Prerequisites for Creating a Connection

You must satisfy the following prerequisites to create a connection with the Oracle ERP Cloud Adapter:

Prerequisite Description For More Information
Subscribe to Oracle ERP Cloud. This action enables you to create an Oracle ERP Cloud user account with the correct privileges. You specify this user account when creating an Oracle ERP Cloud Adapter connection on the Connections page. See Configure Connection Security. See Oracle ERP Cloud.
Check if you have enabled Location-Based Access Control (LBAC) for Fusion Applications (for Oracle ERP Cloud). If LBAC is enabled, you must allowlist (explicitly allow identified entities access) the Oracle Integration NAT Gateway IP address in your LBAC.

If you do not perform this task, you can receive a 401 Access Denied error or 403 Forbidden error from Oracle Fusion Applications.

See How Location-Based Access Works in Cloud in Securing Oracle SCM Cloud and Doc ID 2615294.1 at Oracle Support Services.
For existing connections created prior to the initial release of the simplified connections page on 2/18/20, obtain the necessary Oracle ERP Cloud service catalog service WSDL URL or event catalog URL. For new connections created with the initial release of the simplified connections page on 2/18/20, the preconfiguration details described in this section are not required. You must specify a mandatory Oracle ERP Cloud service catalog service WSDL (for accessing business objects) and optionally an event catalog URL (for subscribing to events). See Obtain the Oracle ERP Cloud Service Catalog Service WSDL, Event Catalog URL, or Interface Catalog URL (For Existing Connections Only).
Assign roles to the user. Ensure that the Fusion Applications user has the required roles These roles are required for enabling event subscriptions or selecting business objects. See Assign Required Roles to an Integration User.
Subscribe to events in Oracle ERP Cloud To subscribe to Oracle ERP Cloud events in an integration, you must create a CSF key. Create the CSF key from the Oracle SOA Composer instance located in the Oracle Fusion Applications Supply Chain Management (SCM) domain. See Configure Oracle ERP Cloud for Event Subscriptions.
Upload files in bulk and insert data into Oracle ERP Cloud application tables.

The Oracle ERP Cloud Adapter supports the loading of bulk data into Oracle ERP Cloud through integration with the Universal Content Management (UCM) system. UCM enables you to perform bulk upload of files and insertion of data into Oracle ERP Cloud application tables.

See

Upload files to Oracle WebCenter Content.

The Oracle ERP Cloud Adapter supports the loading of files to Oracle WebCenter Content. See Upload Files to Oracle WebCenter Content.
Create custom business events. The Oracle ERP Cloud Adapter supports the selection of custom business events. See Create Custom Business Events.
     
Access the REST catalog. You must perform the following steps to access the REST catalog through the Oracle ERP Cloud Adapter. See Access the REST Catalog Through the Oracle ERP Cloud Adapter.
Create an OAuth client application. You must create an OAuth client application if you want to configure the Oracle ERP Cloud Adapter connection to use the OAuth Authorization Code Credentials security policy. See Create an OAuth Client Application.

Obtain the Oracle ERP Cloud Service Catalog Service WSDL, Event Catalog URL, or Interface Catalog URL (For Existing Connections Only)

The steps in this section are only required for existing connections created prior to the initial release of the simplified connections page on 2/18/20. For existing connections, you are prompted to specify a service catalog service WSDL (for accessing and configuring the inbound and outbound adapter to use either business objects or business services) in the ERP Services Catalog WSDL URL field and optionally an event catalog URL (for accessing and configuring the inbound adapter to use event subscriptions) in the ERP Events Catalog URL field and interface catalog URL (for accessing and configuring the outbound endpoint using REST business resources) in the Interface Catalog URL field.

Note:

For new connections created with the initial release of the simplified connections page on 2/18/20, the preconfiguration details described in this section are not required. All WSDLs and URLs are automatically identified for you based on the Oracle ERP Cloud host name that you specify in the ERP Cloud Host field on the Connections page.

The following sections describe how to obtain the service catalog service WSDL and event catalog URL:

For Fusion Applications Releases 13 and Later

Obtain the Oracle Fusion Applications Release 13 and later service catalog service WSDLs and event catalog URLs through the following methods.

Obtain the Service Catalog Service WSDL

To obtain the physical endpoint of your instance, perform the following steps:

  1. Log in to the Fusion Applications home page. For example:

    https://acme.fa.us6.oraclecloud.com/fscmUI/faces/FuseWelcome

    Where acme is the system name and us6 is the data center.

