Configuring SFTP Embedded Transfers using key based authentication in Oracle MFT – SOA Suite 12C

In this post we will see how to configure SFTP Embedded transfers in oracle MFT console using public and private key pair based authentication.

For achieving this we have to follow the below steps.

STEP 1–>

Generate public and private key pair on the SFTP machine and copy the public to oracle MFT server.

We will generate these keys using SSH-KEYGEN utility and copy the .pub file to MFT server.

Command–> ssh-keygen \-t rsa \-b 2048

STEP 2–>

Generate public and private key pair in the MFT server.

We will generate these keys using SSH-KEYGEN utility.

Command –> ssh-keygen \-t rsa \-b 2048

STEP 3–>

Now we have to import the private key from MFT machine to MFT server keystore.

For doing this we are using wlst script.

login in your mft server.

login as: testuser
Using keyboard-interactive authentication.
Password:
#######################################
testuser @localhost:~$ pwd
/export/home/testuser
testuser @localhost:~$ cd /OracleSOA12.2.1/mft/common/bin
testuser @localhost:~$ wlst.sh (in windows machine its wlst.cmd)
Initializing WebLogic Scripting Tool (WLST) …
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands

wls:/offline> connect(“weblogic”,”weblogic?,”t3://localhost:9003?)
Connecting to t3://localhost:9003 with userid weblogic …
Successfully connected to managed Server “mft_server1” that belongs to domain “fmw_domain”.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

wls:/ fmw_domain/serverConfig> importCSFKey(‘SSH’, ‘PRIVATE’, ‘MFTAlias’, ‘/home/oracle/.ssh/sftplocalmft’) 

CSF key imported successfully.
wls:/base_domain/serverConfig> listCSFKeyAliases(‘SSH’, ‘PRIVATE’)
Key Details
————————————————————————–
‘MFTAlias’, Format PKCS#8, RSA

STEP 4 –>

Now we have to import the public key of remote SFTP host to MFT server.

wls:/ fmw_domain/serverConfig> importCSFKey(‘SSH’, ‘PUBLIC’, ‘MFT_RemotePub’, ‘/home/oracle/.ssh/authorized_keys’)
CSF key imported successfully.
wls:/base_domain/serverConfig> listCSFKeyAliases(‘SSH’, ‘PUBLIC’)
Key Details
————————————————————————–
‘MFT_ RemotePub’, Format X.509, RSA

wls:/base_domain/serverConfig> exit()

Exiting WebLogic Scripting Tool.

 STEP 5–>

Now login to MFT console , go to Administration tab.

Inside Embedded Servers, go to sFTP tab and enable SFTP by checking the checkbox, Set authentication as Public Key, Set the host key alias as private key alias set during import in Step 3 and save and click on START button.

Embsftp1.jpg

STEP 6–>

Now we have to Configure MFT users and corresponding SFTP directories to be used by remote partners

Go to Administration Tab, configure the user and the SFTP root directory, which will be used by in remote SFTP client session. Note that the userID will be the same as the Public Key Alias, used while importing the public key in Step4.

STEP 7 –>

Now we have to configure the Keystore in MFT console with the private alias we have created in above steps.

Login to MFT console and click on Administration tab.

On the left hand side you will see “keystores”, click on it to configure your keystore.

Provide the key store password for “default keystore” and “SSH  Keystore”.

Embsftp2

Now we have to save the changes by clicking “SAVE” button.

STEP 8–>

Now we have to restart the embedded SFTP Server.

The embedded SFTP Server should be restarted for any embedded server related configuration changes to take effect. In case the SFTP server is not running, it can be started now.

STEP 9–>

Now Create the SFTP Embedded source and use it.

Advertisements

Using PGP Encryption in oracle MFT – SOA Suite12C

In Oracle MFT transfers , we have pre processing action like “PGP Encryption”. Now in this post we will see how to create and use PGP encryption keys in MFT.

Before using PGP encryption in MFT , we have to create PGP key using wlst commands.

STEP 1–>

Login to your unix box and navigate to the below path.

Domain_Home\mft\common\bin

Run the wlst.sh

login as: testuser
Using keyboard-interactive authentication.
Password:
#######################################
testuser @localhost:~$ pwd
/export/home/testuser
testuser @localhost:~$ cd /OracleSOA12.2.1/mft/common/bin
testuser @localhost:~$ wlst.sh (in windows machine its wlst.cmd)
Initializing WebLogic Scripting Tool (WLST) …
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands

STEP2–>

Connect to Oracle MFT server with below command.

wls:/offline> connect(“weblogic”,”weblogic?,”t3://localhost:9003?)
Connecting to t3://localhost:9003 with userid weblogic …
Successfully connected to managed Server “mft_server1” that belongs to domain “fmw_domain”.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

STEP3–> 

Now we have to generate the PGP Keys to create a password-protected PGP key pair.

Use the below wlst command for generating Key.

wls:/offline>generateKeys(‘PGP’, Enter password for key,’directory to generate the pg key’)

It will create two keys pub.asc (Public) and secret.asc (Private)

STEP4–>

Now we have to import the PGP key pair to our MFT server.

wls:/offline>importCSFKey(‘PGP’, ‘PUBLIC’, ‘My PGP Alias Name’, ‘complete location/pub.asc’)
wls:/offline>importCSFKey(‘PGP’, ‘PRIVATE’, ‘My PGP Alias Name’, ‘complete location/secret.asc’)

STEP5–>

Now login to your MFT console and go to Administration tab and click on keystores.

In PGP keystores, enter the password which you have used while generating the PGP key and SAVE.

That’s all, now you can use the PGP keys in your MFT transfers.

Data Source Connection Issue in SOA Suite 12C (No more data to read from socket)

Issue–> Sometimes we will get the below errors while connecting to database using data source.

