4 ORFI Application Installation Tasks

This chapter includes:

• Prerequisite

• Expand the ORFI Installer Distribution

• Configure the Deployment Info for JSON File

• Service Consumer Security

• Verification

Prerequisite

Before proceeding you must install Oracle WebLogic Server 12c 12.2.1.4.0 and any patches listed related to Weblogic Server 12c 12.2.1.4.0. Create a WebLogic domain called rfi_domain. This WebLogic domain must be of a base domain type. Create a managed server (for example, rfi-server) inside this rfi_domain. The ORFI application will be installed into the WebLogic managed server (for example, rfi-server). It is assumed that the Oracle database has already been configured and loaded with the appropriate ORFI /BDI details for your installation. This server is referred to as RFI_SERVER in this document.

You need to execute the steps in the Expand the ORFI Installer Distribution section if the UNIX environments for the ORFI database and WebLogic Server are different.

1. Update $WEBLOGIC_HOME/server/lib/weblogic.policy file with the following:

   Note:

   • If copying the following text from this guide to UNIX, ensure that it is properly formatted in UNIX. Each line entry beginning with "permission" must terminate on the same line with a semicolon.

   • <WEBLOGIC_ HOME> in the below example is the full path to where WebLogic has been installed. "rfi_server" is the managed server created for the App and "retail-financial-integration-ear-<version>.ear" correlates to the value entered for the application deployment name/context root of the application during installation. See the example. There should not be a space after file: in the following:

     File:<WEBLOGIC_HOME>.

   grant codeBase 
   "file:<WEBLOGIC_HOME>/user_projects/domains/rfi_domain/servers/rfi-server/tmp/_WL_user/ retail-financial-integration-ear-<version>.ear/-" {permission java.security.AllPermission;permission oracle.security.jps.service.credstore.CredentialAccessPermission "credstoressp.credstore", "read,write,update,delete";permission oracle.security.jps.service.credstore.CredentialAccessPermission "credstoressp.credstore.*", "read,write,update,delete";}
   

   An example of the full entry that might be entered is:

   grant codeBase 
   "file:/u00/rfi1/Oracle/Middleware/user_projects/domains/rfi_domain/servers/rfi-server/tmp/_WL_user/ retail-financial-integration-ear-21.0.000.ear/-" {permission java.security.AllPermission;permission oracle.security.jps.service.credstore.CredentialAccessPermission "credstoressp.credstore", "read,write,update,delete";permission oracle.security.jps.service.credstore.CredentialAccessPermission "credstoressp.credstore.*", "read,write,update,delete";};
   

   Note:

   • The path "tmp/_WL_user/retail-financial-integration-ear-<version>.ear" will not be available before the deployment.

   • The domain must be bounced for the above change to take affect.

   Note:

   The nodemanager.properties file is created after NodeManager is started for the first time. It will not be available before that point. The NodeManager must be restarted after making changes to the nodemanager.properties file.

Expand the ORFI Installer Distribution

1. Log in to the UNIX server where the WebLogic server is installed as a user who has sufficient access to deploy an application from the Oracle WebLogic installation.

2. Create a new staging directory for the ORFI installer distribution (RetailFinancialIntegrationPak23.0.000ForRfi23.0.000_eng_ga.zip). There should be a minimum of 50 MB disk space available for the application and database schema installation files. This location is referred to as INSTALL_DIR for the remainder of this chapter.

3. Copy RetailFinancialIntegrationPak23.0.000ForRfi23.0.000_eng_ga.zip to <INSTALL_DIR> and extract its contents.

   Note:

   Before proceeding with below installation, read through the below instructions and ensure follow the same during installation:

   1. It is highly recommended that customer first try to get it deployed with security policy "unsecure", do some mock test and only when everything is working, reconfigure to use "policyA".

   2. If "policyA" is specified then SSL port must be enabled and proper https protocol has to be specified in the correct URLs. If it is not done WebLogic deployment fails with cryptic errors.

   3. RFI ear hosted services providers can be configured only with policyA (no policyB) as PLSQL applications cannot call services secured with policyB. But RFI can call services secured with policyB

Configure the Deployment Info for JSON File

The rfi-deployment-env-info.json file serves multiple purposes. It is used by the installation process and it also acts as a single master configuration file that describes the entire topology of the integration system. The values in this file must be accurate for the system to work properly. All values in the file are not user editable; the installation process needs these fixed names to match what the compiled runtime code already expects. Some examples of these fixed values that must not be changed are constants like "GET_FROM_WALLET"; jndi name like "jdbc/RfiDataSource" and so on.

