Setup Tasks for Using the Oracle E-Business Suite Adapter as a Trigger (Source) Connection

To successfully use business events and XML Gateway messages as inbound integrations in Oracle Integration through the Oracle E-Business Suite Adapter, you must perform the following one-time setup tasks in Oracle E-Business Suite to enable the feature:

Store the Oracle Integration user credentials in Oracle E-Business Suite FND vault.

Execute the PL/SQL script $FND_TOP/sql/afvltput.sql from Oracle E-Business Suite backend to upload and store the user credentials in Oracle E-Business Suite FND vault.
1. Connect to an Oracle E-Business Suite database:
  
  sqlplus apps/apps_password
2. Execute the script to upload the Oracle Integration user name:
  
  @$FND_TOP/sql/afvltput.sql FND REST_USERNAME <Oracle Integration user name>
  
  Replace <Oracle Integration user name> with the user name used to log in to Oracle Integration, such as oiuser.
  
  Ensure that this user has a necessary Oracle Integration user role to execute integrations in Oracle Integration.
3. Execute the script to upload the Oracle Integration user password:
  
  @$FND_TOP/sql/afvltput.sql FND REST_PASSWORD Password
  
  Replace password with the actual password value associated with the Oracle Integration user.
At runtime, the Oracle Integration user credentials are retrieved from Oracle E-Business Suite FND vault and are embedded in the HTTP request along with business event data to Oracle Integration. It is included based on the HTTP Basic Authentication scheme. Oracle Integration then authenticates the user credentials based on the HTTP Basic Authentication method and accepts the business event data.

Configure proxy host and port for XML Gateway messages.

Note:

This step may not apply if there is no proxy server configured. In this case, ensure that network firewall rules for egress allow communication from Oracle E-Business Suite to Oracle Integration instance.

Log in to Oracle E-Business Suite as a user who has the System Administrator responsibility.

Select Oracle Applications Manager from the navigation menu. Navigate to the Site Map.
Click AutoConfig.
In the Context Files page, click the Edit Parameters icon for the Applications tier context file.

In the Context File Parameters page, select the System tab.

Expand the oa_web_server node and update the values for the following AutoConfig variables:

Name	Variable	Value
OXTAOutUseProxy	s_oxta_proxy	true
OXTAOutProxyHost	s_oxta_proxyhost	<proxy host>
OXTAOutProxyPort	s_oxta_proxyport	<proxy port>

Save your work.

Run AutoConfig from the application tier.

Refer to Using AutoConfig to Manage System Configurations in Release 12, My Oracle Support Knowledge Document 387859.1.

Refer to the Oracle E-Business Suite Setup Guide, Release 12.2 for information on changing AutoConfig variables and executing AutoConfig in the application tier.

Configure proxy host and port at Concurrent Manger Tier JVM.

Note:
This step may not apply if there is no proxy server configured. In this case, ensure that network firewall rules for egress allow communication from Oracle E-Business Suite to Oracle Integration instance.

To access Oracle Integration from Oracle E-Business Suite on-premise which is behind the firewall, all outbound requests from Oracle E-Business Suite need to be routed through proxy host and port. Therefore, you need to configure and set up the proxy appropriately at the Concurrent Manger Tier JVM.
1. Log in to Oracle E-Business Suite as a user who has the System Administrator responsibility.
  
  Select Oracle Applications Manager from the navigation menu. Navigate to the Site Map.
2. Click AutoConfig.
3. In the Context Files page, click the Edit Parameters icon for the Applications tier context file.
4. In the Context File Parameters page, select the Environments tab. Expand the oa_environments:adovars node to locate the APPSJREOPTS (AutoConfig variable or OA_VAR "s_appsjreopts").
5. Enter the following additional JVM parameters:
  
  -Dhttp.proxyHost=<http proxy host>
  
  -Dhttp.proxyPort=<http proxy port>
  
  -Dhttps.proxyHost=<ssl proxy host>
  
  -Dhttps.proxyPort=<ssl proxy port>
  
  Save your work.
6. Run AutoConfig from the application tier.
  
  Refer to Using AutoConfig to Manage System Configurations in Release 12, My Oracle Support Knowledge Document 387859.1.
  
  Refer to the Oracle E-Business Suite Setup Guide, Release 12.2 for information on changing AutoConfig variables and executing AutoConfig in the application tier.
Apply patches and configure the environment for communication over TLS 1.2.
1. Apply the following patches for your Oracle E-Business Suite environment.
  - For Oracle E-Business Suite 12.2, apply Patch 22612527 with the prerequisite Patch 13866584 to the FMW home.
  - For Oracle E-Business Suite 12.1.3, apply Patch 22612527 to the 10.1.3.5 home.
2. Update Java.
  
