Prerequisites for Creating a Connection

You must satisfy the following prerequisites to create a connection with the Oracle ERP Cloud Adapter:

Prerequisite Description For More Information
Subscribe to Oracle ERP Cloud. This action enables you to create an Oracle ERP Cloud user account with the correct privileges. You specify this user account when creating an Oracle ERP Cloud Adapter connection on the Connections page. See Configure Connection Security. See Oracle ERP Cloud.
Obtain the necessary Oracle ERP Cloud service catalog service WSDL URL or event catalog URL. You must specify a mandatory Oracle ERP Cloud service catalog service WSDL (for accessing business objects) and optionally an event catalog URL (for subscribing to events). See Obtain the Oracle ERP Cloud Service Catalog Service WSDL or Event Catalog URL.
Assign roles to the user. Ensure that the Fusion Applications user has the required roles These roles are required for enabling event subscriptions or selecting business objects. See Assign Required Roles to an Integration User.
Subscribe to events in Oracle ERP Cloud To subscribe to Oracle ERP Cloud events in an integration, you must create a CSF key. Create the CSF key from the Oracle SOA Composer instance located in the Oracle Fusion Applications Supply Chain Management (SCM) domain. See Configure Oracle ERP Cloud for Event Subscriptions.
Upload files in bulk and insert data into Oracle ERP Cloud application tables.

The Oracle ERP Cloud Adapter supports the loading of bulk data into Oracle ERP Cloud through integration with the Universal Content Management (UCM) system. UCM enables you to perform bulk upload of files and insertion of data into Oracle ERP Cloud application tables.

See Upload Files in Bulk and Insert Data into Oracle ERP Cloud Application Tables for New Integrations.

Upload files to Oracle WebCenter Content

The Oracle ERP Cloud Adapter supports the loading of files to Oracle WebCenter Content. See Upload Files to Oracle WebCenter Content.

Obtain the Oracle ERP Cloud Service Catalog Service WSDL or Event Catalog URL

You must obtain a required service catalog service WSDL (for accessing and configuring the inbound and outbound adapter to use either business objects or business services) and optionally an event catalog URL (for accessing and configuring the inbound adapter to use event subscriptions).

The following sections describe how to obtain the service catalog service WSDL and event catalog URL:

For Fusion Applications Releases 10 Through 12

Obtain the Oracle Fusion Applications Releases 10 through 12 service catalog service WSDLs and event catalog URLs through the following methods.

Obtain the Service Catalog Service WSDL for Releases 10 Through 11

WSDL Requirements Where Do You Get the WSDL?

The URL must be that of a service catalog service WSDL. The service catalog service is a Fusion Application service that returns a list of external services available for integration. It allows clients to retrieve information about all public Fusion Application service endpoints available for that instance.

The service catalog service enables clients to retrieve information about all public Oracle Fusion Application service endpoints available for that instance. The information it returns is specific to the particular cloud instance and also reflects the new services that may have been introduced in patches applied to the instance. This service is used to programmatically discover the SOAP services available on the cloud instance and retrieve the necessary metadata to invoke the SOAP services to manage business objects.

The developer creating an Oracle ERP Cloud connection must work with the Oracle ERP Cloud service administrator to get the concrete WSDL URL for the service catalog service provisioned for the specific SaaS application.

This section describes how to derive the external virtual host and port for a tokenized service catalog service WSDL. The topology information in the Topology Registration setup task contains the external virtual host and port for the domains and applications. The following instructions describe the steps for deriving the values using the service catalog service WSDL URL as an example: https://atf_server:port/fndAppCoreServices/ServiceCatalogService.

To access the Review Topology page, the ASM_REVIEW_TOPOLOGY_HIERARCHY_PRIV entitlement must be granted to the user’s job role. The entitlement is granted to the ASM_APPLICATION_DEPLOYER_DUTY duty role, which is inherited by the duty roles ASM_APPLICATION_DEVELOPER_DUTY and ASM_APPLICATION_ADMIN_DUTY.

If the menu items and tasks described in the following procedure are not available in your cloud instance, your user account is missing the required role. Contact your cloud instance security administrator for assistance.

  1. Log in to the cloud instance.

  2. Click the Navigator icon in the global area in the top part of the window, then chose Setup and Maintenance under the Tools heading.

  3. Select Review Topology under the Topology Registration section in the Tasks regional area on the left side of the window.

