Authentication

It is a requirement that user names and passwords for RPASCE users must be created in an Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) instance. RPASCE Client uses perimeter authentication. The Oracle software product, Web Tier Security Service (WTSS), is used to field all HTTP requests. WTSS redirects the browser to an OCI IAM login page if a request lacks the OCI IAM session cookie.

Users authenticated by OCI IAM and assigned the authentication role for the RPASCE application will be granted access to the RPASCE application with a set of application permissions based upon the application roles granted them in OCI IAM

Users can be added through the OCI IAM Admin Console and can be added in bulk using a CSV file. For more information on using OCI IAM, see the Oracle Identity Cloud Service online help at https://docs.oracle.com/en-us/iaas/Content/Identity/home.htm.

User accounts will be automatically created in the RPASCE application when a new user logs in for the first time if an account does not exist. However, this is not recommended, as there are some administrative tasks required to fully set up a new user account, so those tasks should be performed before they login. For AIF and RI applications, users do not exist in those systems independently of OCI IAM, all authentication is managed through direct communications between OCI IAM and the application client and there are no administrative steps in AIF/RI to separately configure user access.

To address the additional steps in Planning applications, the Online Administrative Tools (OAT) contain tasks to facilitate the addition of new users after they have been created in OCI IAM but prior to their first time logging into the system. Information about these tasks can be found in the Oracle Retail Predictive Application Server Cloud Edition Administration Guide.