Posts

Posts

  • 1-5 of 5
  • Nagesh Manda
    Best Practices for Creating Custom Roles for Integration...5
    Topic posted September 4, 2019 by Nagesh MandaSilver Medal: 2,000+ Points, tagged Cloud Integration, Fusion Applications Integration, Integrated Cloud Services, Order Management, Procurement, REST Services, SaaS Integration, Supply Chain Management in Integrations and Extensions public
    Title:
    Best Practices for Creating Custom Roles for Integration User
    Content:

    Hi All,

    I am looking for some inputs around the best practice to create custom roles (with specific Privileges to access Web / REST Services) for the integration user account created in Oracle ERP Cloud.

    Thanks in advance.

    Regards,

    Nagesh.

  • Caroline Moloney
    ERP Cloud Attachment Service - full list of possible...3
    Topic posted December 21, 2017 by Caroline Moloney, tagged Cloud Integration, File Based Data Integration - FBDI, Fusion Applications Integration, Integrated Cloud Services, SOAP Services, Supply Chain Management in Integrations and Extensions public
    Title:
    ERP Cloud Attachment Service - full list of possible entities and the use of userkeys
    Summary:
    full list of possible entities and the use of userkeys
    Content:

    Hi, 

    Does anyone have a full list of the object attachment service entities and user keys? We are trying to migrate from ebus to ERP cloud but struggling with attachments. 

    Caroline

  • Steve Lepine
    Activation of languages on Oracle Cloud Applications
    Topic posted October 13, 2017 by Steve LepineRed Ribbon: 250+ Points, tagged Cloud Integration, Extensions, File Based Data Integration - FBDI, Financials, Fusion Applications Integration, Inventory Management Cloud, PaaS - SaaS Extensions, Procurement, Project Portfolio Management, Setup Services, Supply Chain Management in Integrations and Extensions public
    Title:
    Activation of languages on Oracle Cloud Applications
    Summary:
    Impact of activating languages in Oracle Cloud HCM, ERP, SCM
    Content:

    We are looking at activating 3 languages (french, spanish, arabic) in our Oracle Cloud environments (Financials, SCM, HCM) and would like to hear about some of the challenges and experiences with multiple languages. Especially as it relates to system performance, report development, integration, conversion, etc....). Any information or document on experience would be appreciated. 

  • Donna Rosberg
    ERP / SCM- R12 Security Deep Dive for ERP Customers with...1
    Topic posted January 19, 2017 by Donna RosbergBronze Medal: 1,250+ Points, tagged Financials, Procurement, Project Portfolio Management, Supply Chain Management in Integrations and Extensions public
    Title:
    ERP / SCM- R12 Security Deep Dive for ERP Customers with Pre-Upgrade Effort: February 1, 2017, 9 a.m. PT - Submit Questions
    Content:

    Submit your questions for the ERP / SCM - R12 Security Deep Dive for ERP Customers with Pre-Upgrade Effort session to have them answered during the live event. Post your questions by posting a new comment to this topic.

    Please submit your questions by Tuesday, January 31, 2017.

  • Jack Desai
    Inbound and Outbound Data File Encryption through ERP...174.7
    Topic posted August 19, 2016 by Jack DesaiRed Ribbon: 250+ Points, tagged Cloud Integration, Export Bulk Data, Extensions, File Based Data Integration - FBDI, Financials, Fusion Applications Integration, Import Bulk Data, Integrated Cloud Services, PaaS - SaaS Extensions, Pre-built Integration, Procurement, Project Portfolio Management, REST Services, SaaS Integration, SOACS, SOAP Services, Supply Chain Management, Transaction Services in Integrations and Extensions public
    Title:
    Inbound and Outbound Data File Encryption through ERP Integration Service
    Summary:
    How to encrypt and decrypt data files between ERP Cloud and On-premise/PaaS
    Content:

    Introduction

    Since your inbound or outbound data files are transmitted over the internet and often times contain company sensitive information and financial transactions like journal entries, invoices, payments and bank records, data encryption is a critical and essential element in implementing your integrations with Oracle ERP Cloud. You can secure data files between Oracle ERP Cloud R11+ and your on-premise/PaaS applications or systems. This is supported through ERP integration service that supports 100+ interfaces across Financials, Project Portfolio Management, Procurement and Supply Chain Management.