  4. Click the Detailed tab in the middle of the window.

    The tab shows the list of domains configured in the cloud instance.
    Description of osc_get_wsdl_detals.png follows
    Description of the illustration osc_get_wsdl_detals.png

  5. Map the token name for the service path value to the domain name in the Topology Manager:
    Token Name in Service Path Domain Name
    atf_server CommonDomain
    crm_server CRMDomain
    fin_server FinancialDomain
    hcm_server HCMDomain
    ic_server ICDomain
    prc_server ProcurementDomain
    prj_server ProjectsDomain
    scm_server SCMDomain
  6. Expand the domain name and select any external virtual host and port for the J2EE applications that are deployed on the domain. In the sample window, the values for this particular instance are fs-your-cloud-hostname and 443, respectively.
    Description of osc_get_wsdl_detals2.png follows
    Description of the illustration osc_get_wsdl_detals2.png

  7. Replace the domainName_server:PortNumber with the external virtual host and port identified in the previous step. For example:

    https://fs-your-cloud-hostname:port/fndAppCoreServices/ServiceCatalogService?wsdl

Obtain the Service Catalog Service WSDL For Release 12

To obtain the physical endpoint of your instance, perform the following steps:
  1. Log in to the Fusion Applications home page. For example:

    https://acme.fs.us2.oraclecloud.com/homePage/faces/FuseWelcome

    Where acme is the system name and fs is a Fusion Applications domain.

  2. Copy https://acme.fs.us2.oraclecloud.com/ and append fndAppCoreServices/ServiceCatalogService?WSDL to it.

    https://acme.fs.us2.oraclecloud.com/fndAppCoreServices/ServiceCatalogService?WSDL

Obtain the Event Catalog URL

You must know the customer relationship management (CRM) URL format to access the CRM application user interface. Follow the URL format to determine the event catalog URL. For example:

  1. Copy the following URL and replace fs with the respective domain, such as fin, scm, crm, and so on.

https://acme.fs.us2.oraclecloud.com/

The event catalog URL to use is:

https://acme.fin.us2.oraclecloud.com/soa-infra

The event catalog URL https://host/soa-infra is a partial URL and must only be provided on the Connections page. Do not open this URL with a browser. If you do, you receive a Page not found error. The adapter does not access this URL directly. Instead, it automatically appends the required resource path to make the URL fully valid (when it needs to access the event catalog).

To check the public events defined in the catalog, enter the following complete URL in a browser:

https://host:port/soa-infra/PublicEvent/catalog

For Fusion Applications Releases 13 and Later

Obtain the Oracle Fusion Applications Release 13 and later service catalog service WSDLs and event catalog URLs through the following methods.

Obtain the Service Catalog Service WSDL

To obtain the physical endpoint of your instance, perform the following steps:

  1. Log in to the Fusion Applications home page. For example:

    https://acme.fa.us6.oraclecloud.com/fscmUI/faces/FuseWelcome

    Where acme is the system name and us6 is the data center.

  2. Copy https://acme.fa.us6.oraclecloud.com/ and append it with fscmService/ServiceCatalogService?WSDL. For example:

    https://acme.fs.us2.oraclecloud.com/fscmService/ServiceCatalogService?WSDL
Obtain the Event Catalog URL

Starting in Release 13, you access all Fusion Applications URLs using a consolidated endpoint. You must switch to the new consolidated endpoint that conforms to the following naming pattern:

https://systemName.fa.dcsn.oraclecloud.com/...
You must switch to the consolidated endpoint immediately after upgrading to Release 13. Newly provisioned instances using Release 13 only have the consolidated endpoint available. In Release 13, multiple domains are consolidated. You must specify the domain in the URL. For example, if specifying the fa domain, the URL looks as follows:
  1. Copy the following URL:

    https://acme.fa.us6.oraclecloud.com/
  2. Append soa-infra to the end of the URL:

    https://acme.fa.us6.oraclecloud.com/soa-infra

Assign Required Roles to an Integration User

To use the Oracle ERP Cloud Adapter in an integration, you must assign specific roles to an integration user.

Associating the Integration User with the Following Roles and Privileges

You associate the user with the following roles and privileges.
Role Description

ALL_INTEGRATION_POINTS_ALL_DATA

Starting with release 12, this role is no longer supported. When existing customers upgrade to release 12, users with this role continue using it, although it is hidden from the Security Console. If you create a new integration user in release 12 or later, you cannot assign this role.

Integration Specialist

This is a job role and does not include data roles. Assign the Integration Specialist role that inherits Oracle ERP Cloud roles. This role applies to Releases 12 and 13.

