1. Third Party Integration Guide
  2. Implementing RIB-EXT
  3. RIB-EXT Side of Configuration to Point to External Application

RIB-EXT Side of Configuration to Point to External Application

Below are the steps to point rib-ext to the correct injector service.

Table 4-2

Category Step Comment

Access RIB Admin GUI

Access the rib admin GUI at https://<external-load-balancer>/rib-ext-admin-gui

Log in with the admin user.
login

Verify Configuration and update

Navigate to Manage Configurations -> System options

Search for and verify the following:

  1. destination.retail.appType: rest-app

  2. Update the value for InjectorService URL (injector.service.endpoint.url). URL should point to inject service provided by external application. (e.g.- https://<host:port>/rib-injector-services-web/resources/injector/inject

  3. Update the value for Ping Service URL (injector.service.endpoint.ping.url). URL should point to ping service provided by external application. (e.g.- https://<host:port>/rib-injector-services-web/resources/injector/ping).

    ping service url

  4. For 3rd party integration where the injector service is hosted on OIC/on-prem, the below system property in JAVA_OPTIONS needs to be added oauth2.url.path.wo.vrc=<context root of injector service>

    Important: context root of injector service is any word in injector service url which can identify service uniquely.

    Eg-

    For the following injector service url https://<external-lb>/ external-injector-services/external/ribinjector/inject.

    Java_option would be

    oauth2.url.path.wo.vrc=ribinjector

  5. Security Policy (injector.service.security.policyname) : policyA

  6. IDCS OAuth Server URL (oauth2.default.authorizationServerUrl): https://<idcs-tenant>/oauth2/v1/token

  7. OAuth2 Token Scope: Default (i.e.- urn:opc:idm:__myscopes__). Update with external application provided scope.

verify configuration

Supported Grant Types for OAuth2

Only client credential grant type is supported. Follow steps below.

Update username and password to empty

Navigate to Manage Configurations - > Injector Service

Update details.

  1. Choose "rib-(app)_ws_security_user-name-alias" as Secured User Alias.

  2. Update the Secured User Name with a blank userName.

  3. Update the Secured User Password with a blank password.

  4. Click on Save.

update username and password

Update ClientID/Secret

Navigate to Manage Configurations - > Injector Service

Update details

  1. Choose "rib-(app)_oauth2_application_client_user-name-alias" as Secured User Alias.

  2. Update the Secured User Name with clientID.

  3. Update the Secured User Password with clientSecret.

updae client ID

Ping Test

Navigate to Manage Configurations -> RIB Service Monitor

  1. Click on ping

  2. It should return success

ping test

How to verify provided injector service details are correct

Verify if the provided injector service URL and credentials are correct.

Execute the following curl commands

ClientId=56c7eb72f11b43bb98bf2570fa2353eb
ClientSecret=bb18aa22-4bb4-41d1-9ed4-fea276651e28
IDCSUrl=https://idcs-24e4baae56764e91be371e6a2060d66e.identity.c9dev2.oc9qadev.com
AccessToken=$(curl -i -X POST \ --user $ClientId:$ClientSecret \ -H "Content-Type: applica-tion/x-www-form-urlencoded;charset=UTF-8" \
$IDCSUrl/oauth2/v1/token \ -d "grant_type=client_credentials&scope=urn:opc:idm:__myscopes__" | grep -o -P '(?<=access_token":").*(?=","token_type)')
ribExtServiceUrl=https://rgbu-phx-lbext-351.us.oracle.com/rib-injector-services-web/resources/injector/ping
curl -ivkL --noproxy '*' -H "Authorization: Bearer $AccessToken"  -H "Content-Type: applica-tion/xml" -X GET $ribExtServiceUrl