  2. Copy https://acme.fa.us6.oraclecloud.com/ and append it with fscmService/ServiceCatalogService?WSDL. For example:

    https://acme.fs.us2.oraclecloud.com/fscmService/ServiceCatalogService?WSDL
Obtain the Event Catalog URL

Starting in Release 13, you access all Fusion Applications URLs using a consolidated endpoint. You must switch to the new consolidated endpoint that conforms to the following naming pattern:

https://systemName.fa.dcsn.oraclecloud.com/...
You must switch to the consolidated endpoint immediately after upgrading to Release 13. Newly provisioned instances using Release 13 only have the consolidated endpoint available. In Release 13, multiple domains are consolidated. You must specify the domain in the URL. For example, if specifying the fa domain, the URL looks as follows:
  1. Copy the following URL:

    https://acme.fa.us6.oraclecloud.com/
  2. Append soa-infra to the end of the URL:

    https://acme.fa.us6.oraclecloud.com/soa-infra

Assign Required Roles to an Integration User

To use the Oracle ERP Cloud Adapter in an integration, you must assign specific roles to an integration user.

Associating the Integration User with the Following Roles and Privileges

You associate the user with the following roles and privileges.
Role Description

Integration Specialist

This is a job role and does not include data roles. Assign the Integration Specialist role that inherits Oracle ERP Cloud roles. This role applies to Release 13.

Oracle ERP Cloud-specific data access to the integration user

You must specify the specific data access roles based on the objects you want to integrate. This role applies to Release 13. See Managing Data Access for Users: Explained of Cloud Securing Oracle ERP Cloud.

AttachmentsUser

Provides access to the Attachments security group to download the log file or the output file with the ERP Integration Service. This role is automatically shipped. You must verify that this role is automatically assigned to the user.

SOAOperator

The SOA operator role.

FND_MANAGE_CATALOG_SERVICE_PRIV

The role to manage the web services catalog.

Customer Relationship Management Application Administrator (for Oracle CRM Cloud implementations)

See Job Role: Customer Relationship Management Application Administrator of Cloud Security Reference for Oracle Sales Cloud.

Additional roles may be required as per each interface requirements.

Using the Security Console

Use the Security Console to manage application security such as roles, users, certificates, and administration tasks. Access to the Security Console is provided by the predefined Security Manager role. Access the Security Console in the following ways:

See Using the Security Console of Cloud Securing Oracle ERP Cloud.

Create Connections Based on the User Role

You can create more than one service integration user account in Oracle Fusion Applications for different Oracle Fusion Applications roles that exist to perform different tasks and then create different Oracle Integration connections using those user accounts.

For example, you can create multiple connections in Oracle Integration such as ERP1, ERP2, ERP3, and so on and associate each of these connections with a designated account in Oracle ERP Cloud, such as user_integration_1 (general ledger), user_integration_2 (HCM), and user_integration_3 (projects). These actions create different connections for invoking different Oracle ERP Cloud jobs using an Oracle Fusion Applications user account set up for that job.

Configure Oracle ERP Cloud for Event Subscriptions

You must create a CSF key to subscribe to events in Oracle ERP Cloud. This key is required by the event handler framework when it invokes the integration. The credentials of the integration are managed by the CSF key. Create the CSF key in Oracle SOA Composer.

Note:

  • There is only one SOA instance in Release 13.

  • The Oracle Integration password may expire periodically. Your application administrator must contact the Oracle Integration administrator to get the refreshed user credentials. The application administrator must update the CSF key when this password is refreshed.

Ensure that you specify the following information correctly when creating the CSF key:
  • Create the CSF key name. The name must be a combination of the Oracle Identity Cloud Service service ID and the name of the integration instance.

    1. In the upper right corner of Oracle Integration, click user name menu, then select About.

    2. Copy the Identity Domain value (for example, idcs-638a2ce020e60c2881) and the Service Instance value (for example, oic1575).

    3. Assemble the CSF key value with the identity domain first and the service instance second (no space in between): idcs-638a2ce020e60c2881oic1575.

  • Create the CSF key with the Oracle Integration user account with which you log in to Oracle Integration and not the user name created when you subscribed to Oracle ERP Cloud.

  • Ensure that the CSF key password has not expired.

  1. Log in to Oracle SOA Composer with a user that has the SOA administrator role. Obtain the hostname and port from your administrator.

    For example, in Release 13:
     https://acme.fa.us6.oraclecloud.com/soa/composer
  2. Click Manage Security.

  3. Add the CSF key name. The name must be a combination of the Oracle Identity Cloud Service service ID and the name of the integration instance.

  4. Provide the username and password that you enter to log in to Oracle Integration. Do not enter the username and password created when you subscribed to Oracle ERP Cloud.

    The Oracle Integration user must exist in Oracle Integration and have been assigned the ServiceUser role.

    The CSF key entry in the Oracle ERP Cloud infrastructure stores the Oracle Integration credentials used by Oracle ERP Cloud. When Oracle Fusion Applications send outbound requests to Oracle Integration (at runtime), it sends the credentials (username and password) of this account for authentication.

