Oracle Identity Cloud Service Integration with Oracle Eloqua Marketing Cloud Service

Oracle launched its Identity Cloud Service (IDCS) in the fall of 2016.  IDCS is designed on Microservice architecture, which aligns with the Cloud principles of Scalability, Elasticity, Resilience, Ease of Deployment, Functional Agility, Technical Adoption, and Organization Alignment.  Moreover, IDCS is intended to provide a set of hybrid identity features to maintain a single identity for each user across on-premises and in-the-cloud services, while delivering a seamless user experience.

This blog is the first of a multi-part series that will focus on providing insights and common use cases for IDCS.  In this post, we will discuss how an integration with IDCS can simplify user authentication and single-sign-on capabilities for Oracle Eloqua Marketing Cloud Service.  This blog post highlights the federation capability of IDCS.

High-Level Integration Steps

IDCS–Oracle Eloqua integration can be achieved using the following steps:


Step 1:  Upload users in Oracle IDCS via CSV import.

Step 2:  Create users in Oracle Eloqua Marketing Cloud Service.

Step 3:  Extract Identity Provider Metadata from IDCS and import to Oracle Eloqua Marketing Cloud Service.

Step 4:  Extract Service Provider Metadata from Oracle Eloqua Marketing Cloud Service and import it into IDCS.

Step 5:  Test the login.

In general, these high-level steps will remain the same for IDCS integration with any other Oracle Cloud Product.

Detailed Steps

The details of each step are listed below.

Step 1:  Upload users in Oracle IDCS via CSV import.

a.  Create a CSV file. A sample CSV file can be found on the Oracle Documentation here.


Sample file to create users in IDCS and Eloqua


b. Log in to IDCS.

c.  Click on the Users tab.


d.  Click on the Import button.


e.  Click the Browse button.

6f.  Select UserImport.csv.

g.  Click the Import button.


h.  User import completed.

8i.  Click on the Job tab and verify the user import status.


j.  Click on the User tab and validate the created users.


Step 2:  Create users in Oracle Eloqua Marketing Cloud Service.

a.  Log in to Oracle Eloqua Marketing Cloud Service.


b.  The Marketing Eloqua Cloud home page looks like this:


c.  Click on Contact from the Audience tab.

d.  Click the Upload button.


e.  Select the CSV file.


f.  Click the cloud to upload the file.


g.  Select the file that contains the users which need to be created in Oracle Eloqua Marketing Cloud Service.


h.  Validate the user details and click the Next Step button.


i.  Click the Next Step button.


j.  Select the root folder.


k.  Click the Finish button.

l.  The User is created.

Step 3:  Extract Identity Provider Metadata from IDCS and import to Oracle Marketing Cloud.

 Follow the below steps to extract Metadata from IDCS.

a.  Log in to IDCS.

b.  Enter user name and password to log in.


c.  Click on the file menu and select Save As.


d.  Enter the name of the file and click the Save button.


Follow the steps below to Import Metadata to Oracle Eloqua Marketing Cloud Service.

a.  Log in to Oracle Eloqua Marketing Cloud Service:


b.  Click the Settings icon in the upper right corner of the screen.


c.  Click on View Users.


d.  Click the Single Sign On tab, then click on Identity Provider Setting.


e.  The Identity Provider Management dashboard is displayed, as seen below:


f.  Click on the Upload Identity Provider from Metadata button.


g.  Enter the name of the Identity Provider and select the extracted IDCS file.


h.  Click the Open button.


i.  Click the Save Button.

Step 4:  Extract Service Provider Metadata from Oracle Eloqua Marketing Cloud and import to IDCS.

 Extract Service Provider Metadata from Oracle Eloqua Marketing Cloud.

a.  Log in to Oracle Eloqua Marketing Cloud Service: Click on the Settings icon in the upper right corner.


b.  Click on View Users.


c.  Click the Single Sign-On tab, then click on Identity Provider Settings.


d.  The Identity Provider Management dashboard is displayed, as shown below:


e.  Click on the IDCS Metadata link and note the following values. Also, download the signing certificate.

  • logoutRequestUrl
  • partnerProviderId
  • assertionConsumerUrl


f.  Click the Single Sign-On tab, then click on Certificate Setup.


g.  Click on Service Provider Certificate for IDCS Metadata.


h.  Click the Download button.


i.  Finish.

Importing Oracle Eloqua Marketing Cloud Service SP Metadata into IDCS.

