Categories
- All Categories
- Oracle Analytics Learning Hub
- 19 Oracle Analytics Sharing Center
- 18 Oracle Analytics Lounge
- 232 Oracle Analytics News
- 44 Oracle Analytics Videos
- 15.9K Oracle Analytics Forums
- 6.2K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 87 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
"FAW-CP-API-10059" Error While Using CA Signed Certificate For JWT Based Authentication To FA
You will face below error when using CA signed certificate for JSON Web Token (JWT) based authentication with Fusion Apps (FA) Source.
Follow Steps as per "FAW : Step By Step To Configure JWT based Authentication With FAW (Doc ID 2943679.1)", It will fail with error in below step :
OCI Console --> Hamburger Menu, select Analytics & AI --> Fusion Analytics Warehouse
Go to "Update Fusion Connection", select JWT Based Option and Test the connection :
====
Fusion Application Credentials Are Invalid
FAW-CP-API-10059 - Fusion source details not valid
Code: InvalidParameter
====
This is because for the JWT based authentication with FA source, only self signed certificate is supported for now.
Hence you must use self signed certificate for JWT authentication with Fusion Apps source as of now.
Note: For the certificate expiry, email notification will be sent 30 days before certificate expiry date, and follow up mail every 7 days.
Product Team is working on CA Signed certificate support and it will get included in a future release.
Comments
-
Hi @RanaAshutosh-Oracle @Dayne-Oracle
We’re in the process of recreating the FDI Non-Production instance using an alternate domain, rather than the default
Default-Identitydomain. However, we've encountered a roadblock during the JWT token configuration.Although the certificates have been correctly updated in Fusion Applications and we've allowed a 30-minute wait time, the instance creation continues to fail. The error message indicates that the Fusion Application credentials are invalid.
Could you please advise on how to proceed?
0 -
I'm stuck at the same point, PRATHEEK. It seems the product has changed since the docs and OBE were published.
0 -
Hello @PRATHEEK,
You may want to delete that screenshot as it shows a little too much.
@RanaAshutosh-Oracle For this error,
While configuring the token-based authentication, ensure that you enter FAWServiceJWTIssuer as the trusted issuer as documented here. Ensure that the generated RSA encryption private key contains at least 2048 characters. Then wait like you mentioned at least 15 minutes for the uploaded public certificate to become effective in your Oracle Fusion Cloud Applications instance.
Regards,
John
0 -
I figured this out, yesterday. The commands listed in all of the Oracle docs and KB articles left out a key component for me.
# STEP 1. Generate a new 4096-bit RSA private key:
openssl genrsa -out private_pkcs8.key 4096# STEP 2. Convert from PKCS#8 to PKCS#1
openssl rsa -in private_pkcs8.key -out private_pkcs1.key -traditional# STEP 3. Create self-signed cert
openssl req -new -x509 -key private_pkcs1.key -out publickey.cer -days 365 -subj "/C=US/ST=GA/L=ATL/O=CS"
Oracle docs list steps 1 & 3, not STEP 2.Some Oracle systems (like Fusion Data Intelligence, OIC, or FAW integrations) expect the key in traditional PKCS#1 format, not PKCS#8.
The difference is in the header and internal encoding:
-----BEGIN RSA PRIVATE KEY----- ← PKCS#1 works with Fusion
-----BEGIN PRIVATE KEY----- ← PKCS#8 fails
Add step 2, and see if it works for you.0