You need to configure the following list of deployment information to run the ORFI deployment script. This file can be found under $INSTALL_DIR/retail-financial-integration-solution/service-based-integration/conf/.

Note:

• Do not change "Alias" Names or any other values other than the details given below.

• You should remove the symbols "<" and ">" while entering the actual/valid values for below configurations.

Update the following details from RfiDeploymentEnvInfo -> integratingToEbsOrPsftOrCfin, mentioned Cloud Financials

• If integration is with Cloud Financials, the value should be integratingToEbsOrPsftOrCfin":"CFIN"

  Note:

  Default configuration would be integratingToEbsOrPsftOrCfin":"CFIN".

Update the following details from RfiDeploymentEnvInfo -> DataSourceDef configuration:

The integration is with Cloud Financials so enter the below mentioned details against corresponding datasource names.

1. In RfiDataSource, enter the ORFI database connection details:

   "jdbcUrl":"jdbc:oracle:thin:@//<Server Name>:<Port>/<SID>"
   

2. Update the following details from RfiDeploymentEnvInfo -> MiddlewareServerDef -> RfiAppServer configuration:

   • Enter the WebLogic domain name:

     "weblogicDomainName":"<RFI Domain Name>",
     

   • Enter the RFI Domain Home:

     "weblogicDomainHome":"<RFI Domain Name>",
     

   • Enter the RFI Domain Server URL:

     "weblogicDomainAdminServerURL":"t3://Server Host name:port",
     

   • Enter the WebLogic admin server protocol:

     "weblogicDomainAdminServerProtocol":"t3",
     

   • Enter the WebLogic admin server host name:

     "weblogicDomainAdminServerHost":"<Server Host Name>"
     

   • Enter the WebLogic server port:

     "weblogicDomainAdminServerPort":"<port>"
     

   • Enter the WebLogic Managed Server Name:

     "weblogicDomainTargetManagedServerName":"<Server Name>"
     

   • Enter the End point URL for GlAccount Service:

     "glAccountValidationServiceEndPointUrl":"http://myhostname:7001/GlAccountValidationBean/GlAccountValidationService?WSDL",
     

     For integration is with Cloud Financials enter the End point URL for below mentioned services.

     1. Enter the End point URL for Supplier Service:

        supplierExportOutboundServiceEndPointUrl":"http://myhostname:7001/SupplierBusinessEventHandlerServiceBean/SupplierBusinessEventHandlerService?WSDL",

   • Enter the ORFI UI URL host name and port details:

     "rfiAdminUiUrl":"http://<host>:<port>/retail-financial-integration-web",
     

   • Enter the SMTP server host:

     "smtpServerHost":"<SMTP Server Host>"
     

   • Enter the SMTP server port:

     "smtpServerPort":"<SMTP Server Port>"
     

   • Enter the SMTP server type (for example, SSL or TSL):

     "smtpServerListenerType":"<SMTP Server Type>"
     

   • Enter "true" if authentication required for SMTP server, else "false":

     "smtpAuthenticationRequired":"<true/false>"
     

   • Enter the From Email Address:

     "smtpMailFromAddress":"<From Address>"
     

   • Enter the Comma (,) separated To Address list:

     "smtpMailToAddressList":"<To Address Email Id's>"
     

     For example:

     "smtpMailToAddressList":"<ToAddr1@example.com,ToAddr2@example.com>"
     

3. Update RfiDeploymentEnvInfo -> MiddlewareServerDef -> RmsAppServer details for Supplier Service.

   Enter the Supplier service End point URL:

   "supplierServiceEndPointUrl":"<Supplier URL>"
   

4. For integrating with CFIN, Update RfiDeploymentEnvInfo -> MiddlewareServerDef -> CfinAppServer

   • Enter the Financial Util Service End Point URL:

     "financialUtilServiceEndPointUrl":"http://serve.example.com/fscmService/ErpIntegrationService?WSDL",

   • Enter the General Ledger Account Validation Service End Point URL:

     "financialUtilServiceEndPointUrl":"http://serve.example.com/fscmService/AccountCombinantionService?WSDL",

   • Enter the number of retention days for Bulk Finance data in RFI:

     "autoPurgeDelay":"30d",

5. The supported configuration is for Unsecured and Policy A configuration.

6. Update the application security configuration for your environment. ORFI application is certified with Policy-A (UsernameToken over HTTPS). Add one of the key words policyA or Unsecured to service settings based on the nature of security selected at the service level.