Currently, IDCS does not offer any UI interface for the addition of Service Provider Metadata, or any other similar changes to SAML settings.  These functionalities are exposed as REST APIs.  Hence, any addition or likewise changes can be achieved by using the curl commands or using REST clients.

For example, we can use a poster plugin as a rest client for these operations.

Importing Service Provider Metadata to IDCS is a two-step process.

a.  Obtain access token from OIDCS as admin user.

URL: IDCS token service end point

Headers: Authorization

Operation: POST

Data: admin user, password, scope



b.  Use the above access token to invoke the REST API.

URL: IDCS token service end point

Headers: Authorization

Operation: POST

Data: Details populated with service provider SCIM schema


Step 5:  Test the login.

a.  Log in to Oracle Eloqua Marketing Cloud Service:


b.  Click Sign in with SSO or another account; Enter Company Name and click the Sign In button.


c.  The page should be redirected to the IDCS login.


d.  Enter IDCS username and password.


e.  User is now logged in to Eloqua Marketing Cloud successfully!


Finally, follow these steps to verify the underlying SAML Exchange.

a.  Behind the scenes, the Eloqua service provider sends a signed authentication request to IDCS (which can be seen in the SAML tracer plugin in Chrome).


b.  IDCS Identity Provider sends a signed assertion response confirming the user’s identity.


Concluding Remarks

Here, we saw how simple and easy it is to on-board a cloud application for Federation.  The frustrations of on-premises solutions, such as acquiring hardware, setting up the load balancer, installing and configuring components can be avoided.  The cloud instance is readily available for everyone immediately from day-one, unlike the on-premises solution which required months to prepare the environment.

Oracle Identity Cloud Service provides a comprehensive IAM platform, built on modern cloud principles that can be used by organizations to simplify interactions with business partners and customers.

Tagged with: , , , , ,

Installing Oracle Identity & Access Manager Suite with the LCM (Lifecycle Management) Tool

shutterstock_332258036Recently, while working on an IAM project in which we needed to build an Enterprise Security Infrastructure using the 11gR2PS3 version of the IAM software, the requirement for Lifecycle Management (LCM) presented itself.  The LCM tool is designed to simplify and automate the multiple manual steps of a typical IAM installation.

The traditional method of installation includes installing/configuring quite a few components, such as JAVA, WebLogic, SOA, OIM, RCU, then creating a domain.  With the introduction of LCM, the installation is simplified and automated; however, there is a learning curve involved and there are changes expected in the infrastructure.

It is important to fully understand the various aspects of the LCM tools and their benefit, as well as how LCM can help reduce implementation time.  Herein is a brief presentation prepared for our customer in order to educate them on LCM, as well as highlight the benefits, challenges, and limitation of the LCM tool.


Tagged with: , , , , ,

Implementing Restrictions on a Claimed Human Task

Recently, we ran into an issue in which we had multiple users in BPM falling under the same group with similar access, and we needed to restrict the users’ access to the BPM Human Task claimed by another user.  In this way, only the assigned party can take actions on the Task.

In order to provide a solution to the above issue, we worked within the Access Restrictions provided in Human Task, and restricted the Owner of the Task with “View Only” access.

The below snapshots illustrate this process.

  • Open Human Task and go to Access → Actions (Tab).


  • Uncheck all grants, except “View”, “Resume Timers”, and “Suspend Timers”.


  • Save and Test the Process. Any user other than the Assignee should not be able to perform any action on the Task.
Tagged with: , , , ,

Did you know? Oracle Mobile: JSONBeanSerializationHelper Does Not Respect Case!

shutterstock_273386390Oracle Mobile is a framework provided by Oracle that enables developers to build cross-platform mobile applications.  At AST, a passionate set of developers are using Oracle Mobile to build mobile applications that will be used as an extension for Oracle Cloud Products.  During our development life-cycle, we discovered a fundamental issue with the Oracle Mobile framework, particularly with the JSONBeanSerializationHelper class.

The role of the JSONBeanSerializationHelper class within the Oracle Mobile framework is to convert JAVA objects to JSON strings.  A JSON string is an industry standard accepted for data representation; it consists of name: value pairs.  According to the JSON Specification, a JSON String is always case-sensitive.  When the JSONBeanSerializationHelper converts a JAVA object into name: value pairs, it doesn’t respect the variable case in the JAVA object.  All variables are converted to names in JSON strings in lowercase.

