Authentication Parameters
Authentication parameters are used by the target system to authenticate an application. The set of parameters for which you must specify values depends on the value that you enter for the grantType parameter of the Basic Configuration section.
The grantType parameter holds the type of authentication used by your target system. The connector supports the following types of authentication:
-
HTTP Basic Authentication
-
OAuth 2.0 JWT
-
OAuth 2.0 Client Credentials
-
OAuth 2.0 Resource Owner Password
-
Manually Input Access Token
If your target system uses an authentication type other than the ones listed above, then you must write your own implementation which requires development effort. By default, the UI includes parameters for the OAuth 2.0 Client Credentials authentication type. For any other authentication type, you must create and add the corresponding parameters in the Advanced Settings section.
The following are the possible values for the grantType parameter:
- For HTTP Basic Authentication: basic
- For OAuth 2.0 JWT: jwt
- For OAuth 2.0 Client Credentials: client_credentials
- For OAuth 2.0 Resource Owner Password: password
- For manual input of access token: other
- For custom authentication implementation: custom
Note:
This section provides information about parameters for all authentication types. Enter values only for parameters corresponding to the authentication type you specify.HTTP Basic Authentication
Table 2-3 HTTP Basic Authentication IT Resource Parameters
| Parameter | Description |
|---|---|
|
username |
Enter the user name or user ID of the account that Oracle Identity Governance must use to connect to and access the target system during reconciliation and provisioning operations. Sample value: |
|
password |
Enter the password of the account that Oracle Identity Governance must use to connect to and access the target system during reconciliation and provisioning operations. Sample value: |
OAuth 2.0 JWT
Table 2-4 OAuth 2.0 JWT IT Resource Parameters
| Parameter | Description |
|---|---|
|
aud |
Enter the intended audience of the JWT. The value can either be a URI or token endpoint URL of the authorization server. Sample value:
|
|
iss |
Enter a value that uniquely identifies the entity that issued the JWT. Sample value:
|
|
scope |
Enter the scope of the access token being issued. Sample value:
|
|
sub |
Enter a value that identifies the principal to which the JWT is being issued. Sample value:
|
|
privateKeyLocation |
Enter the absolute path to the private key used to sign the access token. Sample value: |
|
privateKeySecret |
Enter the secret key for the private key that is being used to sign the access token. |
|
tokenLifespan |
Enter the life span of the access token in milliseconds. Sample value: |
|
signatureAlgorithm |
Enter the algorithm used for signing the access token. Sample value: |
|
privateKeyFormat |
Enter the format of the private key used to sign the access token. Sample value: |
OAuth 2.0 Client Credentials
Below table lists the set of parameters for which you must enter values when the grantType parameter is set to client_credentials.
Note:
By default, these parameters are available in the Basic Configuration section. Therefore, there is no need to add them manually.
Table 2-5 OAuth2.0 Client Credentials IT Resource Parameters
| Parameter | Description |
|---|---|
|
clientId |
Enter the client identifier (a unique string) issued by the authorization server to the client during the registration process. Sample value: |
|
clientSecret |
Enter the value used to authenticate the identity of your client application. Sample value: |
|
authenticationServerURL |
Enter the URL of the authorization server that authenticates the client (by validating the client ID and client secret), and if valid, issues an access token. Sample value: |
OAuth 2.0 Resource Owner Password
Table 2-6 OAuth 2.0 Resource Owner Password IT Resource Parameters
| Parameter | Description |
|---|---|
|
username |
Enter the user name or user ID of the resource owner. Sample value: |
|
password |
Enter the password of the resource owner. Sample value: |
|
clientId |
Enter the client identifier issued to the client during the registration process. Sample value: Note: This is an optional parameter. |
|
clientSecret |
Enter the client secret used to authenticate the identity of the client application. Sample value: Note: This is an optional parameter. |
|
authenticationServerUrl |
Enter the URL of the authorization server (token endpoint) that authenticates the client (by validating client ID and client secret) and the resource owner credentials, if valid, issues an access token. Sample value: |
Manual Input of Access Tokens
This section discusses the parameter for which you must enter a value when the grantType parameter is set to other.
In this authentication mechanism, the connector expects the value of the access token to be directly passed through the customAuthHeaders parameter.
The customAuthHeaders parameter must hold the access token value that must be passed through an HTTP authorization header, for example,access_token=<value>.
Custom Authentication
This section discusses the parameter for which you must enter a value when the grantType parameter is set to custom.
If you have implemented custom authentication, then you must enter a value for the customAuthClassName parameter. The customAuthClassName parameter must hold the name of the class implementing the custom authentication logic that you created while performing the procedure described in Implementing Custom Authentication.