Authenticate Non-Fusion Application via the Oracle Fusion Cloud

Hi Folks,

Today, I’ll explain you to implement authentication mechanism to Non-Fusion application through the Oracle Fusion cloud.  Basically my business flow is, user should log into Oracle Fusion cloud first and then access to Non-Fusion application through the external URL available in Fusion Springboard or Navigator.

Following diagram depicted the authentication flow, I’ll explain each process flows, it will easy to understand the authentication process.

Authentication Flow

Fusion user to Application Session Bean

First user should log into the Oracle Fusion cloud. Then the user click the icon on Oracle fusion springboard/Navigator. Oracle Fusion provide JWT (JSON Web Token) to identify logged user uniquely, we should have implement a mechanism to pass the generated JWT key as an URL parameter to Non-Oracle application. For generate JWT, we can use simple expression language like this.

https://<Non-Fusion Application URL>?jwtparam= #{applCoreSecuredToken.trustToken}  

JSON Web Token validation 

   

This step bit tricky, because we have mechanism to avoid misusage of JWT key. Each time user click the URL, oracle generate JWT on demand. This key has 4hrs lifetime within this time period user can use generated JWT key multiple times. For avoid that, we can implement validation to allow fresh JWT each time by looking JWT generated time.

To get JWT generated time, you can simply decode JWT header using standard library provide by jwt.io web. Here’s the implementation of validation method.  

Validate the Logged User

Now we have Oracle generated JWT, but we are unable to decode verify signature for identified user details directly. So we need to use SOAP service for get the logged user details. In hcmService/UserDetailsServiceV2 request we can pass the JWT as Authorization Header along with Bearer keyword.

In above mentioned flow, I used internal user details stored data base to verify against fusion result. But it’s not mandatory.

Happy Coding,

Regards,

Denuwan Himanga Hettiarachchi

Switching between Default mood to Accessibility mode, without additional clicks in Oracle ADF Application

Hi Folks,

This post onward, I’ll publish my technical articles in both Medium & Blogger accounts. I believe this option allow me to reach new technical enthusiasm audience.

Few months back, I have opportunity to allocate really interesting task. In my organization we have a requirement to allow our Time Entry application to the visual impact users. According to W3.org accessibility mean,

Accessibility addresses discriminatory aspects related to equivalent user experience for people with disabilities, including people with age-related impairments. For the web, accessibility means that people with disabilities can perceive, understand, navigate, and interact with websites and tools, and that they can contribute equally without barriers. For more information, see the Accessibility introduction.

In this post I’m not going to explain the way to modification you should do to achieve accessibility in Oracle ADF application. Oracle provide advanced documentation for develop application with the aim of accessibility feature. “Fusion Middleware Web User Interface Developer's Guide for OracleApplication Development Framework” this should be your bible.

But, the way documentation suggest to switch in between accessible mode and default mode is really painful. So I come up with a totally new solution to switching these modes.

If you already refereed Oracle documentation (I highly recommend you to go through it, before try to understand my solution) you have idea about the importance of trinidad-config.xml file. In order to switch application to different modes we should add screenReader/default values to accessibility-mode property.

But we have to configure above mentioned values permanently or we need to provide additional pop-up to choose accessibility preferences and based on the value we should fully refresh web application in each time user login to the system.

Stored a permanent value is not an elegant design, Couse this will ruin ordinary users experience. Providing an additional pop-up also damage minimum click approach in web design world.

Option I

I have two solutions to avoid, above mentioned design problems. In my scenario we have pre known user based, so I created a new attribute in USER_DETAILS table and store accessibility_mode based on user preferences.

But how to change accessibility-mode property in trinidad-config.xml,

Kudos to Session Bean objects, we can simply create a variable in Session Bean scope and assign to accessibility-mode property in trinidad-config.xml. Final solution should be like this.

Option II

Option I, sort of a mediocre solution. Because we need to pre-identified our user’s accessibility preferences. Option II come up with an innovative way, but you have to log Oracle Fusion Cloud first and navigate to your application through Fusion Cloud.

In my organization Time Entry application host as a Non-Fusion application, but authentication through the Fusion Cloud (I’ll write a separate post to describe authentication process).

If I simply explain the authentication process. When you’re Non-Fusion application load, you can generate JSON Web Token (JWT) and pass it as a URL parameter. Oracle HCM Cloud provide SOAP web services to get user details, by passing JWT as an Authorization Header simply call findSelfUserDetails SOAP service to get a AccessibilityMode value. 

Same as the Option I, you can execute the above process inside the Session bean scope and assign SOAP result to accessibilityMode variable.

Hope you got a clear idea about these two options, please feel free to comment your questions.

Happy Coding!

Regards,

Denuwan Hettiarachchi