Oracle ERP Cloud-specific data access to the integration user

You must specify the specific data access roles based on the objects you want to integrate. This role applies to Releases 12 and 13. See Managing Data Access for Users: Explained of Cloud Securing Oracle ERP Cloud.

AttachmentsUser

Provides access to the Attachments security group to download the log file or the output file with the ERP Integration Service. Starting with Release 12, this role is automatically shipped. You must verify that this role is automatically assigned to the user.

SOAOperator

The SOA operator role.

FND_MANAGE_CATALOG_SERVICE_PRIV

The role to manage the web services catalog.

Customer Relationship Management Application Administrator (for Oracle CRM Cloud implementations)

See Job Role: Customer Relationship Management Application Administrator of Cloud Security Reference for Oracle Sales Cloud.

Additional roles may be required as per each interface requirements.

See the Oracle Integration - Fusion Applications Security Requirements blog for additional details.

Using the Security Console

Use the Security Console to manage application security such as roles, users, certificates, and administration tasks. Access to the Security Console is provided by the predefined Security Manager role. Access the Security Console in the following ways:

See Using the Security Console of Cloud Securing Oracle ERP Cloud.

Create Connections Based on the User Role

You can create more than one service integration user account in Oracle Fusion Applications for different Oracle Fusion Applications roles that exist to perform different tasks and then create different Oracle Integration connections using those user accounts.

For example, you can create multiple connections in Oracle Integration such as ERP1, ERP2, ERP3, and so on and associate each of these connections with a designated account in Oracle ERP Cloud, such as user_integration_1 (general ledger), user_integration_2 (HCM), and user_integration_3 (projects). These actions create different connections for invoking different Oracle ERP Cloud jobs using an Oracle Fusion Applications user account set up for that job.

Configure Oracle ERP Cloud for Event Subscriptions

You must create a CSF key to subscribe to events in Oracle ERP Cloud. This key is required by the event handler framework when it invokes the integration. The credentials of the integration are managed by the CSF key. Create the CSF key in Oracle SOA Composer.

Note:

  • There is only one SOA instance in Release 13.

  • The Oracle Integration password may expire periodically. Your application administrator must contact the Oracle Integration administrator to get the refreshed user credentials. The application administrator must update the CSF key when this password is refreshed.

Ensure that you specify the following information correctly when creating the CSF key:
  • Create the CSF key name. The name must be a combination of the Oracle Identity Cloud Service service ID and the name of the integration instance.

    1. In the upper right corner of Oracle Integration, click user name menu, then select About.

    2. Copy the Identity Domain value (for example, idcs-638a2ce020e60c2881) and the Service Instance value (for example, oic1575).

    3. Assemble the CSF key value with the identity domain first and the service instance second (no space in between): idcs-638a2ce020e60c2881oic1575.

  • Create the CSF key with the Oracle Integration user account with which you log in to Oracle Integration and not the user name created when you subscribed to Oracle ERP Cloud.

  • Ensure that the CSF key password has not expired.

  1. Log in to Oracle SOA Composer with a user that has the SOA administrator role. Obtain the hostname and port from your administrator.

    For example, in Release 12:
    http://ERP_domain_URL:port/soa/composer
    For example, in Release 13:
     https://acme.fa.us6.oraclecloud.com/soa/composer
  2. Click Manage Security.

  3. Add the CSF key name. The name must be a combination of the Oracle Identity Cloud Service service ID and the name of the integration instance.

  4. Provide the username and password that you enter to log in to Oracle Integration. Do not enter the username and password created when you subscribed to Oracle ERP Cloud.

    The Oracle Integration user must exist in Oracle Integration and have been assigned the ServiceUser role.

    The CSF key entry in the Oracle ERP Cloud infrastructure stores the Oracle Integration credentials used by Oracle ERP Cloud. When Oracle Fusion Applications send outbound requests to Oracle Integration (at runtime), it sends the credentials (username and password) of this account for authentication.

  5. Click Register.

Upload Files in Bulk and Insert Data into Oracle ERP Cloud Application Tables for New Integrations

When using an Oracle ERP Cloud Adapter connection in an existing integration, you must satisfy the following prerequisites for the upload of files in bulk and the insertion of data into Oracle ERP Cloud application tables.

Upload Based on an ErpImportBulkData Event (New Integrations)

For new integrations based on the ERPBulkImportData event, you must create a CSF key to subscribe to events. See Configure Oracle ERP Cloud for Event Subscriptions.

