Configure Your Integration for Web Services Invocation

First, add a new trusted client application and configure it to handle the web service calls between Oracle Fusion Applications Cloud Service and your PaaS services. Then, if you are hosting your own web service on Oracle Java Cloud Service, configure the WSIdentityPermission for your deployed application.

Create a New Application in Oracle Identity Cloud Service

Create a new trusted client application in Oracle Identity Cloud Service to handle your web service calls to your Oracle PaaS services.

To create and configure the client application:
  1. In the Oracle Identity Cloud Service console, select the Application tab, click Add, and then in the Add Application window, select Confidential Application.
  2. On the Details page of the Add Trusted Application wizard, give the new application a name. If you want, set other values such as description and tags. Click Next.
  3. On the Client page, select Configure this application as a client now.
    Additional options appear on the page. Set the following values:
    • Allowed Grant Types: Client Credentials and JWT Assertion.
    • Client Type: Select the Trusted option, and import the Oracle Fusion Applications Cloud Service OWSM signed certificate you received from Oracle Support when you set up federation.
  4. Click Next, and on the Authorization page, click Finish to save the application.
    An “Application Added” notification is shown. Make a copy of the Client ID and Client Secret. If you need them later, the Client ID and Client Secret also appear on the Configuration tab in the Details section for the application.
  5. With the app created and saved, select the Configuration tab, and expand the Client Configuration section. In the Accessing APIs from Other Applications section, under Allowed Scopes, click Add. In the Add Scope dialog, add one or more Resources for each of your Oracle PaaS applications that you will access. You can check the box for a resource to add all of its scopes, or click the right arrow for a given resource to select individual scopes. You can check the box for the whole app to add all resources. Click the Add button. Click Save to save your changes.
    As you add scopes, they are listed by application and allowed scope in the Allowed Scopes area. You can select a scope in this area and click the Remove button to remove it.
  6. Click Next, and on the Authorization page, click Finish to save the changes to the application.
  7. To activate the application, from the Oracle Identity Cloud Service console, select Applications, and select the application. Click the Activate button to the right of the application name.

Grant WSIdentityPermission for the Target Web Service Application

You may be connecting to a custom web service hosted on Oracle Java Cloud Service. If so, the web service application to which the OWSM policy is attached must have the oracle.wsm.security.WSIdentityPermission permission enabled.

  1. Using an API such as Oracle JDeveloper, develop your REST or SOAP web service for deployment on Oracle Java Cloud Service.
    For REST services:
    • Protect the service by using the OAuth Server Policy.
    • Deploy your application to Oracle Java Cloud Service using an unprotected app for root context. That is, do not prefix the root context with the __protected prefix.
    • The Application Composer on Oracle Fusion Applications Cloud Service consumes only JSON or XML MediaType Response, so use application/json or application/xml mediatype in your service.
    For SOAP services:
    • Protect the service by using the OAuth Server Policy.
    • Keep the WSDL unprotected.
  2. Grant the WSIdentityPermission for applications deployed on Oracle Java Cloud Service. Execute the following WSLT commands by connecting to the Oracle Java Cloud Service AdminServer. Use the application name of your deployed application for the resource:
    grantPermission(codeBaseURL='file:${common.components.home}/modules/oracle.wsm.common/wsm-agent-core.jar',
          permClass='oracle.wsm.security.WSIdentityPermission',
          permTarget='resource=your application name',
          permActions='assert')