   Example:

   For Supplier Service, Policy A (HTTPS) setting, update the JSON file with policy Name to policyA:

   "supplierServiceEndPointSecurityPolicyName":"policyA".
   

   For Supplier Service, Unsecured setting, update the JSON file with policyName to spaces:

   "supplierServiceEndPointSecurityPolicyName":" unsecure".
   

Refer to Appendix: JSON in Tabular Format for complete JSON configuration in Tabular format.

Note:

By default the maximum number of in-memory sessions for WebLogic web applications is unlimited. This setting can be misused by external attackers to create unlimited number of sessions by accessing the web application. In such cases it is possible that the WebLogic server run out of memory and eventually crash. So it is required to limit the number of sessions to a reasonable number (e.g., 100). The settings can be changed through the admin console of the WebLogic server. Follow the steps below to change this configuration setting:

1. Login to Admin Console.

2. Click Deployments.

3. Click the war application (or war module if it is inside an ear application).

4. Click Configuration.

5. Set Maximum in-memory Sessions to 100.

6. Save the changes. Activate the session, if needed.

Service Consumer Security

ORFI can be secured with policy-A (UsernameToken over HTTPS), if the service hosted by the ORFI application is secured, then the consumer of the service (Example: RMS) must be configured such that it can invoke the secured service. For more information on Service consumer configuration for Policy A, see the Oracle Retail Services Backbone Security Guide.

If cluster server is SSL enabled only, enable secure replication.

If secure application is not enabled and if managed server is started, managed server will move to ADMIN mode.

Enable the Secure Replication Enabled option available in Environment --> Clusters --> <cluster name> --> Configuration --> Replication.

Note:

Due to known vulnerabilities, SSLv3.0 is not considered secure and should be disabled in WLS. For secured installations the latest TLS version is recommended. Use -DWebLogic.security.SSL.minimumProtocolVersion=TLSv1.2-Dweblogic.security.SSL.protocolVersion=TLS1.

WebLogic 12.2.1.4.0, needs OWSM for Policy A and C to work. The OWSM template choice while creating the wls domian will provide an option to deploy the wsm-pm application to the admin server. This application is required for policies to work. If http ports are disabled in the server, then wsm-pm app will not be reachable , unless its configured to use SSL port. To configure SSL ports for wsm-pm, EM has to be deployed.

Perform the following procedure to configure the RIB domain:

1. Select the following RIB domain creation template options (check similar option in latest recommended version):

   

2. Access the enterprise Manager URL of WebLogic.

   For example: https://<host>:<port>/em

3. From the navigation pane, expand WebLogic Domain and select the domain to be configured.

4. From the WebLogic Domain menu, select Web Services, then WSM Domain Configuration.

5. Select the Policy Access tab.

6. In the Policy Manager section of the page, clear the Auto Discover check box. The PM URL Edit button is enabled.

7. Click the PM URL Edit button.

8. In the Edit PM URL Values page, click the sign and enter the URL for the Administration Server, such as t3s://host:admin_port/wsm-pm.

   For example, t3s://localhost:9002/wsm-pm.

9. Click OK to close the window.

   

10. Click Apply on the Policy Access page.

Deploy the ORFI Application for Cloud Financials

Note:

• The steps mentioned in this section should be performed only if you are integrating with Cloud Financials as Oracle Financials applications.

• Ensure JAVA_HOME and WL_HOME variables are set in the environment. WL_HOME points to folder location till <WebLogic Installed folder>/wlserver

1. Run the rfi-deployer.sh (available in $INSTALLDIR/retail-financial-integration-solution/service-based-integration/bin/) script to deploy the ORFI application to the WebLogic server. This script considers all the configuration values defined in previous processes.

   The script takes two arguments on the command line: -setup-credentials and -deploy-rfi-app.

   For example: prompt$ sh rfi-deployer.sh - setup-credentials -deploy-rfi-app

2. After successful deployment of the ORFI application, restart the WebLogic server.

3. Restrict access to RFI-HOME:

   cd $RFI-HOMEchmod -R 700 .

Verification

Log in to the WebLogic console and verify the deployments. The ORFI application ear (retail-financial-integration-ear-<version>.ear) should be available.

Note:

The ORFI console now includes a new page "Manage DVM" for searching, viewing, creating, updating and deleting the Cross References (XREF) and DVM records setup in ORFI.