    The following diagram illustrates the import integration flow (also known as File-Based Data Import - FBDI). Please refer this post for more details.

    The following diagram illustrates the export process (extracting data out from ERP Cloud). Please refer this post for more details.

    Oracle ERP Cloud supports Pretty Good Privacy (PGP) unsigned encryption with 1024 key size. There are two types of encryption keys:
    1.    Oracle ERP Cloud Key
    2.    Customer Key

    Oracle ERP Cloud PGP Key

    The public key is used by the customer to encrypt the data file and respective private key is used by import bulk data process to decrypt the data file before starting load and import process. The file stored in content server (UCM) remains encrypted. 

    Customer PGP Key

    ERP Cloud uses customer's public key to encrypt the extracted file and uploads to UCM. Customer uses their private key to decrypt the file in on-premise or PaaS systems. 
     

    Manage PGP Certificates

    Certificates establish keys for the encryption and decryption of data that Oracle Cloud applications exchange with other applications. The Oracle Fusion Applications Security Console is an easy-to-use administrative interface that you access by selecting Tools - Security Console on the home page or from the Navigator. Use the Certificates page in the Security Console functional area to manage PGP certificates.

    This is a Security Console Screen:

    Generate ERP Cloud PGP Certificate

    From the Certificates page, select the Generate option. In a Generate page, select the certificate format PGP, and enter values appropriate for the format.

    For a PGP certificate, these values include:

    • An alias (name) and passphrase to identify the certificate uniquely.
    • The algorithm by which keys are generated, DSA or RSA.
    • A key length – select 1024.

    Once the key is generated, customer must export the public key to encrypt the FBDI data file.

    Export Customer's PGP Public Key

    Follow these steps to export public key:

    1. From the Certificates page, select the menu available in the row for the certificate you want to export. Or open the details page for that certificate and select its Actions menu.
    2. In either menu, select Export, then Public Key
    3. Select a location for the export file. By default, this file is called [alias]_pub.asc

    Import Customer's PGP Public Key

    The customer public key will be used by ERP Cloud to encrypt outbound file. Customer will decrypt this file using their private key. Follow these steps to import customer's public key:

    1. On the Certificates page, select the Import button.
    2. In the Import page, select PGP and specify an alias (which need not match the alias of the file you are importing).
    3. Browse for the public-key file, and then select Import and Close.

    The Certificates page displays a record for the imported certificate, with the Private Key cell unchecked.

     

    Enabling Encryption in Import Process

    Please refer this post on automating bulk import process. This post will document additional information to encrypt the file only.

    When enabled, ERP Cloud will decrypt the inbound data file using cloud private key before starting load and import process. These are the following steps to enable encryption in your import process

    1. Encrypt Data (zip) File

    Encrypt inbound data (zip) file using Oracle ERP Cloud public key. Use "gpg" utility in Linux system to encrypt the file as follows:

    Import ERP Cloud public key (one-time configuration) using the following command

    gpg --import <MY_ERP_KEY_pub.asc>

    ###Verify the imported key using this command

    gpg --list-keys

    Once ­public key is imported, use the following command to encrypt your inbound data file:

     

    gpg --cipher-algo=AES -r=<alias> --encrypt <my_data_file>.zip

     

     

    The encrypted file will be renamed as <my_data_file>.zip.gpg.

