Integrating With Fusion Application Using Services (SoapUi - SSL)

Fusion Applications provides web services that allow external systems to integrate with Fusion Applications. There are two types of services: ADF services and composite services. ADF services are created for a logical business object and provide functionality to access and manipulate these objects. The composite services are mostly process oriented and provide an orchestration of multiple steps.  

Information about the web services provided by Fusion Applications is hosted in Oracle Enterprise Repository (OER). The information provided by OER can be used to understand the functionality provided by the service and how the service can be called.

This series of articles describes how one can invoke SOAP web services provided by Fusion Applications using various technologies. In previous article we covered how to invoke a Fusion Application web service secured with simple username token using SoapUI. In this article we will cover a call to service secured with SSL policy.

Prerequisites

SoapUi

The reader is expected to have SoapUI installed.

Fusion Applications Web Service Policy

This example covers a call to a web service that support user name tokens and SSL. The example was tested with a service using "oracle/wss_username_token_over_ssl_service_policy" commonly available for Oracle SaaS environments.

Implementing Web Service Call

Generally the steps to call a SSL and non-SSL services are the same. The SSL services are however commonly configured to validate a timestamp though. So calls to SSL services commonly require the "wsu:Timestamp" element and the value used must be within tolerance. If the timestamp is not provided or the value is not within the tolerance you would see error such as:

      <env:Fault xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <faultcode>ns0:InvalidSecurityToken</faultcode>
         <faultstring>InvalidSecurityToken : The security token is not valid.</faultstring>
         <faultactor/>
      </env:Fault> 

To resolve the issue add the Timestamp element:

         <wsu:Timestamp wsu:Id="TS-2">
            <wsu:Created>2014-07-07T14:53:52.600Z</wsu:Created>
         </wsu:Timestamp> 

Tolerance is configured on the server for details of configuration refer to Advanced Administration. In Cloud environment the tolerance is not configurable by customer. While the timestamp can be "manually" added to the SOAP envelope, Soap UI provides easier way to default the value. First we create a SoapUi project by navigating "File -> New Soap Project":



The project name can be anything; it does not impact the web service call. For the "Initial WSDL" enter the location of the WSDL for the service to be called, in this example we will use the "LocationService" for HCM. The "Create Requests" checkbox is checked to generate an example SOAP Envelope. Click OK and once the tool is done with the generation navigate to the operation to be invoked, in this case we will invoke the "findByLocationId" operation.
To populate the header we can create a template to be applied on the request. Double click the project name, in this case "SoapUIDemoSSL" and navigate to "WS-Security Configurations -> Outgoing WS-Security Configurations". Here create a new "Outgoing WS-Security Configuration" and define values as follows:

  • Name: can be anything; it does not impact the web service call
  • Default Username/Alias: Populate the user name that you use to call the service with
  • Default Password: Populate the user name that you use to call the service with
  • Must Understand: check the checkbox
  • WSS-Entry -> Timestamp:
    • Time to Live: Set to some suitable value for example 1000 seconds, this controls the value used for expires component on the timestamp element created
  • WSS-Entry -> Username:
    • Password Type: PasswordText
    • Other values: accept the defaulted values


Now back on the request we add header to the request by right clicking and choosing "Outgoing WSS -> Apply SoapUiDemoSSL":



And to make the XML more readable choose the "Format XML":


The security header is defaulted to the request:

<soapenv:Envelope 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:typ="http://xmlns.oracle.com/apps/hcm/locations/locationServiceV2/types/">
   <soapenv:Header>
     
 <wsse:Security soapenv:mustUnderstand="1" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-5">
            <wsse:Username>username</wsse:Username>
           
 <wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
           
 <wsse:Nonce 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">B+atlEHEOWulzwCDLua3Jw==</wsse:Nonce>
            <wsu:Created>2014-07-07T15:21:10.307Z</wsu:Created>
         </wsse:UsernameToken>
         <wsu:Timestamp wsu:Id="TS-4">
            <wsu:Created>2014-07-07T15:21:10.306Z</wsu:Created>
            <wsu:Expires>2014-07-07T15:37:50.306Z</wsu:Expires>
         </wsu:Timestamp>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <typ:findByLocationId>
         <typ:locationId>300000000678079</typ:locationId>
      </typ:findByLocationId>
   </soapenv:Body>
</soapenv:Envelope>

With this the call to the service would succeed.