Upload Based on a Callback Integration and Version (Existing Integrations)

Note:

For existing callback-based integrations, you do not need to create a CSF key to subscribe to events.
  • Satisfy the following prerequisites for the bulk upload of files and the insertion of data into Oracle ERP Cloud application tables. This is only required for an ERP Cloud callback upon job completion. Only file-based data import (FBDI)-compliant jobs are supported for callbacks.

    1. Create a user similar to the ERP Cloud Adapter connection user in the My Service Page. This user is linked to the Oracle Integration WebLogic security realm. The user name must exactly match the Oracle ERP Cloud user name. The password and email address can be anything. Ensure that you select the correct roles for the Oracle ERP Cloud user in the Oracle ERP Cloud application. The user must have the SOAOperator and Integration roles.

    2. Import the following certificates:

      • In your browser, enter the service catalog URL:

        For Release 12:
         https://hostname:port/fndAppCoreServices/ServiceCatalogService?WSDL
        For Release 13:
        https://hostname:port/fscmService/ServiceCatalogService?WSDL
      • In the WSDL, navigate to the X509 certificates section:
        Description of erp_certificates1.png follows
        Description of the illustration erp_certificates1.png

      • Copy the first certificate string to a file.

        Note:

        For each certificate file that you create, add your certificate string between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines for the certificate to be successfully imported into Oracle Integration. For example:
        -----BEGIN CERTIFICATE----- 
        certificate_string
        -----END CERTIFICATE----- 

        Otherwise, you may receive an Invalid Certificate error.

      • Copy the second certificate to a file. You have two certificate files (for example, erp_cert1.cer and erp_cert2.cer).

      • In the Upload Certificate dialog in Oracle Integration, import both certificates as Message Protection Certificate types and enter unique alias names. See Upload an SSL Certificate.

      • Satisfy the following manifest file recommendations (that is, the properties file in the zip file that must be uploaded to Universal Content Management (UCM)).

        • The manifest file expects import process details in the following format:

          <job package name>,<job def name>,<Manifest file name>,<job parameters (comma separated)>

          For example:

          oracle/apps/ess/financials/payables/invoices/transactions,APXIIMPT,AP,#NULL,#NULL,#NULL,#NULL,#NULL,#NULL,#NULL,INVOICE
        • The manifest file name should be a prefix of the actual zip file name if it contains _. Otherwise, it should just be the name. For example, if the zip file name is AP_301.zip, the manifest file name should be AP.properties and the third value in the manifest should be the manifest file name. If the zip file name is AP.zip, the manifest file name should be AP.properties and the third value in the manifest should be the manifest file name.

        • Only one job is supported per invoke. You can have multiple entries in the manifest property file to import data from the interface table to the applications tables in batches of up to 10 for sequential or up to 5 for parallel processing. For example, the journal import data file has records of 10 ledgers. The property file has 10 entries with the unique ledger name as a parameter. After the data file is loaded in the interface table, the import process has 10 subprocesses for each ledger.

  • Satisfy the following prerequisites to configure the integration that uses the bulk import feature:

    1. Map the following parameters to the Oracle ERP Cloud Adapter.

      • Map parameter ICSFileReference to the File Reference parameter from the other adapter (for example, the FTP Adapter, the REST Adapter, or whichever adapter you used that has the ICSFileReference parameter).

      • Map the FileName parameter from the source schema to the target schema (the target schema is the Oracle ERP Cloud bulk import schema). The FileName must be unique for every request.

Upload Files to Oracle WebCenter Content

If you want to upload a file to Oracle WebCenter Content (Universal Content Manager) with the Oracle ERP Cloud Adapter, you must satisfy the following prerequisites.

  • Create a PGP Public Key:

    To upload encrypted files, a PGP public key is required. You must generate the PGP public key and save it for upload. The supported algorithm for the public key is RSA for encryption and the key size must be 1024 bits in length.

    The process for uploading files into Oracle ERP Cloud is:

    • You encrypt files using the Oracle ERP Cloud public key.

    • The data-loading process decrypts files using the Oracle ERP Cloud private key.

    See subsection Generating the PGP Encryption Key Pair of Setting up Encryption for File Transfer: Procedure of Cloud Integrating with Oracle HCM Cloud.

  • Configure Security and User Access

    Once you have configured security groups and doc accounts for the file to upload, you can configure the Oracle ERP Cloud Adapter to upload the file to Oracle WebCenter Content.

    See Understanding Security and User Access of Administering Oracle WebCenter Content.