We took this up with Oracle and have an Enhancement Request (ER) logged.  We will update this post once the ER has been resolved.

Described below is a use case and how this impacts the mobile application integration with Oracle Service Cloud.  However, you could face the same issue when integrating with other Oracle Cloud Products:

Use Case

Consider a use case in which you have a mobile application built using Oracle Mobile.  The application has a feature that allows you to create an incident in Oracle Service Cloud.

Issue Details

  • Consider an Incident bean defined as:

  • An incident object will be instantiated and initialized when the user inputs the required values from the mobile interface.
  • The incident object is then converted to JSON using oracle.adfmf.framework.api.JSONBeanSerializationHelper

  • Converted jsonObject:

  • The JSON generated will not be accepted by the create incident API because:
    1. It contains “null” names: value pairs for variables that did not hold any values
    2. It contains a “type” name: value pair for variable with custom data types
    3. It contains “propertyChangeSupport” names: value pairs as the beans had a property change attribute defined. This is not expected by the create incident REST-API
    4. The JSON did not respect the case of the JAVA variables defined in the Incident bean when generating corresponding name: value pairs.
      1. For example: Consider the attribute “transit” in the JSON – the JAVA variable was defined as “Transit”. The create incident REST-API also expects the name to be “Transit”.


  • Option 1: Create your own implementation of the JSON serialization class. 
  • Option 2: Create a method to format your JSON as a break-fix.
    • Call custom method removeNullsAndTypeFromJSON post-JSON conversion

  • removeNullsAndTypeFromJSON” method implementation:


Tagged with: , , , , ,

Removing Empty Elements from a Large XML Payload

shutterstock_237797614You sometimes may have large payload structures with most of the elements empty, especially when using canonical schemas.  This large payload structure, combined with a large volume of data, can result in a significant part of the payload containing empty elements, leading to transformation errors or service errors.

As an example, in one of our recent projects, we had a service using a canonical schema as input, and in our use case, we passed only the relevant information, leaving the remaining elements empty.  This resulted in a null pointer exception in remote service, as it was not configured to handle empty elements correctly.  Changes in the implementation of the remote service were out of our purview, hence, the only solution available in this case was not to pass any empty elements.

Another benefit of removing unused empty elements, in such cases, is the reduction in actual payload size, as many of the generic empty elements will be removed from the XML payload.

One way of removing empty elements in the payload is adding “If” conditions in the transformation; however, this will make the transformation complex, especially when dealing with a canonical schema.  Further, this would not be a reusable solution, as it would be tied to a particular type of canonical schema.  If the canonical schema is complex and large, this would enhance that complexity.

Alternatively, by using an XSLT transformation, we can create a generic reusable solution that can remove all empty elements, regardless of the XML schema, thereby avoiding the need to create complex transformations.  The following XSLT will remove all empty elements from the input and assign non-empty elements to the output.  You can use the same variable name as input and output, and the resulting XML payload will have only non-empty elements and a much smaller size.

The following is the generic XSLT transformation that can be used, regardless of input and output XML schemas:

To utilize this XSLT transformation, add an XSLT transformation activity in your SOA process and assign the input and output variables.  Add the above code snippet to the newly created XSLT transformation.  Use the source view to make this change. The end result will look similar to the attached XSLT file, included for your reference.


Reference XSLT

Tagged with: , , ,

Oracle Service Bus 12C: Enabling Attachment Support

Oracle Service Bus (OSB) 12C has been simplified by enabling creation and modification of services right inside JDeveloper, alongside SOA development.  However, this has introduced a learning curve for developers to learn and adapt to OSB development using JDeveloper IDE.  A common use case for OSB service development is to allow attachments to pass through as part of the response.  In this post, we discuss about how it can be done in OSB 12C using JDeveloper.

Unlike SOA web service adaptors, OSB does not support attaching MTOM policy (oracle/wsmtom_policy) to the proxy or business services.


At design time, JDeveloper doesn’t restrict usage of MTOM policy, and it will compile without any errors. However, when the service is deployed, it will fail with the following error:

“[OSB-387177]OWSM Policy oracle/wsmtom_policy is not supported.”

To get our use case working, three steps are required.  The first is to remove the attached MTOM policies from the Proxy and Business services.  This will ensure there are no deployment failures.

The second change should be in the pipeline.  Open the pipeline and switch it to the “Configuration” view (the default is “Design” view).  Then, go to the “Message Handling” sub-tab and select the checkbox:  “XOP/MTOM Support”.


