Example of OAM Application Configuration and Oracle GoldenGate Authorization Profile
The following scripts are examples of configuring various components when creating a secure Oracle Access Manager (OAM) application.
Creating an Identity Domain
The following example shows the creation of an Identity Domain in
OAM.
curl -x ""
-u 'weblogic:weblogic1'
'http://east.oraclevcn.com:18585/oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain'
-H 'Content-Type: application/json'
-d '
{"name": "OGGDomain1"
,"identityProvider": "OUD"
,"description": "Test Domain"
, "tokenSettings":
[{"tokenType": "ACCESS_TOKEN"
,"tokenExpiry": 3600
,"lifeCycleEnabled": false
,"refreshTokenEnabled": false
,"refreshTokenExpiry": 86400
,"refreshTokenLifeCycleEnabled": false
}
,{"tokenType": "AUTHZ_CODE"
,"tokenExpiry": 3600
,"lifeCycleEnabled":false
,"refreshTokenEnabled": false
,"refreshTokenExpiry": 86400
,"refreshTokenLifeCycleEnabled": false
}
,{"tokenType": "SSO_LINK_TOKEN"
,"tokenExpiry": 3600
,"lifeCycleEnabled": false
,"refreshTokenEnabled": false
,"refreshTokenExpiry":86400
,"refreshTokenLifeCycleEnabled": false
}
]
,"errorPageURL": " http://east.oraclevcn.com:2222/oam/pages/servererror.jsp"
,"consentPageURL":"http://east.oraclevcn.com:2222/oam/pages/consent.jsp"
,"customAttrs": null
}'
Create Resource Server
The following example shows creating a Resource Server for the OAM
application:
curl -x ""
-u weblogic:weblogic1
-H "Content-Type: application/json" '
http://east.oraclevcn.com:18585/oam/services/rest/ssa/api/v1/oauthpolicyadmin/application'
-X POST
-d '
{"idDomain":"OGGDomain1"
,"name":"OGGResourceServerCorrect"
,"scopes":
[{"scopeName":"oggServiceToService"
,"description":"test ogg urn scope"
}]
}'Creating an Application
The following example shows creating an Application with some redirect
URIs, using
OAM:
curl -x ""
-v
-u weblogic:<weblogicpwd>
-H "Content-Type: application/json"
'http://east.oraclevcn.com:18585/oam/services/rest/ssa/api/v1/oauthpolicyadmin/client'
-X POST
-d '
{"secret":"OGGClient1Secret"
,"id":"OGGClientID1"
,"scopes":["OGGResourceServerCorrect.oggServiceToService"]
,"clientType":"CONFIDENTIAL_CLIENT"
,"idDomain":"OGGDomain1"
,"description":"Client Description"
,"name":"OGGClientCorrect"
,"grantTypes":["PASSWORD", "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE"]
,"defaultScope":"OGGResourceServerCorrect.oggServiceToService"
,"redirectURIs":
[{"url":"https://localhost:9010/services/v2/authorization", "isHttps":true}
,{"url":"https://west.oraclevcn.com:9010/services/v2/authorization", "isHttps":true}
,{"url":"https://west.oraclevcn.com:9001/services/v2/authorization", "isHttps":true}
,{"url":"https://localhost:9001/services/v2/authorization", "isHttps":true}
]
,"attributes":[{"attrName":"OGGGroups"
,"attrValue":"${user.groups}"
,"attrType":"STATIC"
}'
Create an Authorization Profile in Oracle GoldenGate for the OAM Application
The following code snippet is a sample of how to create an authorization
profile in Oracle GoldenGate (using cURL) for the OAM
application:
curl -k
-u ggma:<ggmapwd>
-X POST
-d '{"type":"oam"
,"clientID":"OGGClientID1"
,"clientSecret":"OGGClient1Secret"
,"tenantDiscoveryURI":"http://east.oraclevcn.com:2222/.well-known/openid-configuration"
,"groupToRoles":{"securityGroup":"fusionapps_gg_prod_sec"
,"administratorGroup":"fusionapps_gg_prod_admin"
}
,"identityDomain":"OGGDomain1"
}'
https://localhost:9010/services/v2/deployments/ServiceManager/authorization/profiles/smProfile