    2. Add Encryption options in "importBulkData" Payload

    In importBulkData payload, provide the following job options

    Options

    Value

    FileEncryption PGPUNSIGNED

    FA_ALIAS

    ERP Cloud Key Alias Name

    CUSTOMER_ALIAS

    Customer Key Alias Name

     

    Example in your importBulkData request payload: <typ:jobOptions>FileEncryption=PGPUNSIGNED,FA_ALIAS=<ERP_CLOUD_KEY>,CUSTOMER_ALIAS=<CUSTOMER_KEY></typ:jobOptions>

    Note: Alias names are defined when you generate ERP Cloud key or import customer key.

    The following sample payload illustrates the Journal import process request payload:

       <soapenv:Body>
          <typ:importBulkData>
             <typ:document>
                <erp:Content>AAgACAMgAAAB5AQAAAAA=</erp:Content>
                <erp:FileName>journal_1234.zip</erp:FileName>
             </typ:document>
             <typ:jobDetails>
               <erp:JobName>/oracle/apps/ess/financials/generalLedger/programs/common,JournalImportLauncher</erp:JobName>
                <!--Optional:-->
                <erp:ParameterList>#NULL,#NULL,Balance Transfer,#NULL,1,jrd1,N,N,N</erp:ParameterList>
             </typ:jobDetails>
             <typ:notificationCode>10</typ:notificationCode>
             <typ:callbackURL>my_callbacl_endpoint_url</typ:callbackURL>
             <typ:jobOptions>FileEncryption=PGPUNSIGNED,FA_ALIAS=JACK_ERP_KEY,CUSTOMER_ALIAS=JACK_ERP_KEY</typ:jobOptions>
         </typ:importBulkData>
       </soapenv:Body>

     

     

    Enabling Encryption in Export Process

    Please refer this post on automating bulk export process. When enabled, ERP Cloud will encrypt extracted data file using customer’s public key and upload it to UCM. These are the following steps to enable encryption in import process

    1. Add Encryption options in "importBulkData" Payload

    In exportBulkData payload, provide the following job options

    Options

    Value

    FileEncryption PGPUNSIGNED

    FA_ALIAS

    ERP Cloud Key Alias Name

    CUSTOMER_ALIAS

    Customer Key Alias Name

     

    Example in your exportBulkData request payload: <typ:jobOptions>FileEncryption=PGPUNSIGNED,FA_ALIAS=<ERP_CLOUD_KEY>,CUSTOMER_ALIAS=<CUSTOMER_KEY></typ:jobOptions>

    Note: Alias names are defined when you generate ERP Cloud key or import customer key.

    The following sample payload illustrates the export process request payload:

      <soap:Body>
      <ns1:exportBulkData xmlns:ns1="http://xmlns.oracle.com/apps/financials/commonModules/shared/model/erpIntegrationService/types/">
                                <ns1:jobName>job_package_name,job_name</ns1:jobName>
        <ns1:parameterList>48,1001</ns1:parameterList>
        <ns1:jobOptions>FileEncryption=PGPUNSIGNED,FA_ALIAS=JACK_ERP_KEY,CUSTOMER_ALIAS=JACK_ERP_KEY</ns1:jobOptions>
        <ns1:callbackURL>30</ns1:callbackURL>
        <ns1:notificationCode>http://hostname:port/myCallbackService</ns1:notificationCode>

      </ns1:exportBulkData>
    </soap:Body>>

     

    2. Encrypt Data (zip) File

    Decrypt the output file using customer private key. To decrypt outbound data file:

    First you must import customer’s private key as follows:

    gpg --allow-secret-key-import --import <my_private.asc>

    ###Verify the imported key using this command

    gpg --list-keys

     

    Once customer’s private key is imported, use the following command to decrypt your outbound data file:

    gpg --decrypt <EncryptedFileName> > <DecryptedFileName>

     

    Conclusion

    This post provides detailed information on how to protect both inbound and outbound data file. This is in addition to SSL and Oracle Web Service Manager (OWSM) message protection policy over the internet.