1. Third Party Integration Guide
  2. Implementing RIB-EXT
  3. RIB-EXT Side of Configuration to Point to External Application

RIB-EXT Side of Configuration to Point to External Application

Below are the steps to point rib-ext to the correct injector service.

Table 4-2

Category Step Comment

Access RIB Admin GUI

Access the rib admin GUI at https://<external-load-balancer>/rib-ext-admin-gui

Log in with the admin user.
login

Verify Configuration and update

Navigate to Manage Configurations -> System options

Search for and verify the following:

  1. destination.retail.appType: rest-app

  2. Update the value for InjectorService URL (injector.service.endpoint.url). URL should point to inject service provided by external application. (e.g.- https://<host:port>/rib-injector-services-web/resources/injector/inject

  3. Security Policy (injector.service.security.policyname) : policyA

  4. IDCS OAuth Server URL (oauth2.default.authorizationServerUrl): https://<idcs-tenant>/oauth2/v1/token

  5. OAuth2 Token Scope: Default (i.e.- urn:opc:idm:__myscopes__)

verify configuration

Supported Grant Types for OAuth2

There are two grant type supported. Based on the use case follow steps below.

Steps for grant_type as password

Update username and password

Navigate to Manage Configurations - > Injector Service

Update details

  1. Choose rib-ext_ws_security_user_name_alias from drop down.

  2. Update rib-ext_ws_security_user_name_alias with valid username/password.

  3. Click on Save.

update username and password

Update ClientID/Secret needed for token generation

Navigate to Manage Configurations - > Injector Service

Choose rib-ext_oauth2_application_client_user-name-alias from drop down and update details

  1. Provide a valid Client ID in username.

  2. Provide a valid Client Secret in password.

  3. Click on Save.

update client ID

How to verify provided injector service details are correct

Verify if the provided injector service URL and credentials are correct for grant_type password using curl.

Execute the following curl commands for grant_type password:

ClientId=56c7eb72f11b43bb98bf2570fa2353eb
ClientSecret=bb18aa22-4bb4-41d1-9ed4-fea276651e28
IDCSUrl=https://idcs-24e4baae56764e91be371e6a2060d66e.identity.c9dev2.oc9qadev.com
un=integrationUser
pw=Welcome@1234
AccessToken=$(curl -i -X POST \
--user $ClientId:$ClientSecret \
-H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \
$IDCSUrl/oauth2/v1/token \
-d "grant_type=password&username=$un&password=$pw&scope=urn:opc:idm:__myscopes__" | grep -o -P '(?<=access_token":").*(?=","token_type)')
echo $AccessToken
ribExtServiceUrl=https://<external-app-load-balancer>/rib-injector-services-web/resources/injector/ping
curl -ivkL --noproxy '*' -H "Authorization: Bearer $AccessToken"  -H "Content-Type: applica-tion/xml" -X GET $ribExtServiceUrl

if you get a 200 response, then the configuration is correct

if you get 401 unauthorized, then Client ID and secret are incorrect

Steps for grant_type as client credentials

Update username and password to empty

Navigate to Manage Configurations - > Injector Service

Update details.

  1. Choose "rib-(app)_ws_security_user-name-alias" as Secured User Alias.

  2. Update the Secured User Name with a blank userName.

  3. Update the Secured User Password with a blank password.

  4. Click on Save.

update username and password

Update ClientID/Secret

Navigate to Manage Configurations - > Injector Service

Update details

  1. Choose "rib-(app)_oauth2_application_client_user-name-alias" as Secured User Alias.

  2. Update the Secured User Name with clientID.

  3. Update the Secured User Password with clientSecret.

updae client ID

Ping Test

Navigate to Manage Configurations -> RIB Service Monitor

  1. Click on ping

  2. It should return success

ping test

How to verify provided injector service details are correct

Verify if the provided injector service URL and credentials are correct.

Execute the following curl commands

ClientId=56c7eb72f11b43bb98bf2570fa2353eb
ClientSecret=bb18aa22-4bb4-41d1-9ed4-fea276651e28
IDCSUrl=https://idcs-24e4baae56764e91be371e6a2060d66e.identity.c9dev2.oc9qadev.com
AccessToken=$(curl -i -X POST \ --user $ClientId:$ClientSecret \ -H "Content-Type: applica-tion/x-www-form-urlencoded;charset=UTF-8" \
$IDCSUrl/oauth2/v1/token \ -d "grant_type=client_credentials&scope=urn:opc:idm:__myscopes__" | grep -o -P '(?<=access_token":").*(?=","token_type)')
ribExtServiceUrl=https://rgbu-phx-lbext-351.us.oracle.com/rib-injector-services-web/resources/injector/ping
curl -ivkL --noproxy '*' -H "Authorization: Bearer $AccessToken"  -H "Content-Type: applica-tion/xml" -X GET $ribExtServiceUrl