The third and final change required is in the Business Service.  Open the Business Service and go to the “Message Handling” sub-tab.  Select the checkbox:  “XOP/MTOM Support”.  Here, select the appropriate option, depending on whether you want an attachment (Include Binary Data by Reference) or inline data (Include Binary Data by Value).


After completing this configuration, the compilation and deployment will proceed without any issues.

Note: The output structure should be defined in XML schema with base64Binary as the element type. Here is a sample type definition:

If you have any questions or comments, please leave them below and we’ll get back to you!

Tagged with: , , , , , , , ,

Tech Shorts: Errors in Provisioning Oracle SOA Cloud Service

Oracle Cloud Service, with its array of IaaS, PaaS, and SaaS offerings, is slowly becoming the tool of choice for business and IT teams when it comes to maximizing development efficiency and improving application roll outs.  For Oracle SOA Suite, setting up the development (dev) environment, which was once a considerably technical process prior to Oracle SOA Suite 11g, has improved greatly with the introduction of Oracle SOA Suite 12c.

Now, with the ability to provision Oracle SOA Suite on the cloud as a Cloud Service instance, it has become even more business friendly and efficient. All of the steps have been neatly documented by Oracle at

We recently worked on setting up a development environment for our internal use with SOA-CS.  However, after following all of the steps mentioned in the above link, our provisioning failed at the final step while configuring Oracle SOA Cloud Service, providing an error such as the one below:

This error was visible after clicking on the failed provisioning request, as shown below:


Navigating to the JCS Service console for more details revealed the actual error to be:

As part of the provisioning steps, the access rules are not enabled by default, but need to be enabled manually. After completing Section 1 from the link above, login to your DBaaS service console and click on the DB Service instance initially created as part of the process. Then, click on Access Rules, as shown in the following screenshot:


You will see that the rule ‘ora_p2_dblistener’ is disabled by default:


Click on the Actions column for that rule and enable the rule, after which you should see the rule enabled:


Once this has been enabled, you can start provisioning and connect to your Oracle SOA Cloud Service; this database error should no longer occur.

If you would like additional detailed steps regarding our particular use case and provisioning considerations, please leave a comment and we will elaborate on the steps involved.

Tagged with: , , , , , ,

SOA 12c Upgrade: Development Team Do’s and Don’ts

shutterstock_313024049With the introduction of Oracle SOA Suite 12c, it has become imperative for any organization using Oracle SOA Suite 11g to migrate to the newer and better stack.  This upgrade offers a host of benefits, such as added features, bug fixes, and the ability to stay current with the latest technologies.  However, as is the case with any other software upgrade, appropriate and thorough planning is crucial to realizing the full benefit of the upgraded solution.

Recently, we’ve had the opportunity with some of our customers to migrate their SOA Suite 11g applications into Oracle SOA Suite 12c. This post is the first in a series that will provide the observations and lessons learned from these experiences, and we hope you find this information helpful in your application migrations.

In this first post, we tackle issues pertaining to the developer team.  As main characters in any migration, the developer team should understand the following obstacles, and their solutions, likely to be faced while performing the upgrade.

Migrating Code

One of the promises of Oracle SOA Suite 12c is its commitment to ensuring high developer productivity. This is evident with JDeveloper 12c having integrated servers and OSB Development support, among others.

To migrate any Oracle SOA Suite 11g applications, open the application file (e.g. HelloWorld.jws) in JDeveloper 12c. The editor automatically prompts for migration and completes the migration successfully.

Once the migration is completed by JDeveloper, the development team should begin looking into the following areas for fixing any issues, should they arise.

Usage of Older XPath Functions

Earlier releases of Oracle SOA Suite 11g encouraged the use of getCompositeInstanceID() as a way to identify and track the running instances. With the advent of the Flow ID concept, it is advisable to use the getFlowID() function where the FlowID of the instance needs to be tracked.

*The use of FlowID to track instances will be explained in a later blog post, and this post will be updated with the link.

Also, be observant for the change in the namespace prefix for some of the functions.  For example, bpelx:copyList() should be used instead of ora:copyList(), although both the functions are available.

