracle Health Insurance Cloud Service (OHI CS), the following changes have been implemented.
-
A single hostname for each OHI CS environment.
This enables users to deploy additional application deployments on the same environment and make it accessible through a separate context root. Also, this brings more clarity when references are made in the service requests, as the hostname always points to the shared environment. To access the OHI IPs, users don’t need any separate API hostnames. -
Reorganization of IDCS Oracle Cloud Services applications.
These applications are required to configure OAuth2 clients, as they represent resources of OHI CS environments. To configure an IDP policy with direct logins to cloud service via a federated IDP, users can use a single IDCS Oracle Cloud Services application for each environment.
New API scopes are available for each additional application deployment. There is a single API scope for all the OHI API access, instead of a separate API scope for each OHI component. But, authorization is still managed with the OHI Access Roles of each component for the client. -
Landing Page for each environment.
The landing page provides an overview of the application deployments with their URLs (JET UI, ADF UI, API) and current versions.
Impact
The URLs for every environment and application deployment have been updated.
The updated API URL pattern:
https://<environment-host>/<application-deployment-name>/<component-name>/api
For example, an environment called dev having an additional application deployment called dev3 with Oracle Insurance Gateway deployed.
Old API URL pattern:
https://<dev3-application-deployment-api-host>/oig-api
New API URL pattern:
https://<dev-environment-host>/dev3/oig/api
So, application users are required to do the following changes at their end:
-
Update bookmarks and external clients.
-
Update existing OAuth client registrations in IDCS with the new API scope.
-
When retrieving a token, request the new API scope defined in the client registration for existing OAuth clients.
For example,
Old OAuth2 scope:
https://<dev3-application-deployment-api-host>/urn::oig-api
New OAuth2 scope:
https://<dev-environment-host>/dev3/urn::ohi-components-apis
The above change applies to external clients consuming OHI, as well as built-in OHI clients connecting to other components. For example, the data replication clients.
Starting from OHI release 3.22.2, OAuth2 is the only supported authentication method for production environments and for all other environments. |
Updated URLs
OHI Components
-
Host name
The hostname has the following changes:-
The component name is no longer part of the host name.
-
The name of the application deployment, for example dev, dev2 is no longer part of the hostname. Only the environment name is part of the hostname.
-
-
Context roots
The context roots has following changes.-
The application deployment is added in front, for example, /dev, /dev2/, /cmas.
-
The JET UI is at /<application-deployment>/<application> /ui.
-
The ADF UI is at /<application-deployment>/<application> /adf.
-
The OAuth API is at /<application-deployment>/<application> /api.
-
The following table summarizes the URL changes with examples.
In the examples below, there is a non-production environment called dev, with a main application deployment called dev, and an additional application deployment called dev2.
Environment |
Application Deployment |
OHI Component |
Before |
After |
dev |
main application deployment |
claims |
cust-dev-ohi-cla.oracleindustry.com/claims |
cust-dev-ohi.oracleindustry.com/dev/claims/adf |
policies |
cust-dev-ohi-pol.oracleindustry.com/policies |
cust-dev-ohi.oracleindustry.com/dev/policies/adf |
||
gateway |
cust-dev-ohi-oig.oracleindustry.com/oig |
cust-dev-ohi.oracleindustry.com/dev/oig/ui |
||
dev2 |
additional application deployment |
claims |
cust-dev2-ohi-cla.oracleindustry.com/claims |
cust-dev-ohi.oracleindustry.com/dev2/claims/adf cust-dev-ohi.oracleindustry.com/dev2/claims/ui cust-dev-ohi.oracleindustry.com/dev2/claims/api (OAuth) |
policies |
cust-dev2-ohi-pol.oracleindustry.com/policies cust-dev2-ohi-pol.oracleindustry.com/policiesjs cust-dev2-ohi-api.oracleindustry.com/pol-api |
cust-dev-ohi.oracleindustry.com/dev2/policies/adf cust-dev-ohi.oracleindustry.com/dev2/policies/ui cust-dev-ohi.oracleindustry.com/dev2/policies/api (OAuth) |
||
gateway |
cust-dev2-ohi-oig.oracleindustry.com/oig cust-dev2-ohi-api.oracleindustry.com/oig-api |
cust-dev-ohi.oracleindustry.com/dev2/oig/ui cust-dev-ohi.oracleindustry.com/dev2/oig/api (OAuth) |
New Applications in IDCS
Under Oracle Cloud Services in the IDCS / IAM administration console, new applications have been added. These new applications must be used by the OAuth client registrations.
Environment Application
The naming pattern for environment application is:
OHI-<environment-name>-ENVIRONMENT
For example, OHI-PROD-ENVIRONMENT
A single IDCS application for each environment has been added. The main purpose of this IDCS application is to act as a login target. It allows a configuration with an IDP policy, for example, to configure a federated login to a specific IDP system to bypass the IDCS login chooser page for users. It also enables the configuration of IDP initiated login, to authenticate and redirect a user directly to the landing page without the need for them to perform the login to the IDP.
Impact on OAuth Clients
Existing and new OAuth clients must be associated with the following scope of the application deployment application:
https://<customer>-<environment>-ohi.oracleindustry.com/<application-deployment-name>/urn::ohi-components-apis
Also, update the API URL in your OAuth clients in the following pattern:
https://<environment-host>/<application-deployment-name>/<component-name>/api
For example, cust-dev-ohi.oracleindustry.com/dev2/oig/api