Configuring SFTP Embedded Transfers using key based authentication in Oracle MFT – SOA Suite 12C

In this post we will see how to configure SFTP Embedded transfers in oracle MFT console using public and private key pair based authentication.

For achieving this we have to follow the below steps.

STEP 1–>

Generate public and private key pair on the SFTP machine and copy the public to oracle MFT server.

We will generate these keys using SSH-KEYGEN utility and copy the .pub file to MFT server.

Command–> ssh-keygen \-t rsa \-b 2048

STEP 2–>

Generate public and private key pair in the MFT server.

We will generate these keys using SSH-KEYGEN utility.

Command –> ssh-keygen \-t rsa \-b 2048

STEP 3–>

Now we have to import the private key from MFT machine to MFT server keystore.

For doing this we are using wlst script.

login in your mft server.

login as: testuser
Using keyboard-interactive authentication.
Password:
#######################################
testuser @localhost:~$ pwd
/export/home/testuser
testuser @localhost:~$ cd /OracleSOA12.2.1/mft/common/bin
testuser @localhost:~$ wlst.sh (in windows machine its wlst.cmd)
Initializing WebLogic Scripting Tool (WLST) …
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands

wls:/offline> connect(“weblogic”,”weblogic?,”t3://localhost:9003?)
Connecting to t3://localhost:9003 with userid weblogic …
Successfully connected to managed Server “mft_server1” that belongs to domain “fmw_domain”.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

wls:/ fmw_domain/serverConfig> importCSFKey(‘SSH’, ‘PRIVATE’, ‘MFTAlias’, ‘/home/oracle/.ssh/sftplocalmft’) 

CSF key imported successfully.
wls:/base_domain/serverConfig> listCSFKeyAliases(‘SSH’, ‘PRIVATE’)
Key Details
————————————————————————–
‘MFTAlias’, Format PKCS#8, RSA

STEP 4 –>

Now we have to import the public key of remote SFTP host to MFT server.

wls:/ fmw_domain/serverConfig> importCSFKey(‘SSH’, ‘PUBLIC’, ‘MFT_RemotePub’, ‘/home/oracle/.ssh/authorized_keys’)
CSF key imported successfully.
wls:/base_domain/serverConfig> listCSFKeyAliases(‘SSH’, ‘PUBLIC’)
Key Details
————————————————————————–
‘MFT_ RemotePub’, Format X.509, RSA

wls:/base_domain/serverConfig> exit()

Exiting WebLogic Scripting Tool.

 STEP 5–>

Now login to MFT console , go to Administration tab.

Inside Embedded Servers, go to sFTP tab and enable SFTP by checking the checkbox, Set authentication as Public Key, Set the host key alias as private key alias set during import in Step 3 and save and click on START button.

Embsftp1.jpg

STEP 6–>

Now we have to Configure MFT users and corresponding SFTP directories to be used by remote partners

Go to Administration Tab, configure the user and the SFTP root directory, which will be used by in remote SFTP client session. Note that the userID will be the same as the Public Key Alias, used while importing the public key in Step4.

STEP 7 –>

Now we have to configure the Keystore in MFT console with the private alias we have created in above steps.

Login to MFT console and click on Administration tab.

On the left hand side you will see “keystores”, click on it to configure your keystore.

Provide the key store password for “default keystore” and “SSH  Keystore”.

Embsftp2

Now we have to save the changes by clicking “SAVE” button.

STEP 8–>

Now we have to restart the embedded SFTP Server.

The embedded SFTP Server should be restarted for any embedded server related configuration changes to take effect. In case the SFTP server is not running, it can be started now.

STEP 9–>

Now Create the SFTP Embedded source and use it.

Advertisements

Using PGP Encryption in oracle MFT – SOA Suite12C

In Oracle MFT transfers , we have pre processing action like “PGP Encryption”. Now in this post we will see how to create and use PGP encryption keys in MFT.

Before using PGP encryption in MFT , we have to create PGP key using wlst commands.

STEP 1–>

Login to your unix box and navigate to the below path.

Domain_Home\mft\common\bin

Run the wlst.sh

login as: testuser
Using keyboard-interactive authentication.
Password:
#######################################
testuser @localhost:~$ pwd
/export/home/testuser
testuser @localhost:~$ cd /OracleSOA12.2.1/mft/common/bin
testuser @localhost:~$ wlst.sh (in windows machine its wlst.cmd)
Initializing WebLogic Scripting Tool (WLST) …
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands

STEP2–>

Connect to Oracle MFT server with below command.

wls:/offline> connect(“weblogic”,”weblogic?,”t3://localhost:9003?)
Connecting to t3://localhost:9003 with userid weblogic …
Successfully connected to managed Server “mft_server1” that belongs to domain “fmw_domain”.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

STEP3–> 

Now we have to generate the PGP Keys to create a password-protected PGP key pair.

Use the below wlst command for generating Key.

wls:/offline>generateKeys(‘PGP’, Enter password for key,’directory to generate the pg key’)

It will create two keys pub.asc (Public) and secret.asc (Private)

STEP4–>

Now we have to import the PGP key pair to our MFT server.

wls:/offline>importCSFKey(‘PGP’, ‘PUBLIC’, ‘My PGP Alias Name’, ‘complete location/pub.asc’)
wls:/offline>importCSFKey(‘PGP’, ‘PRIVATE’, ‘My PGP Alias Name’, ‘complete location/secret.asc’)

STEP5–>

Now login to your MFT console and go to Administration tab and click on keystores.

In PGP keystores, enter the password which you have used while generating the PGP key and SAVE.

That’s all, now you can use the PGP keys in your MFT transfers.

Integrating Oracle Service Bus with Oracle MFT – SOA Suite 12C

In this post we will see, how to integrate oracle service bus with oracle MFT.

For this I have used the below use case.

.osbmft1

As per the use case , OSB receives the file from local file system and invokes Oracle MFT.

Oracle MFT receives the file from OSB and then transfer the file to a local file system.

STEP 1 –>

We will create a MFT source.

Login to MFT console and go to design tab and click on Sources to create a source.

Enter the name, Type (Service Bus),URL (Give Any name) and  click on Create.

It will open the source with complete URL as below.

STEP2 –>

We will create a MFT Target.

Go to design tab and click on Target to create a new Target.

Enter the target name , Type as FILE , and Folder (Local File Location)

osbmft5.JPG

Go to advanced properties of your target and click on Operations, select the operation type as “Rename” and file naming convention as “MyFinalFile%YYYYMMDDHHMMSS%.txt” .

osbmft6.JPG

Now click on Save and deploy.

STEP3–>

Once you are done with creating “Source” and “Target”, you have to create a Transfer (Which will Transfer the file from your OSB source to File Taregt).

For creating the Transfer click on “Transfer”, it will open a window to create a Transfer.

Provide the name and click on “Create”.

osbmft7

Add the source and target to the transfer. Here source is Osbsource and target as LocalFileTarget.

osbmft8

Now SAVE the Transfer and click on Deploy.

STEP4–>

We will create OSB Project which will receive the file from local system and invokes the MFT service.

Create a Proxy service with file adapter.

Create a business service based on the END point URL we have received from STEP1.

Your project looks like this.

osbmft2.JPG

Deploy the service bus project to server and TEST the use case by placing the file in OSB proxy service location..

Configuring sFTP Remote Target in Oracle MFT using key based authentication – SOA Suite 12c

In this post we will see how to configure SFTP target in oracle MFT console using public and private key pair based authentication.

For achieving this we have to follow the below steps.

STEP 1–>

Generate public and private key pair on the SFTP machine and copy the public to oracle MFT server.

We will generate these keys using SSH-KEYGEN utility and copy the .pub file to MFT server.

Command # ssh-keygen \-t rsa \-b 2048

STEP 2–>

Generate public and private key pair in the MFT server.

We will generate these keys using SSH-KEYGEN utility.

Command # ssh-keygen \-t rsa \-b 2048

STEP 3–>

Now we have to import the private key from MFT machine to MFT server keystore.

For doing this we are using wlst script.

login in your mft server.

login as: testuser

Using keyboard-interactive authentication.

Password:

#######################################

testuser@localhost:~$ pwd

/export/home/testuser

testuser@localhost:~$ cd /OracleSOA12.2.1/mft/common/bin

testuser@localhost:~$ wlst.sh (in windows machine its wlst.cmd)

Initializing WebLogic Scripting Tool (WLST) …

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> connect(“weblogic”,”weblogic″,”t3://localhost:9003″)
Connecting to t3://localhost:9003 with userid weblogic …
Successfully connected to managed Server “mft_server1” that belongs to domain “fmw_domain”.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

wls:/fmw_domain/serverConfig> importCSFKey(‘SSH’, ‘PRIVATE’, ‘MFTAlias’, ‘/home/oracle/.ssh/sftplocalmft’)
CSF key imported successfully.
wls:/fmw_domain/serverConfig> listCSFKeyAliases(‘SSH’, ‘PRIVATE’)
Key Details
————————————————————————–
‘MFTAlias’, Format PKCS#8, RSA

STEP 4–>

Now we have to import the public key of remote SFTP host to MFT server.

wls:/fmw_domain/serverConfig> importCSFKey(‘SSH’, ‘PUBLIC’, ‘MFT_RemotePub’, ‘/home/oracle/.ssh/authorized_keys’)
CSF key imported successfully.
wls:/fmw_domain/serverConfig> listCSFKeyAliases(‘SSH’, ‘PUBLIC’)
Key Details
————————————————————————–
‘MFT_ RemotePub’, Format X.509, RSA

wls:/fmw_domain/serverConfig> exit

Exiting WebLogic Scripting Tool.

STEP 5–>

Now we have to configure the Keystore in MFT console with the private alias we have created in above steps.

Login to MFT console and click on Administration tab.

On the left hand side you will see “keystores”, click on it to configure your keystore.

Provide the key store password for “default keystore” and “SSH     Keystore”.

mftkeystore1

Now we have to save the changes by clicking “SAVE” button.

STEP 6 –>

Create a target in your MFT console for SFTP remote directory.

Go to design view and click on Targets , it will open a new window .

Provide the name , type as sFTP Remote, host name (Remote sftp server host), folder (Remote sftp server directory), User (Remote SFTP user), Authentication as “PublicKey” and Private Key (it will show you the private key which we imported in STEP 3 ).

mftkeystore2

Click on OK. That’s it you are done with configuring SFTP Remote target in your MFT console.

MFT SFTP target is failing with exception “The value specified for the output (Physical/Logical)Directory interaction parameter or jca binding property has an invalid value”

Issue–> Issue is MFT is not able to find the location in the SFTP server, and throwing the below error .

Error –> 

while delivering message [Source-Identifier [null], Payload-Type [C:\OracleSOA12.2.1\user_projects\domains\fmw12c_domain /mft/ftp_root/payloads/ref/134/96/Tempfile01.txt] to endpoint [SFTPEndPoint: Host:[localhost], Port:[22], User:[testuser], Folder:[// mytargetfolder]]., cause=oracle.tip.adapter.sa.impl.fw.ext.org.collaxa.thirdparty.apache.wsif.WSIFException: file://wsdl/Put_ptt.wsdl [ Put_ptt::Put(part,part) ] – WSIF JCA Execute of operation ‘Put’ failed due to: Invalid Output Directory. Invalid Output Directory. The value specified for the output (Physical/Logical)Directory interaction parameter or jca binding property has an invalid value “// mytargetfolder “. ; nested exception is: BINDING.JCA-11014 Invalid Output Directory. Invalid Output Directory. The value specified for the output (Physical/Logical)Directory interaction parameter or jca binding property has an invalid value “//mytargetfolder “. Ensure that the following conditions are satisfied for the output directory : 1) It exists and is a directory (not a file). and 2) It is writable (file write permissions). and 3) If using a logical name, then ensure that the mapping from logical name<->physical directory is correctly specified in the deployment descriptor. ]

Solution–> To fix this we have to give the complete path of the folder.

For example , if i login with user testuser in sftp server , it will take you to the home directory of the user testuser.

login in your target sftp server.

login as: testuser

Using keyboard-interactive authentication.

Password:

#######################################

testuser @localhost:~$ pwd

/export/home/testuser

so we have to give the target directory as “/export/home/testuser/mytargetfolder”

After specifying the above value in my MFT target issue got resolved.

Integrating Oracle SOA with Oracle MFT-part2

This post is continuous to my previous post (Integrating Oracle SOA with Oracle MFT-part1), in this part you will see how oracle SOA will invokes the MFT service.

To view my previous post click here .(https://khassoablog.wordpress.com/2016/03/11/integrating-oracle-soa-with-oracle-mft/)

Use Case 2:- Oracle SOA invoking Oracle MFT service

Go to MFT and create a new Source as type SOA. In URL field give some name.

mftsoa18

Once the source is created it will show you the location as ENDPOINT URI.

mftsoa19

Click on Save and deploy the Source.

