Authenticating with IFS
When interacting with IFS APIs from a Crosser Flow you have two options:
-
Use the IFS Observation Publisher module. This module works specifically with the ‘Observation’ API, which requires special formatting of the data.
-
Use Universal Connectors. UCs can communicate with any of the IFS APIs
IFS APIs use the Oauth Client Credentials method for authenticating external clients. This document will explain how you configure your IFS system and how to use the credential information from IFS in Crosser.
In IFS
External clients communicate with IFS through an ‘IAM Client’, sometimes called an ‘app’ in other systems. It’s the IAM Client that holds the credentials that will be needed in Crosser. Each IAM Client is then given access to IFS APIs by connecting it with a ‘Service User’. It’s the permissions given to the service user that determines the access available through the IAM Client.
You can use an existing IAM Client, given that it provides the access you need, or you can create a new client. This is done on the ‘IAM Clients’ page. Once you have a client that can be used, copy the client_id and client_secret. You need these later on in Crosser.
Solution Manager > Users and Permissions > Identity and Access Manager > IAM Client Details:
To check what APIs that can be accessed through an IAM Client you need to look at the permissions given to the connected Service User. Permissions are assigned to users through ‘Permission Sets’. Go to the ‘Users’ page and make sure that the user has the ‘FND_WEBENDUSER_MAIN’ or ‘FND_WEBRUNTIME’ permission set. In addition you need a permission set that gives you access to the relevant API. APIs are called ‘Projections’ in the permission sets, the name of the API (as shown in the API Explorer) of interest must be present in the list of Projections in one of the permission sets assigned to this user.
Solution Manager > Users and Permissions > Users > User:
Solution Manager > Users and Permissions > Permission Sets > Permission Set:
In Crosser
In Crosser you need to create a ‘Oauth Client Credentials Grant’ credential on the ‘Manage > Credentials’ page:
You need to enter the following information:
-
Authorization URL: You can find this in the IFS API Explorer by looking in the documentation of your API and expand the ‘AUTHORIZATIONS’ section. There you will find a ‘Connect URL’ (in the ‘OpenID Connect’ section) that ends with ‘.well-known/openid-configuration’. Replace that with ‘protocol/openid-connect/token’. This will give you a URL that looks like this:
https://ory9-d08.build.ifsdemoworld.com/auth/realms/ory9d081/protocol/openid-connect/token -
ClientID: client_id (name) from your IFS IAM Client (see above)
-
ClientSecret: Secret from the IFS IAM Client (see above)
-
Token Renewal URL: Set to the same as the Authorization URL
Click on ‘Add Credential’ to store your new credential in the Crosser Credential library.
You now have a credential that can be used both in the ‘IFS Observation Publisher’ module and in any Universal Connector modules you create.