How to use SFTP adapter in Oracle SOA

Common requirement in integration projects is to transfer files in/out of a system in a secured manner. FTP is the usual protocol for transferring files and if additional security is required then SFTP (Secured FTP) is the way to go. In this post I would cover some of the ways FTP adapter can be configured in SOA to make use of SFTP.

SFTP supports couple of authentication mechanisms to ensure additional security on top of the FTP protocol.

  • Password authentication
  • Public Key authentication

In password authentication, the external site/vendor which hosts the FTP server shares a username/password combination which has to be configured on the SOA server. At runtime when a SFTP connection is attempted, the username/password is made use of for establishing the connection.

Similarly in Public key authentication, a private-public key pair is generated. The public key is shared with the external site/vendor which hosts the FTP server. At runtime when a SFTP connection is attempted, Fusion process will try to match the private key stored locally on SOA server with the public key on Remote FTP Server and do the authorization first before sending/posting the files.

The configuration information  is stored in  MW_HOME/Oracle_SOA1/soa/connectors/FtpAdapter.rar/weblogic-ra.xml .

Setting up the ssh between the client and sever.

1. Navigate to home folder on SOA servers with user oracle SOA server is running.

2. Execute the below command  “ ssh-keygen” . This will generate the pair of public and private keys

3. Copy the public key of the SOA host to remote SFTP server’s authorized_keys file. This file is located in “/home/<user>/.ssh”  directory. Public key of the SOA host is in the file id_rsa.pub  file. We need to copy the content of the file and place in authorized_keys on the SFTP server.

4.  Test the SFTP setup by login to SOA server and ssh to remote SFTP server. One time you have to establish the authenticity of the remote server SFTP server for that when it prompts enter YES  .

$ ssh <<user2>>@ SFTPHOST
The authenticity of host IPADDRESS (IPADDRESS)’ can’t be established.
RSA key fingerprint isXXXXXXXXXXXXXXXXXXXX
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added IPADDRESS (RSA) to the list of known hosts.
[<<user2>>@f14 ~]$

Now we have successfully set-up the public key based secure FTP connection from SOA host to Remote SFTP server.

We will setup the FTP Adapter configuration  in SOA weblogic domain.

1. Note down the JNDI name of the FTP server that we need to configure from Developers/jdeveloper.

2. Login to the SOA domain console and navigate to Deployment->FtpAdapter->Configurations->Outbound connection pool .  Injavax.rescources.cci.ConnectionFactory connection pool. Create the instance with the name of JNDI.

image

3. Select the “eis/test/FtpAdapter”  and update the below properties values with environment specific.

    • Authentication Type – > publickey
    • host                             –> <Remote SFTP server host >
    • port                             –> 22
    • privateKeyFile           –> /home/<user1>/.ssh/id_rsa
    • username                   –> <user2>
    • useSftp                        —> true

4. Once we have updated the values, we need to update the deployment FTP Adapter. And activate the changes.

image

5. FTP Adapter Service is ready to used by other SOA composites

Advertisements

2 thoughts on “How to use SFTP adapter in Oracle SOA

  1. thank you, in case the extern Systen for example EBS gave us the private key, how can i resolved, can i have generate the keys or save the private key o EBS in directory in my SOA ???

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s