Setup Tasks for Using the Oracle E-Business Suite Adapter as a Trigger (Source) Connection
To successfully use business events and XML Gateway messages as inbound integrations in Oracle Integration through the Oracle E-Business Suite Adapter, you must perform the following one-time setup tasks in Oracle E-Business Suite to enable the feature:
-
Store the Oracle Integration user credentials in Oracle E-Business Suite FND vault.
Execute the PL/SQL script
$FND_TOP/sql/afvltput.sql
from Oracle E-Business Suite backend to upload and store the user credentials in Oracle E-Business Suite FND vault.-
Connect to an Oracle E-Business Suite database:
sqlplus apps/apps_password
-
Execute the script to upload the Oracle Integration user name:
@$FND_TOP/sql/afvltput.sql FND REST_USERNAME <Oracle Integration user name>
Replace
<Oracle Integration user name>
with the user name used to log in to Oracle Integration, such asoiuser
.Ensure that this user has a necessary Oracle Integration user role to execute integrations in Oracle Integration.
-
Execute the script to upload the Oracle Integration user password:
@$FND_TOP/sql/afvltput.sql FND REST_PASSWORD Password
Replace
password
with the actual password value associated with the Oracle Integration user.
At runtime, the Oracle Integration user credentials are retrieved from Oracle E-Business Suite FND vault and are embedded in the HTTP request along with business event data to Oracle Integration. It is included based on the HTTP Basic Authentication scheme. Oracle Integration then authenticates the user credentials based on the HTTP Basic Authentication method and accepts the business event data.
-
-
Configure proxy host and port for XML Gateway messages.
Note:
This step may not apply if there is no proxy server configured. In this case, ensure that network firewall rules for egress allow communication from Oracle E-Business Suite to Oracle Integration instance.-
Log in to Oracle E-Business Suite as a user who has the System Administrator responsibility.
Select Oracle Applications Manager from the navigation menu. Navigate to the Site Map.
-
Click AutoConfig.
-
In the Context Files page, click the Edit Parameters icon for the Applications tier context file.
-
In the Context File Parameters page, select the System tab.
Expand the
oa_web_server
node and update the values for the following AutoConfig variables:Name Variable Value OXTAOutUseProxy s_oxta_proxy true OXTAOutProxyHost s_oxta_proxyhost <proxy host> OXTAOutProxyPort s_oxta_proxyport <proxy port> Save your work.
-
Run AutoConfig from the application tier.
Refer to Using AutoConfig to Manage System Configurations in Release 12, My Oracle Support Knowledge Document 387859.1.
Refer to the Oracle E-Business Suite Setup Guide, Release 12.2 for information on changing AutoConfig variables and executing AutoConfig in the application tier.
-
-
Configure proxy host and port at Concurrent Manger Tier JVM.
Note:
This step may not apply if there is no proxy server configured. In this case, ensure that network firewall rules for egress allow communication from Oracle E-Business Suite to Oracle Integration instance.To access Oracle Integration from Oracle E-Business Suite on-premise which is behind the firewall, all outbound requests from Oracle E-Business Suite need to be routed through proxy host and port. Therefore, you need to configure and set up the proxy appropriately at the Concurrent Manger Tier JVM.
-
Log in to Oracle E-Business Suite as a user who has the System Administrator responsibility.
Select Oracle Applications Manager from the navigation menu. Navigate to the Site Map.
-
Click AutoConfig.
-
In the Context Files page, click the Edit Parameters icon for the Applications tier context file.
-
In the Context File Parameters page, select the Environments tab. Expand the
oa_environments:adovars
node to locate the APPSJREOPTS (AutoConfig variable or OA_VAR "s_appsjreopts
"). -
Enter the following additional JVM parameters:
-Dhttp.proxyHost=<http proxy host>
-Dhttp.proxyPort=<http proxy port>
-Dhttps.proxyHost=<ssl proxy host>
-Dhttps.proxyPort=<ssl proxy port>
Save your work.
-
Run AutoConfig from the application tier.
Refer to Using AutoConfig to Manage System Configurations in Release 12, My Oracle Support Knowledge Document 387859.1.
Refer to the Oracle E-Business Suite Setup Guide, Release 12.2 for information on changing AutoConfig variables and executing AutoConfig in the application tier.
-
-
Apply patches and configure the environment for communication over TLS 1.2.
-
Apply the following patches for your Oracle E-Business Suite environment.
-
For Oracle E-Business Suite 12.2, apply Patch 22612527 with the prerequisite Patch 13866584 to the FMW home.
-
For Oracle E-Business Suite 12.1.3, apply Patch 22612527 to the 10.1.3.5 home.