  5. Click Register.

Upload Files in Bulk and Insert Data into Oracle ERP Cloud Application Tables for New Integrations

When using an Oracle ERP Cloud Adapter connection in an existing integration, you must satisfy the following prerequisites for the upload of files in bulk and the insertion of data into Oracle ERP Cloud application tables.

Upload Based on an ErpImportBulkData Event (New Integrations)

For new integrations based on the ERPBulkImportData event, you must create a CSF key to subscribe to events. See Configure Oracle ERP Cloud for Event Subscriptions.

Upload Based on a Callback Integration and Version (Existing Integrations)

Note:

For existing callback-based integrations, you do not need to create a CSF key to subscribe to events.
  • Satisfy the following prerequisites for the bulk upload of files and the insertion of data into Oracle ERP Cloud application tables. This is only required for an ERP Cloud callback upon job completion. Only file-based data import (FBDI)-compliant jobs are supported for callbacks.

    1. Create a user similar to the Oracle ERP Cloud Adapter connection user in the My Services or Oracle Cloud Infrastructure Console. This user is linked to the Oracle Integration WebLogic security realm. The user name must exactly match the Oracle ERP Cloud user name. The password and email address can be anything. Ensure that this user has permissions to execute integrations in Oracle Integration. It is recommended that you have a role such as ServiceAdmin or ServiceDeveloper, which have executable permissions on integrations. Ensure that you select the Integration role for the Oracle ERP Cloud user in the Oracle ERP Cloud application.
    2. Import the following certificates:

      • In your browser, enter the service catalog URL:

        For Release 13:
        https://hostname:port/fscmService/ServiceCatalogService?WSDL
      • In the WSDL, navigate to the X509 certificates section:
        Description of erp_certificates1.png follows
        Description of the illustration erp_certificates1.png

      • Copy the first certificate string to a file.

        Note:

        For each certificate file that you create, add your certificate string between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines for the certificate to be successfully imported into Oracle Integration. For example:
        -----BEGIN CERTIFICATE----- 
        certificate_string
        -----END CERTIFICATE----- 

        Otherwise, you may receive an Invalid Certificate error.

      • Copy the second certificate to a file. You have two certificate files (for example, erp_cert1.cer and erp_cert2.cer).

      • In the Upload Certificate dialog in Oracle Integration, import both certificates as Message Protection Certificate types and enter unique alias names. See Upload an SSL Certificate.

      • Satisfy the following manifest file recommendations (that is, the properties file in the zip file that must be uploaded to Universal Content Management (UCM)).

        • The manifest file expects import process details in the following format:

          <job package name>,<job def name>,<Manifest file name>,<job parameters (comma separated)>

          For example:

          oracle/apps/ess/financials/payables/invoices/transactions,APXIIMPT,AP,#NULL,#NULL,#NULL,#NULL,#NULL,#NULL,#NULL,INVOICE
        • The manifest file name should be a prefix of the actual zip file name if it contains _. Otherwise, it should just be the name. For example, if the zip file name is AP_301.zip, the manifest file name should be AP.properties and the third value in the manifest should be the manifest file name. If the zip file name is AP.zip, the manifest file name should be AP.properties and the third value in the manifest should be the manifest file name.

        • Only one job is supported per invoke. You can have multiple entries in the manifest property file to import data from the interface table to the applications tables in batches of up to 10 for sequential or up to 5 for parallel processing. For example, the journal import data file has records of 10 ledgers. The property file has 10 entries with the unique ledger name as a parameter. After the data file is loaded in the interface table, the import process has 10 subprocesses for each ledger.

  • Satisfy the following prerequisites to configure the integration that uses the bulk import feature:

    1. Map the following parameters to the Oracle ERP Cloud Adapter.

      • Map parameter ICSFileReference to the File Reference parameter from the other adapter (for example, the FTP Adapter, the REST Adapter, or whichever adapter you used that has the ICSFileReference parameter).

      • Map the FileName parameter from the source schema to the target schema (the target schema is the Oracle ERP Cloud bulk import schema). The FileName must be unique for every request.

Upload Files to Oracle WebCenter Content

If you want to upload a file to Oracle WebCenter Content (Universal Content Manager) with the Oracle ERP Cloud Adapter, you must satisfy the following prerequisites.

  • Create a PGP Public Key:

    To upload encrypted files, a PGP public key is required. You must generate the PGP public key and save it for upload. The supported algorithm for the public key is RSA for encryption and the key size must be 1024 bits in length.

    The process for uploading files into Oracle ERP Cloud is:

    • You encrypt files using the Oracle ERP Cloud public key.

    • The data-loading process decrypts files using the Oracle ERP Cloud private key.

    See subsection Generating the PGP Encryption Key Pair of Setting up Encryption for File Transfer: Procedure of Cloud Integrating with Oracle HCM Cloud.