  Update JDK 7 under $AF_JRE_TOP with the Java Cryptography Extension (JCE) updates from the following page (https://www.oracle.com/java/technologies/javase-jce7-downloads.html). If you have a JAN-2016 Java version that already includes JCE, you can skip this step.
  
  Note:
  JDK 1.7.0_131 is the minimum required version for JDK 7 in Oracle E-Business Suite. For AIX platform, the minimum required version is JDK 1.7 SR10 FP1.
3. Update the Oracle E-Business Suite context variables using Oracle Applications Manager.
  1. Log in to Oracle E-Business Suite as a user who has the Workflow Administrator Web Applications responsibility.
  2. Select the Oracle Applications Manager link from the Navigator, and then select AutoConfig.
  3. Select the application tier context file, and choose Edit Parameters.
  4. Update the following context variables:
    - s_afjsmarg =-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 or -Dhttps.protocols=TLSv1.2
      - To enable TLS 1.2 with backward compatibility, add the following:
        
        s_afjsmarg = -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
      - To enable TLS 1.2 only, add the following:
        
        s_afjsmarg = -Dhttps.protocols=TLSv1.2
4. Run AutoConfig using the adautocfg.sh script in the application tier $ADMIN_SCRIPTS_HOME directory.
5. Use the adstpall.sh/adstrtal.sh script in the $ADMIN_SCRIPTS_HOME directory to stop and restart all services.
(Optional) Import the TLS certificates to cacerts in Oracle E-Business Suite.

This step is required only if the Oracle Integration server certificate is not in the Oracle E-Business Suite trusted certificate list.

Export the Oracle Integration Certificates

Perform the following steps to export the Oracle Integration certificates:
1. Access the Oracle Integration instance with the HTTPS URL from a web browser.
2. After the Oracle Integration UI page has been successfully loaded in a browser, double click the Lock icon in the bottom right corner of the browser and export the certificates.
  
  Note:
  Different browser versions may have different steps to export the TLS certificates.
  - In Internet Explorer, double click the Lock icon, then select Certificate Path. Select the topmost CA and click View Certificate. Then select Details, and then Copy to File.
  - In Mozilla Firefox, double click the Lock icon and then select More Information next to IC's secure connection information. Select the Security tab in Page Info pop-up window. Click View Certificate and then the Details tab. Select the topmost CA and then click Export.
  Alternatively, you can use the browser menu to export the certificates using the following steps:
  1. In Internet Explorer, select Internet Options from the Tools drop-down menu to open the Internet Options pop-up window.
  2. In the Content tab, click Certificates.
  3. In the Personal (or Other People) tab, select your certificates and click Export.
3. You can export or save the certificates either in DER encoded binary X.509 (.crt) or in Base64 encoded. For example, the exported certificate is named as rootCA.crt.
4. If the intermediate certificates mentioned in certificate chain is not present in the Oracle E-Business Suite trusted certificate list, you have to export the intermediate certificates in the sequence of intCA1.crt, intCA2.crt, . . . intCAn.crt.
Import the Oracle Integration Certificates to Oracle E-Business Suite

Perform the following steps to import the Oracle Integration certificates to Oracle E-Business Suite:
1. Navigate to the $AF_JRE_TOP/lib/security directory.
2. Back up the existing cacerts file.
3. Copy the Oracle Integration server's root certificate rootCA.crt imported earlier to the security directory.
4. Execute the following command to ensure that cacerts has the write permissions:
  
  $ chmod u+w cacerts
5. Add the server's root certificate rootCA.crt to the cacerts file:
  
  $ keytool -importcert -keystore cacerts -storepass -alias rootCA -file rootCA.crt -v
  
  Enter the keystore password when prompted. If the certificate already exists in the cacerts file, keytool will warn you and will allow you to cancel the import. Cancel the import.
  
  Note: If the intermediate certificates need to be imported to the cacerts file, import them in the following sequence after importing the root certificate rootCA.crt:
```
$ keytool -importcert -keystore cacerts -storepass -alias intCA1 -file intCA1.crt -v     
$ keytool -importcert -keystore cacerts -storepass -alias intCA1 -file intCA2.crt -v    
 ...     
$ keytool -importcert -keystore cacerts -storepass -alias intCA1 -file intCAn.crt -v
```
6. When you have completed the modifications to the cacerts file, reset the permissions:
  
  $ chmod u-w cacerts
7. Restart Oracle E-Business Suite application tier services. Use the adstpall.sh and adstrtal.sh scripts in the $ADMIN_SCRIPTS_HOME directory to stop and restart all services.