Summary

In this article we covered an example using SoapUI to integrate with Fusion Applications using web services secured with SSL policy. In future articles other technologies for invoking Fusion Applications web services will be covered.

References



Comments:

Thanks,

This is working fine for me but can you please help me with hcmPeopleRolesV2/UserDetailsService.

I am trying to get the user details based on the JWT User token (findSelfUserDetails).

I am not able to get it working neither in SOAPUI nor using UIAccelerator app.

Thanks in advance for your help.

Posted by guest on September 08, 2014 at 07:11 AM PDT #

Whats the issue you have? I don't have a JWT example yet, but it should work fine in SOAP UI, see this example:
http://docs.oracle.com/cloud/latest/salescs_gs/CSAPP/usertoken009.htm

--
Jani Rautiainen
Fusion Applications Developer Relations
https://blogs.oracle.com/fadevrel/

Posted by Jani Rautiainen on September 09, 2014 at 01:38 AM PDT #

Hi,

I tried to integrate UIAccelerator app but i am not able to validate JWT user token, but when I paas username and password I am able to get the details.

now I am trying to validate JWT token using SOAP UI and i have gone through the same link, but i am not able to understand how to pass following values to the HTTP Header:

Key: Authorization

Value: Bearer <jwt token value>. Note a space between Bearer and the token value.

can you please help me on this.

Thanks
Apoorv

Posted by apoorv Jain on September 09, 2014 at 01:53 AM PDT #

You mention "UIAccelerator"; can you elaborate what this relates to ?
In any case while I haven't tested this; in the SOAP UI you should be able to do this simly by:
1. Open the request
2. Click the "Headers" tab at the bottom of the request window
3. Click the "+" icon that "Adds a custom HTTP Header tho this message"
4. Add the key and value as documented

As stated I have not tried this, but it should work. For more details see SOAP UI documentation:
http://www.soapui.org/SOAP-and-WSDL/adding-headers-and-attachments.html#1-custom-http-headers
--
Jani Rautiainen
Fusion Applications Developer Relations
https://blogs.oracle.com/fadevrel/

Posted by Jani Rautiainen on September 09, 2014 at 02:54 AM PDT #

Screenshot of SoapUI: I have added Key and Value to the Header but still getting error.

https://drive.google.com/file/d/0Bz3I0eM2ELLWcl9VdlVSWmZSZ1E/edit?usp=sharing

UIAccelerator app: uses "hcmPeopleRolesV2/UserDetailsService" and findSelfUserDetails method to validate user token, so UIAccelerator app application is not working for me, so to debug that I am using SOAPUI to validate what is the real cause of issue, is it the token or the service or my SalesCloud need some setup to get JWT token enabled.

Posted by apoorv Jain on September 09, 2014 at 03:05 AM PDT #

Is there a reason why you think this is related to authentication ? Based on the screenshot I think its likely related to encoding or content type.
Check the request header, does it contain:
Accept-Encoding: gzip,deflate

This can be controlled in the SOAP UI preferences with "Request compression" and "Response compression" under the "HTTP Settings"
--
Jani Rautiainen
Fusion Applications Developer Relations
https://blogs.oracle.com/fadevrel/

Posted by Jani Rautiainen on September 09, 2014 at 04:01 AM PDT #

gzip,deflate issue is gone now but still I am getting following error, when connecting using JWT token:

HTTP/1.1 401 Unauthorized, look at the screenshot.

https://drive.google.com/file/d/0Bz3I0eM2ELLWaVpHZEtkYUVDV0E/edit?usp=sharing

but when I connect using username and password, the service works fine for me and gives back response(screenshot for the same)

https://drive.google.com/file/d/0Bz3I0eM2ELLWSHdWTW5UaEdPY0E/edit?usp=sharing

using UI Accelerator app i was not able to validate the token so i was trying the SOAPUI to debug the issue. but it didn't workout for me.

I am stuck at this point only. :(

Posted by apoorv Jain on September 12, 2014 at 02:07 AM PDT #

It should work. To triage how did you obtain the JWT token ? Have you confirmed that the service is configured to support JWT, what the WSM policy defined for it ?
The details of the configuration can be found here:
http://docs.oracle.com/cd/E28280_01/web.1111/b32511/setup_config.htm#A6760813

So first confirm that the service has "wss11_saml_or_username_token_with_message_protection_service_policy" policy defined for it.