  • Configure Security and User Access

    Once you have configured security groups and doc accounts for the file to upload, you can configure the Oracle ERP Cloud Adapter to upload the file to Oracle WebCenter Content.

    See Understanding Security and User Access of Administering Oracle WebCenter Content.

Create Custom Business Events

You can create custom business events in Application Composer that are visible for selection when configuring the Oracle ERP Cloud Adapter as a trigger connection in the Adapter Endpoint Configuration Wizard. You must access Application Composer through the Oracle Fusion Applications user interface. Select ERP and SCM Cloud from the Applications list in Application Composer to create the custom objects and promote them as custom events to be consumed by the Oracle ERP Cloud Adapter.

Note:

Custom business events are supported only for Oracle ERP Cloud custom business objects.

See technical note 2535444.1 at My Oracle Support for instructions.

Access the REST Catalog Through the Oracle ERP Cloud Adapter

You must perform the following steps to access the REST catalog through the Oracle ERP Cloud Adapter. This enables you to browse for REST resources on the Operations page of the Adapter Endpoint Configuration Wizard. This also enables Oracle ERP Cloud to skip REST resources when an error is encountered while generating the metadata. Without this, Oracle ERP Cloud generates a partial catalog that results in missing business resources on the Operations page.

Note:

After saving your profile value changes, it takes approximately 30 minutes for the REST resources to be available for selection in the Adapter Endpoint Configuration Wizard.
  1. Log in to the Cloud Applications Home Page for ERP Financials.
  2. In Setup and Maintenance, open the Task list and click Search.
  3. Enter Manage Profile Option and click the link.
  4. Click + to add a new profile option.
  5. Define a new profile option with the following details.
    Element Description
    Profile Option Code ORACLE.BC.REST.IGNORECATALOGERRORS
    Profile Display Name Ignore REST resource catalog errors.
    Application Oracle Middleware Extensions for Applications
    Module Oracle Middleware Extensions for Applications
    Description If a catalog describe action fails for a particular resource, log an error and proceed with other resources.
  6. Click Save and Close.
  7. In the next screen in the Profile Option Levels section, select the Enabled and Updateable check boxes for Site & User.
  8. Click Save and Close.
  9. Go to the Oracle Fusion Applications Home page and navigate to Setup and Maintenance.
  10. Search for the task Manage Administrator Profile Values.
  11. In the Name column, click the Manage Administrator Profile Values task.
  12. In the Profile Option Code field, select ORACLE.BC.REST.IGNORECATALOGERRORS, and click Search.
    ORACLE.BC.REST.IGNORECATALOGERRORS listed in the Profile Option Code field.

  13. Under ORACLE.BC.REST.IGNORECATALOGERROR Profile Values, click + to add a row in the Profile Level section.
  14. Select the Profile Level list to show the following options.
    • Site: The ORACLE.BC.REST.IGNORECATALOGERROR profile value is applicable to all users.
    • User: The ORACLE.BC.REST.IGNORECATALOGERROR profile value is applicable only to a specific user.
  15. Select an option.
  16. If you select User:
    1. Enter a specific user name in the User Name field.
    2. Enter true in the Profile Value field.
      Profile Level, Product Name, User Name, and Profile Value fields.

  17. Click Save and Close.

Create an OAuth Client Application

You must first create an OAuth client application if you want to configure a connection to use the OAuth Authorization Code Credentials security policy. This is because the application client's redirect URL is specific to Oracle Integration. The redirect URL points to the Oracle Integration instance that conducts the OAuth flow.

You must already have Oracle Identity Cloud Service access and Oracle Fusion Applications should already be federated with Oracle Identity Cloud Service.

The OAuth client application creation process in the Oracle Cloud Infrastructure Console provides the following information:

  • Client ID
  • Client secret
  • Scope
  1. Sign in as the tenant administrator to the Oracle Cloud Infrastructure Console. This administrator must have Oracle Identity Cloud Service instance access.
  2. In the left navigation pane, select Applications, then click Add.
  3. Select Confidential Application.
    The Add Confidential Application wizard is displayed.
  4. On the Details page, enter an application name, and click Next.
  5. On the Client page, click Configure this application as a client now.
  6. In the Authorization section, select Refresh Token and Authorization Code.
  7. In the Redirect URL field, enter the URL. For example:
    https://client_app/oauth2/callback

    The Redirect URL field is a required field (indicated by an *) because Authorization Code is selected. For OAuth Authorization Code to work, the redirect URI must be set properly.

  8. In the Token Issuance Policy section, click Add Scope to add appropriate scopes.
    If the Oracle Fusion Applications instance is federated with the Oracle Identity Cloud Service instance, the Oracle Integration cloud service application is listed among the resources for selection. This enables the client application to access Oracle Integration.
  9. Save your configuration.