B2B Service

Get Involved. Join the Conversation.

Topic

    Shaheela D
    Can we able to get the logged in username and password...
    Topic posted July 22, 2019 by Shaheela DBronze Medal: 1,250+ Points, tagged Integration, Service Request Management 
    99 Views, 8 Comments
    Title:
    Can we able to get the logged in username and password dynamically through script?
    Summary:
    Can we able to get the logged in username and password dynamically through script under service request object?
    Content:

    Hi Team, 

    I have registered OIC rest API inside OEC under Web Services with authentication and I am calling that process through script while creating an SR. 

    We have enabled SSO between OIC and OEC. So is it possible to give authentication through script while calling the registered service, it should take the current session who logged in the OEC? 

    Please update here which is feasible or not. 

    Thanks, 
    Shaheela

    Version:
    19B

    Comment

     

    • gopikrishna madugula

      Hi Shaheela,

      I dont think this is possible. Everytime we register a WS in OEC, we create a credential key to authenticate the WS and it will usually be an integration user or an admin user. What is the use case for having to trigger the WS using the logged in user credentials? Also, getting the password using a groovy script is a security risk in my opinion

      Regards,

      Gopi

      • Shaheela D

        Hi Gopi,

        Yeah, getting the password is risk I agree. Because, sometimes the OIC user account is getting locked and they will change the password in the system and we have to change those again in credential key at registration.

        Now we have SSO and we have same users in both OEC and OIC. Once the password is same for both cloud, then registering credential is no need right. It can take the OEC credential and run the service. 

        If I am wrong guide me.

        Thanks,

        Shaheela

    • gopikrishna madugula

      Hi Shaheela,

      When we register a WS in OEC, we definitely need to give a credential key. We don't have an option to register the WS and run it with the logged in user credentials. One more way of achieving this is create an integration user and use this user for your interface. Also, check if you can have a never expired password policy for this user from OIC side . 

      • Shaheela D

        Hi Gopi,

        We have created integration user and set the password policy already. 

        We have SSO between OIC and OEC. Can we able to get the logged in username alone and pass into credential key at the time of registration since both cloud have same user?

        Thanks,

        Shaheela

    • gopikrishna madugula

      Hi Shaheela,

      I dont think that is possible. Credential key at the time of registration is a static value and we cannot change it dynamically.

      Regards,

      Gopi

    • Alex Valis

      you can pass the JWT token via groovy script to your OIC web service if you need to make a web service call in OIC using the current logged in user. 

      def jwt = new oracle.apps.fnd.applcore.common.SecuredTokenBean().getTrustToken();
      

      https://docs.oracle.com/en/cloud/saas/engagement/19b/faoka/OKEC_Use_JWT_Token_for_Authorization.html

      JWT tokens also expire and is more secure to use than a hard coded username and password which can be exposed and leave you open for access by unauthorised people.

    • Shaheela D

      Hi Alex,

      Thanks for your comments.

      We can use this in script while calling the web service. But for registering those web service, credential key is mandatory. In that doc, it is mentioned that the JWT is only a way to share username to the server, but not a way to authenticate the user. 

      Also from my side, I have tried with the Authentication scheme "Propogate user identity using SAML over SSL". For this no credential key is required and I can able to access the API of  OIC from OEC but both cloud should have the same user.

      Please let us know if you have any suggestion.

      Thanks,

      Shaheela

      • Alex Valis

        i cant advise on your security. i can say that retrieving a users password is not possible, and that a JWT (token) can be used to authenticate a REST API call in to OEC within user context without having to use a functional or global user account.

        At Oracle Consulting we provide services during our implementations to handle security requirements between our cloud applications to ensure its aligned with Oracle's security policies that customers come to expect.