Error –>

java.sql.SQLException: No more data to read from socket at oracle.jdbc.driver.T4CMAREngine.unmarshalUB1(T4CMAREngine.java:1200) at oracle.jdbc.driver.T4CMAREngine.unmarshalSB1(T4CMAREngine.java:1155) at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:279) at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:186) at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:521) at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:194) at oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:853) at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:1145)

Solution–> We will get this error if application is holding the connection from database pool and went in to staled state.

In these cases restarting the db will help.

Issue with B2B (Error loading XEngine libraries. XEngine is most likely not installed)

Issue–> when testing b2b composite getting the below error.

Error–> Error loading XEngine libraries. XEngine is most likely not installed

Solution–>

After some research i found that libraries files are not loading in weblogic server. Please perform below steps to verify the resolution.

  1. Navigate to mentioned path and edit setSOADomainEnv.sh

<WebLogicInstallDirectory>/user_projects/domains/<DomainName>/bin/

  1. Add the mentioned path in setSOADomainEnv.sh

set LD_LIBRARY_PATH=<MiddlewareHome>/Oracle_SOA1/soa/thirdparty/edifecs/XEngine/bin

  1. Weblogic server bounce

Data Source Connection Issue (java.sql.SQLException: Closed Connection)

Issue–>  Sometimes we use to get the below error while connecting to DB.

Error–>

java.sql.SQLException: Closed Connection at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:70) at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:133) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:199) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:263) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:271) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:445) at oracle.jdbc.driver.OracleStatement.ensureOpen(OracleStatement.java:3620)

Solution –>

To resolve these kinds of errors we have to disable “Test Connection On Reserve”.

JNDI Connection Error in SOA Suite 12C (Could not create/access the TopLink Session)

Issue –> While testing the composite I got the below error.

Error –> <bpelFault><faultType>0</faultType><bindingFault xmlns=”http://schemas.oracle.com/bpel/extension“><part name=”summary”><summary>Exception occured when binding was invoked. Exception occured during invocation of JCA binding: “JCA Binding execute of Reference operation ‘merge’ failed due to: Could not create/access the TopLink Session. This session is used to connect to the datastore. Caused by Exception [EclipseLink-7060] (Eclipse Persistence Services – 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.ValidationException Exception Description: Cannot acquire data source [jdbc/TEST_DB]. Internal Exception: javax.naming.NameNotFoundException: Unable to resolve ‘jdbc.TEST_DB’. Resolved ‘jdbc’; remaining name ‘TEST_DB’. You may need to configure the connection settings in the deployment descriptor (i.e. DbAdapter.rar#META-INF/weblogic-ra.xml) and restart the server. This exception is considered not retriable, likely due to a modelling mistake. “. The invoked JCA adapter raised a resource exception. Please examine the above error message carefully to determine a resolution. </summary></part><part name=”detail”><detail> Exception Description: Cannot acquire data source [jdbc/TEST_DB]. Internal Exception: javax.naming.NameNotFoundException: Unable to resolve ‘jdbc.TEST_DB. Resolved ‘jdbc’; remaining name ‘TEST_DB'</detail></part><part name=”code”><code>null</code></part></bindingFault></bpelFault>

Solution –>To Resolve these errors please follow the below steps.

  1. Check if the outbound connection pool is created with correct data source jndi name or not.  Check the Connection pool XAdatasource name is updated with your datasource jndi name, if not update it and update your DB adapter.
  1. Check if the data source is targeted to your soa server or not, if not target it.

OSB server’s start up issue in SOA Suite 12C

Issue –> OSB server is not starting due to below error.

Error –>

<Feb 23, 2016 9:07:28 AM IST> <Error> <Deployer> <BEA-149205> <Failed to initialize the application “SB_JMS_Proxy_a24e8e7.N664bd5ed.2.153a366271b.N8000” due to error weblogic.management.DeploymentException: Exception occured while downloading files weblogic.management.DeploymentException: Exception occured while downloading files at weblogic.deploy.internal.targetserver.datamanagement.AppDataUpdate.doDownload(AppDataUpdate.java:50)        at weblogic.deploy.internal.targetserver.datamanagement.DataUpdate.download(DataUpdate.java:     at weblogic.deploy.internal.targetserver.datamanagement.Data.prepareDataUpdate(Data.java:127)        at weblogic.deploy.internal.targetserver.BasicDeployment.prepareDataUpdate(BasicDeployment.java:821     at weblogic.deploy.internal.targetserver.BasicDeployment.stageFilesForStatic(BasicDeployment.java:874)

Truncated. see log file for complete stacktrace

Caused By: java.io.IOException: [DeploymentService:290066]Error occurred while downloading files from Administration Server for deployment request “0”. Underlying error is: “null”
at weblogic.deploy.service.datatransferhandlers.HttpDataTransferHandler.getDataAsStream(HttpDataTransferHandler.java:87)
at weblogic.deploy.service.datatransferhandlers.DataHandlerManager$RemoteDataTransferHandler.getDataAsStream(DataHandlerManager.java:171)
at weblogic.deploy.internal.targetserver.datamanagement.AppDataUpdate.doDownload(AppDataUpdate.java:46)
at weblogic.deploy.internal.targetserver.datamanagement.DataUpdate.download(DataUpdate.java:59)
at weblogic.deploy.internal.targetserver.datamanagement.Data.prepareDataUpdate(Data.java:127)
Truncated. see log file for complete stacktrace>

Solution –>

Removed SB_JMS_Proxy** entries from config.xml in $DOMAIN-HOME/config

un deployed (deleted)the ear “SB_JMS_Proxy_a24e8e7.N664bd5ed.2.153a366271b.N8000” from oracle weblogic server.

And restarted the server without any issues.