1. Using the AS2 Adapter with Oracle Integration 3
  2. Create an AS2 Adapter Connection
  3. Create a Connection

Create a Connection

Before you can build an integration, you must create the connections to the applications with which you want to share data.

To create a connection in Oracle Integration:

  1. In the navigation pane, click Design, then Connections.

  2. Click Create.

    Note:

    You can also create a connection in the integration canvas. See Define Inbound Triggers and Outbound Invokes.

  3. In the Create connection panel, select the adapter to use for this connection. To find the adapter, scroll through the list, or enter a partial or full name in the Search field.

  4. Enter the information that describes this connection.
    Element Description
    Name

    Enter a meaningful name to help others find your connection when they begin to create their own integrations.

    Identifier

    Automatically displays the name in capital letters that you entered in the Name field. If you modify the identifier name, don't include blank spaces (for example, SALES OPPORTUNITY).

    Role

    Select the role (direction) in which to use this connection (trigger, invoke, or both). Only the roles supported by the adapter are displayed for selection. When you select a role, only the connection properties and security policies appropriate to that role are displayed on the Connections page. If you select an adapter that supports both invoke and trigger, but select only one of those roles, you'll get an error when you try to drag the adapter into the section you didn't select.

    For example, assume you configure a connection for the Oracle Service Cloud (RightNow) Adapter as only an invoke. Dragging the adapter to a trigger section in the integration produces an error.

    Keywords

    Enter optional keywords (tags). You can search on the connection keywords on the Connections page.
    Description

    Enter an optional description of the connection.
    Share with other projects

    Note: This field only appears if you are creating a connection in a project.

    Select to make this connection publicly available in other projects. Connection sharing eliminates the need to create and maintain separate connections in different projects.

    When you configure an adapter connection in a different project, the Use a shared connection field is displayed at the top of the Connections page. If the connection you are configuring matches the same type and role as the publicly available connection, you can select that connection to reference (inherit) its resources.

    See Add and Share a Connection Across a Project.

  5. Click Create.

    Your connection is created. You're now ready to configure the connection properties, security policies, and (for some connections) access type.

Configure Connection Properties

Enter AS2 Adapter connection information so your application can process requests.

  1. Go to the Properties section.
  2. In the AS2 service URL field, specify the URL of the trading partner endpoint at which AS2 messages are received.
    This field is only displayed when configuring the AS2 Adapter as an invoke connection. There are no connection properties required when configuring the AS2 Adapter as a trigger connection.
  3. If you selected the Invoke or Trigger and invoke role, optionally select to use two-way SSL connections in the outbound direction. This feature is not available if you select the Trigger role. Ensure that you have first completed all two-way SSL connection prerequisites. See Prerequisites for Creating a Connection.

    Note:

    If you need to use both asynchronous message disposition notifications (MDNs) and two-way SSL, ensure that you selected the Trigger and invoke role when creating the AS2 Adapter connection.
    1. From the Enable two-way SSL for outbound connections list, select Yes if you want to enable two-way SSL for outbound connections. Otherwise, select No.
    2. In the Client identity key alias (two way SSL) field, enter the certificate alias to use to establish client identity during two-way SSL communication.
    If the test connection fails because two-way SSL communication didn't happen correctly, note that different servers may respond differently. See Troubleshoot Two-Way SSL Connections.

Configure Connection Security

Configure security for your AS2 Adapter connection by selecting the security policy and associated credentials and certificates.

  1. Go to the Security section.
  2. Select the security policy and enter the associated credentials.

    Note:

    • All credential fields are optional by default. However, they are required for achieving various levels of message security. See the Comments column in the tables below.
    • Import the partner certificates and private keys described in this section on the Certificates page available by selecting Settings, and then Certificates. Upload of only the X.509 (SSL transport) type is supported. See Upload a Certificate to Connect with External Services.
    1. If you select AS2 Advanced Policy:
      This security policy provides finer control and flexibility for using separate certificates and keys for different operations (for example, encrypt, decrypt, sign, and sign verify). This security policy enables you to specify separate usernames and passwords for AS2 and MDN authentication.
      Login Credentials Comments
      • Username (async MDN): Enter the username used by a trigger connection for authentication when sending an outbound MDN. This is used when asynchronous MDN is requested by an inbound AS2 message.
      • Password (async MDN): Enter the password used by a trigger connection for authentication when sending an outbound MDN.
      		These are optional fields, but are required for sending asynchronous MDN acknowledgments to a partner's secured endpoint.
      • Private key alias (AS2 decryption): Enter the private key alias used by a trigger connection for inbound data decryption. This is the same key that you upload for the Identity category of the X.509 (SSL transport) type by selecting Settings, and then Certificates.
      • Key password (AS2 decryption): Enter the password for the private key used by a trigger connection for inbound data decryption.
      		These are optional fields, but are required for inbound data decryption of business messages.
      • Private key alias (MDN Signature): Enter the private key used by a trigger connection to deliver the signed MDN. This is the same key that you upload for the Identity category of the X.509 (SSL transport type by selecting Settings, and then Certificates.
      • Key password (MDN signature): Enter the password for the private key used by a trigger connection to deliver the signed MDN.
      		These are optional fields, but are required for outbound signature generation of MDN acknowledgments.
      • Certificate alias (inbound AS2 sign verify): Enter the partner public certificate used by a trigger connection for inbound AS2 signature verification. This is the same certificate that you upload for the Trust category of the X.509 (SSL transport) type by selecting Settings, and then Certificates.
      		This is an optional field, but is required for inbound signature verification of business messages.
      • Certificate alias (inbound MDN sign verify): Enter the partner public certificate used by a trigger connection for inbound MDN signature verification. This is the same certificate that you upload for the Trust category of the X.509 (SSL transport) type by selecting Settings, and then Certificates.
      		This is an optional field, but is required for inbound signature verification of MDN acknowledgments.
      • Username (AS2 endpoint): Enter the username used by an invoke connection for sending an AS2 message to a protected partner endpoint.
      • Password (AS2 endpoint): Enter the password required for sending the AS2 message to the protected partner endpoint.
      		These are optional fields, but are required for sending business messages to a partner's secured endpoint.
      • Private key alias (AS2 signature): Enter the private key used by an invoke connection to send a signed AS2 message. This is the same key that you upload for the Identity category of the X.509 (SSL transport) type by selecting Settings, and then Certificates.
      • Key password (AS2 signature): Enter the password associated with the private key (AS2 signature) uploaded on the Certificates page by selecting Settings, and then Certificates.
      		These are optional fields, but are required for outbound signature generation of business messages.
      • Certificate alias (outbound AS2 encrypt): Enter the partner public certificate used by an invoke action for outbound AS2 message encryption. This is the same certificate that you upload for the Trust category of the X.509 (SSL transport) type by selecting Settings, and then Certificates.
      		This is an optional field, but is required for outbound data encryption of business messages.
      • Certificate alias (response MDN sign verify): Enter the partner public certificate used by an invoke action for response MDN signature verification. This is the same certificate that you upload for the Trust category of the X.509 (SSL transport) type by selecting Settings, and then Certificates.
      		This is an optional field, but is required for signature verification of synchronous MDN responses in adapter invoke operations.
    2. If you select AS2 Basic Policy.
      This security policy requires you to specify minimal configuration details to work in an integration.
      Login Credentials Comments
      • Username: Enter the username used for HTTP authentication of the trading partner's protected endpoint.
      • Password: Enter the password used for HTTP authentication.

      These are optional fields, but are required for sending business messages and asynchronous MDN acknowledgments to a partner's secured endpoint.
      • Private key alias: Enter the private key used for inbound data decryption and outbound signature generation. This is the same key that you upload for the Identity category of the X.509 (SSL transport) type by selecting Settings, and then Certificates.
      • Key password: Enter the password associated with the private key that you upload on the Certificates page by selecting Settings, and then Certificates.
      		These are optional fields, but are required for inbound data decryption of business messages and outbound signature generation for business messages and MDN acknowledgments.
      • Partner certificate alias: Enter the partner certificate used for outbound data encryption and inbound signature verification. This is the same key that you upload for the Trust category of the X.509 (SSL transport) type by selecting Settings, and then Certificates.

      This is an optional field, but is required for outbound data encryption of business messages, signature verification of synchronous MDN responses in adapter invoke operations, and inbound signature verification of business messages and MDN acknowledgments.
    3. If you select AS2 Advanced Message Protection Policy.
      This security policy is only available in the trigger (inbound) direction. This policy authenticates the inbound message with message level digital signature verification.
      Login Credentials Comments
      • Certificate Alias (Inbound AS2 Sign Verify): Enter the partner public certificate used by a trigger connection for inbound AS2 signature verification.

      This is a mandatory field.
      • Certificate Alias (Inbound MDN Sign Verify): Enter the partner public certificate used by the trigger connection for inbound MDN signature verification.

      This is a mandatory field.
      • Run-As-User: Enter the user name for executing inbound integration flows.

