VBCS Fixed Credentials Configuration for backend API Service Connection!!!

Recently, I have been come across scenario where one of my Customer, building a VBCS application which needs a combobox to be populated with all IDCS Users name as approver. Customer builds the solution but was having issue with existing solution. Problem was when One user e.g. Sys Admin User ID (Administrator role) login using his credentials, he can see combobox populated with IDCS users name. However, when another business user when they login they can’t see combobox fetching IDCS User list. Obliviously, its permission issue. Sys Admin being part of IDCS Admin group has all privilege but other users in his tenancy are not, hence problem was coming.

Now, VBCS has two mechanisms for Identity propagation. Please read this section for more info.  a) login user identity gets propagated to invoke REST API as part of service connection b) Developer can use fixed credentials to invoke backend REST API using service connection.

To fix this problem we need to use 2nd approach which I am going to discuss in this blog. The Fixed Credentials approach will avoid user identity propagation and will use IDCS confidential app as generic user for Authentication purpose.  

So, we needed couple of configurations for this solution as highlighted below –

Note: I am only covering key aspects of this solution here, not step by step instructions how to perform whole configuration. Assumption here that the reader of this blog already well ware how VBCS application works and how to populate Service endpoint API result back to VBCS combobox component.

IDCS Configuration

A confidential IDCS application with “Client Confidential” & “Refresh token” grant type and a valid scope which allows read only permission for IDCS Users REST API. I discussed this scenario with my IDCS Administrator, and he created a IDCS Confidential Application with “Client Confidential” & “Refresh token” grant type and “Audit Administrator” role as per below snap –

The “Audit Administrator” is the read only privilege which allows this IDCS application to read the IDCS Users list and the technical scope value for this privilege is “urn:opc:idm:t.users_r”

So, once IDCS application gets’ activated we can get client id and client secret value which we need later stage. Note down both client ID and Client Secret value.

VBCS Configuration

Once IDCS part done, we just need to create service connection (open VBCS application >> services >> Service connection) inside VBCS for IDCS Users API with below details –

Authentication typeOAuth 2.0 Client Credentials
IDCS Users REST APIhttps://idcs-5dfcc4d6691c419aad5dxxxxxxd4ccb159931c8.identity.oraclecloud.com/admin/v1/Users  
IDCS token REST APIhttps://idcs-5dfcc4d6691c419axxxxxx4ccb159931c8.identity.oraclecloud.com/oauth2/v1/token
ClientIdClient ID values copied from IDCS App
Client SecretClient Secret value copied from IDCS App
ScopeIDSCS scope value which you can get from IDCS Administrator e.g.  urn:opc:idm:t.users_r

Once service endpoint gets configured, developer can visit “Test” tab page and test the connection and API-

Once connection and API tested, we can create “types” using this endpoint. Further you can create “Variables” using newly created types and bind that variable to ComboBox (Many) component

As you can see in above snapshot, combobox been populated with IDCS users list, and no matter which user going to access this VBCS application, VBCS will always use this Fixed connection IDCS confidential application to make a call to IDCS and populate this comboxbox with result.

I hope you will find this blog very helpful. Please feel free to share your thoughts using comment section.

Happy blogging 


Author: Manish Kumar Gupta

I am currently designated as Principal Presales Consultant in Oracle, Sydney, Australia. Having 20 + years professional experience. Currently Looking after Presales activities for iPaaS related Cloud Offering e.g. Oracle SOA Cloud Services (OSCS), Oracle Integration Cloud Service (OIC), MFT and Oracle API Platform etc. In past I have worked for many small to large companies. I have played various roles such as Integration Solution Architect / Integration Technical Architect / Integration Team Lead / Integration Specialist / SOA Infrastructure Admin / SOA Designer and SOA Developer in multiple companies. I have worked in various OFMW products such as Weblogic, OSB, BAM, SOA Suite, OWSM and Mediator etc. I have good hands-on experience in SOA Administration as well. In addition to that, have handful experience of SOA Architecture, Analysis, Design, Development, SIT Testing, Performance and Load Testing, Production and Post-Production Support for SOA projects.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: