Integration

Get Involved. Join the Conversation.

Topic

    Mukesh Patil02
    Unable to receive call back from Cloud: CASDK-0054: Unable...Answered
    Topic posted October 14, 2019 by Mukesh Patil02Red Ribbon: 250+ Points, tagged Adapters, Cloud, ERP Cloud, Integration, PaaS, Web Services 
    86 Views, 6 Comments
    Title:
    Unable to receive call back from Cloud: CASDK-0054: Unable to verify the request sent by the client application.
    Summary:
    Unable to receive call back from Cloud: Getting error CASDK-0054: Unable to verify the request sent by the client application.
    Content:

    Hello All

    I am invoking fulfillment asynchronous service from OIC. Below is standard webservice for ERP Cloud provided by Oracle.

    https://CloudHost:CloudPort/soa-infra/services/default/DooTaskFulfillOrderResponseInterfaceComposite/fulfillmentresponse?WSDL

    This service supposed to send response via callback mechanism. I am able to process the request only, however I am not receiving the response from Cloud ( either success or fail)

    I am getting below error
    CASDK-0054: Unable to verify the request sent by the client application. The request sent to OIC integration flow is rejected

    I have two integrations:

    1. First to fire request to service DooTaskFulfillOrderResponseInterfaceComposite.
    2. Second to receive callback from cloud and store its result in file. 


    Please note that 

    Call to DooTaskFulfillOrderResponseInterfaceComposite is SOAP connection and not via ERP Cloud Adapter Connection. When i sent request, i can see my call back integration is triggered and two instances are created. This means cloud is trying to send response two times and there is no connectivity issue. Some security configuration is missing.

    1.CSF key are already configured in SOA composer.
    2.The certificates are already exchanged and configured in OIC.
    3.The said user INT_USER already exist in OIC as well as Cloud ERP

    Can anyone help me on this issue ?

    Mukesh

    Best Comment

    Mukesh Patil02

    The solution is multi fold and we fixed with Oracle team.

    Summary is

    1] FA application need SourceOrderSystem field value in request. Based on this value FA decide who is requestor system and to whom callback should be send.In my case its value is "OPS".

    2] If this field value does not exsit then as a default FA always pick first record in "Web Service Details" configutration on its side. Also it picks the username/password configured in first row to send callback to OIC.

    3]If no username/password is found it used default user as "FUSION_APPS_SCM_SOA_APPID". 

    4] The details of FA side configuration is found by searching "Manage External Interface Web Service Details" under Setup and Configuration. 

    5] Rasie SR for further issues.

    Mukesh Patil

    Comment

     

    • Hemanth Lakkaraju

      FA Composites callsback with Username password Token. So your callback integration should be using Username Password Token in the trigger connection security. I suspect you are using Basic Authentication.

      • Mukesh Patil02

        Hi Hemanth,

        I am using Username Password Token. I will try again and confirm soon.

        Surprisingly, In SR, Oracle recommending to use SAML based authentication, which i too feel is not correct.

        Mukesh

        • Hemanth Lakkaraju

          That is correct ONLY IF the callback comes from FA ADF-BC services and not FA Composites.

          • Mukesh Patil02

            Hi Hemanth

            Even after using  Username Password Token, i am facing same issue.

            Below i can see in logs

            ========================

            [2019-10-14T10:03:05.952+00:00] [oiciad4I_server_1] [ERROR] [] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '41' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 87e1b897-55e2-4b25-aac8-eaa7a2f556bd-000050a4,0] [APP: Cloud Adapter Inbound Http App] [partition-name: DOMAIN] [tenant-name: GLOBAL] [oracle.soa.tracking.FlowId: 19200006] [FlowId: 0000Mr9iAgCBDC1Lzul3iW1Td36G0000TP] [oracle.wsm.policy.name: ics/wss_username_or_jwt_token_service_policy] Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.service, application=Cloud Adapter Inbound Http App, composite=null, modelObj=integration/flowsvc/soap_ut/HRM_RECEIVE_FULLFILL_CALLBACK/v01, policy=ics/wss_username_or_jwt_token_service_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss-username-token., Failed due to : FailedAuthentication : The security token cannot be authenticated..

            [2019-10-14T10:03:05.962+00:00] [oiciad4I_server_1] [ERROR] [] [oracle.soa.adapter] [tid: [ACTIVE].ExecuteThread: '41' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 87e1b897-55e2-4b25-aac8-eaa7a2f556bd-000050a4,0] [APP: Cloud Adapter Inbound Http App] [partition-name: DOMAIN] [tenant-name: GLOBAL] [oracle.soa.tracking.FlowId: 19200006] [FlowId: 0000Mr9iAgCBDC1Lzul3iW1Td36G0000TP] Unable to process SOAP Request for ic/ws/integration/v1/flows/soap/HRM_RECEIVE_FULLFILL_CALLBACK/1.0 due to: [oracle.cloud.connector.impl.soap.HttpRequestException[[
            Security policy enforcement failed: : OWSM ICS Service request handler failed: InvalidSecurity : error in processing the WS-Security security header - InvalidSecurity : error in processing the WS-Security security header while applying policy ics/wss_username_or_jwt_token_service_policy - reason: WSM-00423 : Web service authentication failed for user FUSION_APPS_SCM_SOA_APPID.]

            ========================

            • Hemanth Lakkaraju

              reason: WSM-00423 : Web service authentication failed for user FUSION_APPS_SCM_SOA_APPID

              Looks like callback is coming with above user from FA. Does this user exist in OIC? You need to have this user created within OIC with at least ServiceUser role. (runtime privileges).

    • Mukesh Patil02

      The solution is multi fold and we fixed with Oracle team.

      Summary is

      1] FA application need SourceOrderSystem field value in request. Based on this value FA decide who is requestor system and to whom callback should be send.In my case its value is "OPS".

      2] If this field value does not exsit then as a default FA always pick first record in "Web Service Details" configutration on its side. Also it picks the username/password configured in first row to send callback to OIC.

      3]If no username/password is found it used default user as "FUSION_APPS_SCM_SOA_APPID". 

      4] The details of FA side configuration is found by searching "Manage External Interface Web Service Details" under Setup and Configuration. 

      5] Rasie SR for further issues.

      Mukesh Patil