Common requirement in integration projects is to transfer files in/out of a system in a secured manner. FTP is the usual protocol for transferring files and if additional security is required then SFTP (Secured FTP) is the way to go. In this post I would cover some of the ways FTP adapter can be configured in SOA to make use of SFTP.
SFTP supports couple of authentication mechanisms to ensure additional security on top of the FTP protocol.
- Password authentication
- Public Key authentication
In password authentication, the external site/vendor which hosts the FTP server shares a username/password combination which has to be configured on the SOA server. At runtime when a SFTP connection is attempted, the username/password is made use of for establishing the connection.
Similarly in Public key authentication, a private-public key pair is generated. The public key is shared with the external site/vendor which hosts the FTP server. At runtime when a SFTP connection is attempted, Fusion process will try to match the private key stored locally on SOA server with the public key on Remote FTP Server and do the authorization first before sending/posting the files.
The configuration information is stored in MW_HOME/Oracle_SOA1/soa/connectors/FtpAdapter.rar/weblogic-ra.xml .
Setting up the ssh between the client and sever.
1. Navigate to home folder on SOA servers with user oracle SOA server is running.
2. Execute the below command “ ssh-keygen” . This will generate the pair of public and private keys
3. Copy the public key of the SOA host to remote SFTP server’s authorized_keys file. This file is located in “/home/<user>/.ssh” directory. Public key of the SOA host is in the file id_rsa.pub file. We need to copy the content of the file and place in authorized_keys on the SFTP server.
4. Test the SFTP setup by login to SOA server and ssh to remote SFTP server. One time you have to establish the authenticity of the remote server SFTP server for that when it prompts enter YES .
$ ssh <<user2>>@ SFTPHOST
The authenticity of host IPADDRESS (IPADDRESS)’ can’t be established.
RSA key fingerprint isXXXXXXXXXXXXXXXXXXXX
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added IPADDRESS (RSA) to the list of known hosts.
Now we have successfully set-up the public key based secure FTP connection from SOA host to Remote SFTP server.
We will setup the FTP Adapter configuration in SOA weblogic domain.
1. Note down the JNDI name of the FTP server that we need to configure from Developers/jdeveloper.
2. Login to the SOA domain console and navigate to Deployment->FtpAdapter->Configurations->Outbound connection pool . Injavax.rescources.cci.ConnectionFactory connection pool. Create the instance with the name of JNDI.
3. Select the “eis/test/FtpAdapter” and update the below properties values with environment specific.
- Authentication Type – > publickey
- host –> <Remote SFTP server host >
- port –> 22
- privateKeyFile –> /home/<user1>/.ssh/id_rsa
- username –> <user2>
- useSftp —> true
4. Once we have updated the values, we need to update the deployment FTP Adapter. And activate the changes.
5. FTP Adapter Service is ready to used by other SOA composites