3.3 Secure the Gateway Services
This topic explains the guidelines to secure the gateway services.
The following guidelines serve to secure the Gateway Services deployed on Oracle WebLogic Server.
Overview
Different applications deployed on disparate platforms and using different infrastructure need to be able to communicate and integrate seamlessly with Oracle FLEXCUBE Universal Banking to exchange data. The Oracle FLEXCUBE Universal banking Integration Gateway will cater to these integration needs.
- Inbound application integration: Used when any external system needs to add, modify or query information within the Oracle FLEXCUBE Universal Banking.
- Outbound application integration: Used when any external system needs to be notified of the various events that occur within the Oracle FLEXCUBE Universal Banking.
External System Maintenance
An external system needs to be defined that will communicate with the Oracle FLEXCUBE Integration Gateway. Below are the details requiring inputting while creating the external system.
Table 3-3 External System Maintenance
| Field | Description |
|---|---|
| External System | Specify a name for the external system. This should be the same as the Source in an incoming message. |
| Description | Specify a brief description for the External System. |
| Request | A way needs to be defined in which the external system should correlate its request message with the response message. Message ID can be chosen of a request message as the Correlation ID in the response message. Alternatively, the user can choose the Correlation ID of a request message and maintain it as the Correlation ID of the corresponding response message. |
| Request Message | Users can choose the Request message to be Full Screen or Input Only. If you select Full Screen as the request message, the response message will also display Full Screen. |
| Response Message | Users can choose the Response message to be Full Screen or Record Identification Msg. |
| Default Response Queue | You can define a response queue for each of the In Queues through which the External System will communicate with Oracle FLEXCUBE. Define a valid queue name as the Default Response Queue. |
| Dead Letter Queue | If the messages received are non-readable, such messages are directed to Dead Letter Queue defined for the external system. |
| XSD Validation Required | Check this box to indicate if the request message should be validated against its corresponding XSD. |
| Register Response Queue Message ID | Check this box to indicate if the message ID provided by the Response Queue should be logged when a response message is posted into the queue. |
Accessing Services and Operations
In a message, it is mandatory to maintain a list of Service Names and Operation Codes. This information is called Gateway Operations.
A combination of every such Service Name and Operation Code is mapped to a combination of Function ID and Action. Every screen in Oracle FLEXCUBE Univeral banking is linked with a function ID. This information is called Gateway Functions.
Users can gain access to an external system using the Gateway Functions. The Function IDs mapped in Gateway Functions should be valid Function IDs maintained in Oracle FLEXCUBE Universal Banking. Hence, for every new Service or Operation being introduced, you must provide data in Gateway Operations and Gateway Functions.
Gateway Password Generation Logic for External System Authentication
As a secure configuration password authentication should be enabled for the external system maintained. The same can be verified in the External system detail screen level.
Once these features are enabled, the system will validate Encrypted passwords as part of every request sent by the External System.
The Message ID which is present as part of the header in Request XML is considered as a hash. External System generates a unique Message ID, which is a functional mandatory field in the header. Create a Message Digest with the SHA-512 algorithm.
The hash created from the previous step and the password in the clear text together is encrypted in the DESede encryption method. Apply Base64 encoding to encrypted value and send to the Oracle FLEXCUBE gateway.
Parent topic: Prerequisite