Older Composites Failing to Migrate

If you have certain SOA composites built using JDeveloper, then you might face issues while migrating in JDeveloper 12c. The error type would be:

The resolution for this error is to download and apply Patch 18532283, according to your SOA 12c version – for now, available on

Composite Definition not Showing up in Enterprise Manager

A new feature in Oracle SOA Suite 12c EM is the ability to see the composite definition (the process flow) in EM. This is helpful for multiple reasons, such as testers understanding the various components, providing a high level view of the flow. For Oracle SOA Suite components/composites developed in JDeveloper 12c, one can easily see the composite definition in EM under the tab ‘Composite Definition’, as shown below.


However, since you will be working on migrating projects from previous versions to 12c, you might face an error message displayed as follows for any composites which were initially developed using JDeveloper 11g:


In the composite.xml file, find the following two properties:

Remove the originalProductVersion property, then compile and deploy again to your 12c environment.  You should now be able to see the composite definition.

JDeveloper OSB Workspace Set Up

JDeveloper 12c is an excellent IDE, improving developer productivity with such features such as Integrated Server for quick start, as well as an integrated IDE, in which you can develop both SOA composites and OSB components.  When it comes to OSB development, one feature that makes JDeveloper 12c take a backseat compared to Oracle Enterprise Pack for Eclipse (for OSB Development), is the lack of ability to import projects from an existing workspace to the OSB application.

Plan your development set-up for OSB projects carefully.  Once you import OSB projects by selecting the option for “Import sbconfig”, the projects are created in JDeveloper’s own workspace, and you must then sync them with your central repository system.  Similarly, plan the development strategy accordingly, choosing whether to have OSB applications for each OSB project, or bundle them together into one application.  The latter approach is recommended since your projects might have inter-dependencies with each other.

XQuery Files Improperly Displayed in the Graphical Editor in JDeveloper

Once the OSB projects have been migrated, right-click on each project and select the option shown below:


Your transformations will now be displayed in the graphical editor in JDeveloper 12c without any issues.

Using In-Memory Optimization

In-Memory Optimization was a feature present in SOA Suite 10g, but was dropped in SOA Suite 11g.  It has now been re-introduced in Oracle SOA Suite 12c and greatly improves the performance of transient BPEL processes; however, exercise caution with this implementation.  It is advisable to perform a load test on the sample application on which you plan to use In-Memory Optimization in order to verify whether the performance is, indeed, improved.

In one of our migration implementations, we found that the In-Memory Optimization was not providing the expected results.  Be sure to make a calculated decision as to whether you really need In-Memory Optimization and, if needed, follow up with Oracle Support should you not get expected results.

This blog series will continue to cover other areas in which the team should plan ahead, as well as additional issues for the Middleware team to look out for.  Also, be advised that this post will be updated as we discover new scenarios to be mindful of.

Tagged with: , , , , , ,

NIEM Adoption: A Step-by-Step Guide to IEPD Creation

shutterstock_240707917NIEM (National Information Exchange Model) provides a standards-based approach to building data exchange solutions, thereby increasing efficiencies and improving the decision-making process.  NIEM is being used across all 50 states, as well as by the majority of federal agencies in the U.S.  NIEM is crucial in ensuring that data between various agencies and departments can be easily exchanged and understood based on a common vocabulary.  An important step in NIEM adoption is the development of IEPD (Information Exchange Package Documentation), which enables the creation of NIEM-conformant artifacts, including an XML structure to satisfy information exchange business requirements.

NIEM has been under development for over a decade, and is quite comprehensive in its approach to defining entities and relationships.  AST’s whitepaper, “Building an IEPD for NIEM Model” provides in-depth understanding of building an IEPD.  Once developed, the IEPD artifacts can be used with any standards-based integration tool, such as Oracle Fusion Middleware, to develop a Data Exchange solution.

Read more in the AST published whitepaper, here.

Tagged with: , , ,

College of American Pathologists CIO Recognizes AST Contributions – CIO Award

College of American Pathologists (CAP) CIO Greg Gleason and his leadership team visited AST’s home office last week to discuss our long-standing business relationship of over 12 years.  During the meeting, CAP discussed its strategic initiatives and how AST can play a significant role in the future direction of their organization.

Gleason acknowledged the exceptional work by AST’s team on both past and current assignments.  Our team members Abhay K. and Pierre P. were personally recognized by the CIO with a distinct award, acknowledging their hard work and dedication to CAP on multiple projects over the years.

While Pierre was present to receive his award in person, Abhay was hard at work on a project that will shape the CAP IDM infrastructure for years to come.

We are very proud of you, Abhay and Pierre!  Moments like these inspire us all as a team! Congratulations, and keep up the great work!


Tagged with: , ,