Hi Folks,
Today, I’ll explain you to implement authentication
mechanism to Non-Fusion application through the Oracle Fusion cloud. Basically my business flow is, user should log
into Oracle Fusion cloud first and then access to Non-Fusion application
through the external URL available in Fusion Springboard or Navigator.
Following diagram depicted the
authentication flow, I’ll explain each process flows, it will easy to
understand the authentication process.
Authentication Flow |
Fusion user to Application Session Bean
First user should log into the Oracle
Fusion cloud. Then the user click the icon on Oracle fusion springboard/Navigator.
Oracle Fusion provide JWT (JSON Web Token) to identify logged user uniquely,
we should have implement a mechanism to pass the generated JWT key as an URL
parameter to Non-Oracle application. For generate JWT, we can use simple expression
language like this.
https://<Non-Fusion Application
URL>?jwtparam= #{applCoreSecuredToken.trustToken}
JSON Web Token validation
This step bit tricky, because we have
mechanism to avoid misusage of JWT key. Each time user click the URL, oracle
generate JWT on demand. This key has 4hrs lifetime within this time period user
can use generated JWT key multiple times. For avoid that, we can implement validation
to allow fresh JWT each time by looking JWT generated time.
To get JWT generated time, you can
simply decode JWT header using standard library provide by jwt.io web. Here’s
the implementation of validation method.
Validate the Logged User
Now we have Oracle generated JWT, but
we are unable to decode verify
signature for identified user details directly. So we need to use SOAP service
for get the logged user details. In hcmService/UserDetailsServiceV2 request we
can pass the JWT as Authorization Header along with Bearer keyword.
In above mentioned flow, I used internal
user details stored data base to verify against fusion result. But it’s not mandatory.
Happy Coding,
Regards,
Denuwan Himanga Hettiarachchi