AIS Authentication Types

-
      The AIS Server uses EnterpriseOne authentication to authenticate AIS clients. All AIS sessions are established with requests to the EnterpriseOne HTML Server to establish a corresponding HTML Server (JAS) session. 
       
        The AIS Server can maintain open sessions linked to open JAS sessions. It can also execute stateless calls where sessions are temporarily established only for the time of the call and thereafter terminated. See "Session Management" below for more information.

       You can configure the AIS Server to use SSL so that all communication is over HTTPS. It can also be configured to communicate over HTTPS with the EnterpriseOne HTML Server.

     You must make sure that the type of authentication (or login type) used by the AIS client is enabled in the Application Interface Services Security Settings section in Server Manager. 

The following are the supported authentication types.

 Username and Password
This type of authentication is used in JD Edwards EnterpriseOne mobile enterprise applications for authentication. It involves passing the username and password in the body of the request JSON, for example:
            {
                "username":"JDE",
                "password":"JDE"
            }
HTTP Basic Authentication
This type of authentication is used for authenticating Internet of Things (IoT) devices calling orchestrations on the AIS Server. It is also used by the EnterpriseOne Orchestrator Client to test running orchestrations on the AIS Server. It involves passing the username and password in the basic authorization header, for example:
Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l

 PS Token
This type of authentication is used in EnterpriseOne ADF applications. It is also used by EnterpriseOne Pages designed to call AIS services through the e1pagehelper.js API. It involves passing the username and psToken in the body, for example:
        {
            "psToken": "pgAAAAQDAgEBAAAAvAIAAAAAAAAsAAAABABTaGRyAk4AcQg4AC4A
MQAwABQJrwo/Lw6l8FT3c1jCCRFRdRTiVmYAAAAFAFNkYXRhWnicHYhBDkAwEEVfqysH
sHaBSjUlLInGpsHG2hncz+FMZpL/3p//Aq6yxog/i159sXBTOHGZluZh12+VvXBI28ikSKBnx
Ku9JConOmmDcGAWBnHQPcEPnWgLvQ==",
            "username": "JDE"
        }
JSON Web Token
This authentication method can be used in a JD Edwards EnterpriseOne mobile application integration with Oracle Mobile Cloud Service. You can also use this login type to employ OAuth 2.0 authentication for third-party AIS clients, including clients developed using the AIS Client Java API to call AIS services and orchestrations on the AIS Server.
Note: You can use OAuth 2.0 if you have an EnterpriseOne configuration with Oracle Access Manager (OAM), where OAM is the OAuth provider.
This authentication method involves passing a JWT in the Bearer Header, for example:


Authorization: Bearer eyJ4NXQiOiJkUHFHSDRadktiUUNRTExqTXRTVkRSc3hYSjAiLCJ0eXAiOiJKV1QiLCJhbGci...
Using JWT for authentication requires a trusted node configuration and an EnterpriseOne HTML Server trusted certificate configuration. 


Session Management
     After a token request is sent to the AIS Server with successful authentication, the AIS Server generates a token and maintains a session for the user session according to the time out and time-to-live settings in Server Manager (rest.ini). A corresponding user session is also maintained on the EnterpriseOne HTML Server. You can view the AIS sessions in Server Manager, which displays "AIS Server" in the Display Mode for active AIS sessions. The AIS token is the key to the user session and must be passed on all subsequent calls that use that AIS session.
     For stateless AIS requests, credentials are supplied (not AIS tokens). Requests are given a temporary session that is removed once that request completes.
The original security model put in place for mobile applications still applies, even for non-mobile clients. The deviceName (or Device ID) is not required. If Device ID is not passed, the requesting IP address is used. Thus a token requested from one device or IP address cannot be used by another device or IP address. Validation is performed every time the token is used.

source: Oracle Documentation

Comments

Post a Comment

Popular posts from this blog

Deployment Server Recovery When There Is NO Backup

-
1. Install Deployment Server 2. Install the latest Planner ESU (DO NOT apply - just double click on the setup.exe to expand only the planner ESU or download and install from change assistant, but do not go into E1 Software Updates application P96470 to apply it to pathcodes. Also, be sure to run the setup.exe using the 'Run as Administrator' option.) 3. Install the Service Pack / Tools Release - the one which matches the Service Pack / Tools Release level on the enterprise server 4. Manually create System- XX Data source in Planner Data Source before running R9840C report as this report requires System -XX data source in Processing Option. Define the Data Source in Work With Data Sources (P986115) Application. 5. Copy the CNC System information from the DB server to JDEPLAN (R9840C).  Run UBE R9840C XJDE0001 from the Deployment Server - JDEPLAN Environment to Copy System Information as following: == Fast path to ‘BV’ for batch versions. Type as the Batch Application R9...
Read more

Oracle Cloud Infrastructure(OCI) - Part2

-
Image
In my earlier post (OCI -Part1 ), we have gone through OCI basic details, let's dive deep more into it. Before that, we need to u nderstand the following concepts and terminology to help you get started with Oracle Cloud Infrastructure.  Note: OCI is re-branding of Bare Metal Cloud Service (BMCS) BARE METAL HOST Oracle Cloud Infrastructure provides you control of the physical host (“bare metal”) machine. Bare metal compute instances run directly on bare metal servers without a hypervisor. When you provision a bare metal compute instance, you maintain sole control of the physical CPU, memory, and network interface card (NIC). You can configure and utilize the full capabilities of each physical machine as if it were hardware running in your own data center. You do not share the physical machine with any other tenants. REGIONS AND AVAILABILITY DOMAINS  Oracle Cloud Infrastructure is physically hosted in regions and availability domains. A region is a localized geographic area, an...
Read more

How to Change Your EnterpriseOne Environment Color

-
Image
Sometimes users start working and then forget which EnterpriseOne environment they are logged into. Can you tell which environment you are logged into? Luckily, there is a new UDC that allows you to change your EnterpriseOne environment color. You can now set up environments to be color-coded for when you need a clear visual distinction as to which environment you are logged into. This enables you to quickly identify the non-production environments by color. The new UDC is 98/CO and is available in EnterpriseOne Tools Release 9.2.4 with Applications Release 9.1 and 9.2. The image below shows the default EnterpriseOne environment color. However, you can easily change the color to reflect different environments. For example, DV could be red, PY could be green, and PD could be yellow, as shown below. To do so, just add a new row in the User Defined Codes section, enter the EnterpriseOne environment name and the HEX value of the color you want the environment to be, and ...
Read more