Visual Builder

Get Involved. Join the Conversation.

Topic

    Cesar Tepetla Corte
    Security when embedding a Visual Builder application in...
    Topic posted November 27, 2018 by Cesar Tepetla CorteBronze Medal: 1,250+ Points, tagged Groovy, SaaS Integration, Security, Services, Stage / Publish / DevOps, UI, Validation, Web 
    508 Views, 15 Comments
    Title:
    Security when embedding a Visual Builder application in Oracle Fusion page integrator
    Summary:
    Security when embedding a Visual Builder application in Oracle Fusion page integrator
    Content:

    Hi

    I have embedded an application of Autonomous Visual Builder with page integrator in Oracle Fusion the problem is that I have to log in to Visual Builder to view the page in Fusion otherwise nothing will be shown.

    In what way can I avoid this? What I'm looking for is for the user to log in only on Fusion and see the application.

    Any comments and guidance is grateful.

    Thanks

    Comment

     

    • Shay Shmeltzer

      Depends on what your goal is:

      If you don't care about the user role in the VB app - you can mark your application to allow anonymous access:

      https://blogs.oracle.com/vbcs/using-anonymous-access-on-vbcs-applications

      If you do care about the user/role and you want to propagate this from the SaaS app to the VB app - you need to configure single sign on between the two apps.

      See:

                                            2 Connect to Oracle SaaS from Oracle PaaS                                   

    • Subba Bhamidipati

      Hi Shay,

      We have similar requirement to propagate the "JWT Token" from Oracle Fusion, so that any web service calls we do back to Fusion from VBCS app would need to be authenticated with same user logged into Fusion. 

      Previously we used JCS-SX to build ADF app and there we used task-flow parameter to accept JWT token from Fusion. Based on that JWT Token we authenticate against Fusion. If the JWT token is not valid we use task-flow rules to display "Error Page".

      How can we achieve this flow of validating logged in user to Oracle Fusion with in VBCS app and use the credentials to further call Fusion Web Services?

       

      Thanks,

      Subba

        • Mark Chappell

          Hi Shay,

          I've got a similar issue as the original question in this thread: I'm new to VB and I'm creating a prototype VB app from Integration Cloud, and I'm embedding in our SaaS ERP Instance. Clearly I need to look into single sign on between SaaS and PaaS (OAICS and VBCS). 

          However, in the mean time I have tried to follow the approach of making my app to allow anonymous access:

          https://blogs.oracle.com/vbcs/using-anonymous-access-on-vbcs-applications

          However, I'm not able to see the data from my Business Objects - can you offer some assistance?

          I've created a Classic App, I initially marked the app in Application Settings, Security to "require Authentication". I've staged and published and tested. I can see the app and the data from the BO's in SaaS, but only when I'm logged into OAICS.

          Then I've have created a new version of the app and set to "Allow Anoynmous Access". I've staged and published and tested. I can see the app and and but the data is not displayed, just a messaging saying Fetching data. 

          I'm not sure what I am doing wrong, can you offer any suggestions?

          thanks

          Mark

          • Mark Chappell

            Shay, 

            In addition to this, I have also created a version of my app, where within application settings I've chosen both "Allow Anoynmous Access" and  "require Authentication". 

            When I log into SaaS and then navigate to my application I get an Invalid Session error, stating "Your session is invalid or expired"

            • Shay Shmeltzer

              What are your security setting for the business objects?

              Also - at this stage we discourage the creation of applications using the old "Classic VB".

              All new applications should be created with the Visual App approach.

              • Mark Chappell

                Hi Shay, 

                thanks for the reply.

                I've read that Oracle now suggest the Visual App approach and not Classic, but there wasn't any training material available for Visual App, and I needed to creating something quickly as a proof of concept to my PM, to highlight its value add... I'm currently waiting for the Course to become available within my Oracle Learning Subscription also for Visual Apps...

                I'm also looking at the Federated SSO between SaaS and PaaS, but this is a large fix for my issue...

                In the meantime I need to get this classic app working for anonymous users asap...

                I've attached 3 screen shots;

                1. invalid session error - is the error I get when accessing the app from SaaS, you can see the app pages behind the error message.

                2. AppSecuritySettings - shoes the applications sec settings

                3. BOSecSettings - shoes BO sec settings... 

                 

        • Bshah

          Hi Shay,

           

          We have enabled federated SSO between SaaS and PaaS with SaaS acting as IDP. It still expects me to have logged in to VBCS prior on a separate tab. If i am not logged in it says IDCS refused to connect. Do you know if there is anything else which needs to be configured?

           

           

          • Shay Shmeltzer

            Are you accessing the URL of a published app or of the URL of the app at design time?

            Try and republish your app and see if it helps.

    • Shay Shmeltzer

      Does it work if you remove the "Require Authentication" option in the app settings and restate/republish your app?

      Also, if we eliminate SaaS from the picture for a second, and you try accessing the published app URL from a new browser instance - does it ask for authentication?

      • Mark Chappell

        Hi Shay... 

        I've recently revisited my Visual Builder Classic Application, and my attempts to embed it into SaaS... I still have an issue, in that the application is visible, but the data from my business objects is only returned to the App in SaaS, if I'm logged onto my PaaS OICS Instance within that web browser session.

        I've attempted to set up Federated SSO also, and I have an ongoing SR with Oracle to resolve this issue. As it stands, I belive we have SSO working, but we aren't really making any progress on fixing my Visual Builder App issue, and nothing so far has worked. 

        I've revisited this post for some help. 

        One thing I have re checked today, is your suggestion of taking SaaS out of the picture and trying to access the app from my web browser by pasting the direct Live URL.

        I am able to see the App, but again no data... unless I'm also logged into PaaS within the same browser session.

        have you any suggestions on where to look next? 

        thanks

        Mark

        • Shay Shmeltzer

          Note that for Business Objects you have separate security setting tab per object.

          You should make sure that the role that is being used to connect to the VB app has the right privileges to access the BOs.

          (Including anonymous role if you plan to allow access to that scenario).