      This is a mandatory field.
      • Username (Async MDN): Enter the user name used by the trigger connection for authentication while sending an outbound MDN.
      • Password (Async MDN): Enter the password used by the trigger connection for authentication while sending an outbound MDN.
      		These are optional fields, but are required for sending asynchronous MDN acknowledgments to a partner's secured endpoint.
      • Private Key Alias (AS2 Decryption): Enter the private key for inbound data decryption by the trigger connection.
      • Key Password (AS2 Decryption): Enter the password for the private key used by the trigger connection for inbound data decryption.
      		These are optional fields, but are required for inbound data decryption of business messages.
      • Private Key Alias (MDN Signature): Enter the private key used by the trigger connection to deliver the signed MDN.
      • Key Password (MDN Signature): Enter the password for the private key used by a trigger connection to deliver the signed MDN.
      		These are optional fields, but are required for outbound signature generation of MDN acknowledgments.
      • Username (AS2 Endpoint): Enter the username used by an invoke connection for sending an AS2 message to a protected partner endpoint.
      • Password (AS2 Endpoint): Enter the password required for sending the AS2 message to the protected partner endpoint.
      		These are optional fields, but are required for sending business messages to a partner's secured endpoint.
      • Private Key Alias (AS2 Signature): Enter the private key used by an invoke connection to send a signed AS2 message. This is the same key that you upload for the Identity category of the X.509 (SSL transport) type by selecting Settings, and then Certificates.
      • Key Password (AS2 Signature): Enter the password associated with the private key (AS2 signature) uploaded on the Certificates page by selecting Settings, and then Certificates. This prevents unauthorized of the private key.
      		These are optional fields, but are required for outbound signature generation of business messages.
      • Certificate Alias (Outbound AS2 Encrypt): Enter the partner public certificate used by an invoke action for outbound AS2 message encryption. This is the same certificate that you upload for the Trust category of the X.509 (SSL transport) type by selecting Settings, and then Certificates.
      		This is an optional field, but is required for outbound data encryption of business messages.
      • Certificate Alias (Response MDN Sign Verify): Enter the partner public certificate used by an invoke action for response MDN signature verification. This is the same certificate that you upload for the Trust category of the X.509 (SSL transport) type by selecting Settings, and then Certificates.
      		This is an optional field, but is required for signature verification of synchronous MDN responses in adapter invoke operations.

Configure the Endpoint Access Type

Configure access to your endpoint. Depending on the capabilities of the adapter you are configuring, options may appear to configure access to the public internet, to a private endpoint, or to an on-premises service hosted behind a fire wall.

Select the Endpoint Access Type

Select the option for accessing your endpoint.

Option This Option Appears If Your Adapter Supports ...
Public gateway Connections to endpoints using the public internet.
Private endpoint Connections to endpoints using a private virtual cloud network (VCN).

Note: To connect to private endpoints, you must complete prerequisite tasks in the Oracle Cloud Infrastructure Console. Failure to do so results in errors when testing the connection. See Connect to Private Resources in Provisioning and Administering Oracle Integration 3 and Troubleshoot Private Endpoints in Using Integrations in Oracle Integration 3.

Ensure Private Endpoint Configuration is Successful

  • To connect to private endpoints, you must complete prerequisite tasks in the Oracle Cloud Infrastructure Console. Failure to do so results in errors when testing the connection. See Connect to Private Resources in Provisioning and Administering Oracle Integration 3.
  • When configuring an adapter on the Connections page to connect to endpoints using a private network, specify the fully-qualified domain name (FQDN) and not the IP address. If you enter an IP address, validation fails when you click Test.
  • IPSec tunneling and FastConnect are not supported for use with private endpoints.

Test the Connection

Test your connection to ensure that it's configured successfully.

  1. In the page title bar, click Test. What happens next depends on whether your adapter connection uses a Web Services Description Language (WSDL) file. Only some adapter connections use WSDLs.
    If Your Connection... Then...

    Doesn't use a WSDL

    The test starts automatically and validates the inputs you provided for the connection.

    Uses a WSDL

    A dialog prompts you to select the type of connection testing to perform:

    • Validate and Test: Performs a full validation of the WSDL, including processing of the imported schemas and WSDLs. Complete validation can take several minutes depending on the number of imported schemas and WSDLs. No requests are sent to the operations exposed in the WSDL.

    • Test: Connects to the WSDL URL and performs a syntax check on the WSDL. No requests are sent to the operations exposed in the WSDL.

  2. Wait for a message about the results of the connection test.
    • If the test was successful, then the connection is configured properly.
    • If the test failed, then edit the configuration details you entered. Check for typos and verify URLs and credentials. Continue to test until the connection is successful.
  3. When complete, click Save.