Create a Target to pace the files in to your target location. Go to Target and create a Target as below .

mftsoa20

Go to advanced properties of your target and click on Operations, select the operation type as “Rename” and file naming convention as “MyFinalFile%YYYYMMDDHHMMSS%.txt” .

mftsoa21.jpg

Now click on Save and deploy.

Once you are done with creating “Source” and “Target”, you have to create a Transfer (Which will Transfer the file from your source to SOA).

For creating the Transfer click on “Transfer”, it will open a window to create a Transfer.

Provide the name and click on “Create”.

Add the source and target which we have created above.

mftsoa22

Click on Save and deploy.

Now we have to invoke the MFT from Oracle SOA process, go to your project and right click on “External References” and select the MFT .

It will open a new window, give the name and click on Next.

mftsoa23

Select the radio button “”Define using new MFT reference” and click on Next.

mftsoa24

Select the App server and click on Next. (If you have not created the connection, create it by clicking on the + button).

Once you click on next, it will create a connection with your server and list the sources that are deployed on the MFT server.

Now we have to select the source and Endpoint URI.

mftsoa25

Click on Finish button. Now wire your reference with the BPEL process.

mftsoa26

Edit the bpel process and place a invoke activity and link it to the MFT reference.

Assign the payload and qheader to invoke partnerlink input variable.

mftsoa27

Now assign the partner link response to final output variable.

mftsoa28

Now your bpel process will look like this.

mftsoa29

Now deploy the BPEL process to server. And test it by placing the file in your source location.

You can see both the transfer are successful in MFT monitoring.

mftsoa30mftsoa31

You can see the file in target folder as below.

mftsoa32

Integrating Oracle SOA with Oracle MFT-part1

In this post you will see how to integrate Oracle MFT with Oracle SOA.

We are using the below pattern in this example.mftsoa1

As per the above diagram, we are calling SOA service from Oracle MFT and then Oracle SOA is calling Oracle MFT to place the file.

Steps :-

Oracle MFT receives the file from local folder and then invokes SOA process.

SOA process receives the file name as reference from Oracle MFT, then SOA process will invoke MFT endpoint.

MFT service will receive the file as reference from SOA and then place it in target location.

Use Case 1:- Oracle MFT invoking Oracle SOA service

Login to MFT console (http://host:port/mftconsole)

Go to Design tab and click on “Sources” to create a source location to pick the files.

Enter the name, type as “File” and location (Directory to pick the file) and click on Create button.

mftsoa2

For creating the Target we need an endpoint URI of SOA service.

Create a project in your Jdeveloper and copy and place the file “MFTSOAService.wsdl” from below location to your project WSDL folder.

WLS_Home/mft/integration/wsdl

mftsoa3

Right Click on “Exposed Services” and click on ‘HTTP’ to create a HTTP Binding Service.

Enter the name and click on Next.

mftsoa4

Select the radio button “Import an existing wsdl” and click on “WSDL URL” to select the wsdl.

mftsoa5

Go to File system and select the wsdl that we have copied to our project and click on OK button.

mftsoa6

Now wsdl is copied and it will show the port type and operation. Click on Next to proceed further.

mftsoa7mftsoa8

Click Next twice and finish the setup.

Now create a BPEL process (with No Service)and wire it to http binding.

mftsoa9

mftsoa10

Edit your BPEL Process and add Receive and Reply activities to your bpel process.

mftsoa11

Deploy the project to Server and get the end point URI of the composite.

Now we have to create a target in Oracle MFT with above endpoint URI.

Click on Target, it will open a window create the target.

Provide the name, type as “SOA” and URI (Endpoint URI) and click on create.

mftsoa12

Once you are done with creating “Source” and “Target”, you have to create a Transfer (Which will Transfer the file from your source to SOA).

For creating the Transfer click on “Transfer”, it will open a window to create a Transfer.

Provide the name and click on “Create”.

mftsoa13

Go to source and click on “Add Source ” to add the source , in the same way “Add Target” to add the target to your Transfer.

mftsoa14

In Source we will enter the value as “Newtest*.txt” in content filter “Wildcard”.

In Target side we have “delivery preferences”.  we will change delivery method as “Reference” and reference type as “File”.

mftsoa15

Click on Save and Deploy.

Test the process by placing the file in your local folder.

Go to monitoring in MFT and check the instances , you will see once instance as success.

mftsoa16

In EM console , You will see one instance is successfully created with file as reference..

mftsoa17