-
-
Update Java.
Update JDK 7 under
$AF_JRE_TOP
with the Java Cryptography Extension (JCE) updates from the following page (https://www.oracle.com/java/technologies/javase-jce7-downloads.html
). If you have a JAN-2016 Java version that already includes JCE, you can skip this step.Note:
JDK 1.7.0_131
is the minimum required version for JDK 7 in Oracle E-Business Suite. For AIX platform, the minimum required version isJDK 1.7 SR10 FP1
. -
Update the Oracle E-Business Suite context variables using Oracle Applications Manager.
-
Log in to Oracle E-Business Suite as a user who has the Workflow Administrator Web Applications responsibility.
-
Select the Oracle Applications Manager link from the Navigator, and then select AutoConfig.
-
Select the application tier context file, and choose Edit Parameters.
-
Update the following context variables:
-
s_afjsmarg =
-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 or -Dhttps.protocols=TLSv1.2
-
To enable TLS 1.2 with backward compatibility, add the following:
s_afjsmarg = -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
-
To enable TLS 1.2 only, add the following:
s_afjsmarg = -Dhttps.protocols=TLSv1.2
-
-
-
-
Run AutoConfig using the
adautocfg.sh
script in the application tier$ADMIN_SCRIPTS_HOME
directory. -
Use the
adstpall.sh/adstrtal.sh
script in the$ADMIN_SCRIPTS_HOME
directory to stop and restart all services.
-
-
(Optional) Import the TLS certificates to
cacerts
in Oracle E-Business Suite.This step is required only if the Oracle Integration server certificate is not in the Oracle E-Business Suite trusted certificate list.
Export the Oracle Integration Certificates
Perform the following steps to export the Oracle Integration certificates:
-
Access the Oracle Integration instance with the HTTPS URL from a web browser.
-
After the Oracle Integration UI page has been successfully loaded in a browser, double click the Lock icon in the bottom right corner of the browser and export the certificates.
Note:
Different browser versions may have different steps to export the TLS certificates.-
In Internet Explorer, double click the Lock icon, then select Certificate Path. Select the topmost CA and click View Certificate. Then select Details, and then Copy to File.
-
In Mozilla Firefox, double click the Lock icon and then select More Information next to IC's secure connection information. Select the Security tab in Page Info pop-up window. Click View Certificate and then the Details tab. Select the topmost CA and then click Export.
Alternatively, you can use the browser menu to export the certificates using the following steps:
-
In Internet Explorer, select Internet Options from the Tools drop-down menu to open the Internet Options pop-up window.
-
In the Content tab, click Certificates.
-
In the Personal (or Other People) tab, select your certificates and click Export.
-
-
You can export or save the certificates either in DER encoded binary X.509 (
.crt
) or in Base64 encoded. For example, the exported certificate is named asrootCA.crt
. -
If the intermediate certificates mentioned in certificate chain is not present in the Oracle E-Business Suite trusted certificate list, you have to export the intermediate certificates in the sequence of
intCA1.crt
,intCA2.crt
, . . .intCAn.crt
.
Import the Oracle Integration Certificates to Oracle E-Business Suite
Perform the following steps to import the Oracle Integration certificates to Oracle E-Business Suite:
-
Navigate to the
$AF_JRE_TOP/lib/security
directory. -
Back up the existing
cacerts
file. -
Copy the Oracle Integration server's root certificate
rootCA.crt
imported earlier to thesecurity
directory. -
Execute the following command to ensure that
cacerts
has the write permissions:$ chmod u+w cacerts
-
Add the server's root certificate
rootCA.crt
to thecacerts
file:$ keytool -importcert -keystore cacerts -storepass -alias rootCA -file rootCA.crt -v
Enter the keystore password when prompted. If the certificate already exists in the
cacerts
file, keytool will warn you and will allow you to cancel the import. Cancel the import.Note: If the intermediate certificates need to be imported to the
cacerts
file, import them in the following sequence after importing the root certificaterootCA.crt
:$ keytool -importcert -keystore cacerts -storepass -alias intCA1 -file intCA1.crt -v $ keytool -importcert -keystore cacerts -storepass -alias intCA1 -file intCA2.crt -v ... $ keytool -importcert -keystore cacerts -storepass -alias intCA1 -file intCAn.crt -v
-
When you have completed the modifications to the
cacerts
file, reset the permissions:$ chmod u-w cacerts
-
Restart Oracle E-Business Suite application tier services. Use the
adstpall.sh
andadstrtal.sh
scripts in the $ADMIN_SCRIPTS_HOME directory to stop and restart all services.
-