--
Jani Rautiainen
Fusion Applications Developer Relations
https://blogs.oracle.com/fadevrel/

Posted by Jani Rautiainen on September 12, 2014 at 02:50 AM PDT #

I tried everything, including what you mention in last comment, but its not working for me....this is very discouraging :(

Posted by apoorv Jain on September 15, 2014 at 05:33 AM PDT #

Unfortunately without access to your environment it is difficult to know why its not working, it is known to work in other environments. You may want to contact support for resolving this.
--
Jani Rautiainen
Fusion Applications Developer Relations
https://blogs.oracle.com/fadevrel/

Posted by Jani Rautiainen on September 18, 2014 at 02:18 AM PDT #

Hi,

I am trying to execute the createsimpleinvoice webservice from soapui, but I am getting following error. Please let me know if I am doing something wrong.

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
<env:Fault>
<faultcode>env:Server</faultcode>
<faultstring>JBO-25058: Definition TransactionLineFLEX__viewlink_result__ of type Attribute is not found in InvoiceVO_InvoiceLine_InvoiceVOToInvoiceLineVO_InvoiceLineVO.</faultstring>
<detail>
<tns:ServiceErrorMessage xmlns:tns="http://xmlns.oracle.com/adf/svc/errors/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tns:code>25058</tns:code>
<tns:message>JBO-25058: Definition TransactionLineFLEX__viewlink_result__ of type Attribute is not found in InvoiceVO_InvoiceLine_InvoiceVOToInvoiceLineVO_InvoiceLineVO.</tns:message>
<tns:severity>SEVERITY_ERROR</tns:severity>
<ns1:sdoObject xsi:type="ns2:Invoice" xmlns:ns2="http://xmlns.oracle.com/apps/financials/receivables/transactions/invoices/invoiceService/" xmlns:ns1="http://xmlns.oracle.com/adf/svc/errors/" xmlns:ns14="http://xmlns.oracle.com/apps/financials/receivables/transactions/shared/model/flex/TransactionHeaderGdf/" xmlns:ns0="http://xmlns.oracle.com/adf/svc/types/" xmlns:ns12="http://xmlns.oracle.com/apps/financials/receivables/transactions/shared/model/flex/TransactionHeaderDff/" xmlns:ns13="http://xmlns.oracle.com/apps/financials/receivables/transactions/shared/model/flex/TransactionInterfaceHeaderDff/">
<ns2:BusinessUnit>JG US Business Unit</ns2:BusinessUnit>
<ns2:TransactionSource>JG-US-JOSS</ns2:TransactionSource>
<ns2:TransactionType>Jade US Invoice</ns2:TransactionType>
<ns2:TrxNumber>100</ns2:TrxNumber>
<ns2:TrxDate>2015-02-12</ns2:TrxDate>
<ns2:GlDate>2015-02-12</ns2:GlDate>
<ns2:BillToCustomerName>Riverbed</ns2:BillToCustomerName>
<ns2:BillToAccountNumber>JG-ACCT-20141120-86</ns2:BillToAccountNumber>
<ns2:PaymentTermsName>NET 30</ns2:PaymentTermsName>
<ns2:InvoiceCurrencyCode>USD</ns2:InvoiceCurrencyCode>
<ns2:InvoiceLine xmlns:ns11="http://xmlns.oracle.com/apps/financials/receivables/transactions/shared/model/flex/TransactionLineDff/">
<ns2:LineNumber>1</ns2:LineNumber>
<ns2:MemoLineName>Consulting Service</ns2:MemoLineName>
<ns2:Description>Test Line</ns2:Description>
<ns2:Quantity unitCode="1"/>
<ns2:UnitSellingPrice currencyCode="USD"/>
<ns2:TransactionLineFLEX>
<ns11:CustomerTrxLineId>1</ns11:CustomerTrxLineId>
<ns11:__FLEX_Context>JOSS_TRX_FF</ns11:__FLEX_Context>
<ns11:_FLEX_NumOfSegments>1</ns11:_FLEX_NumOfSegments>
</ns2:TransactionLineFLEX>
</ns2:InvoiceLine>
<ns2:TransactionHeaderFLEX>
<ns12:CustomerTrxId/>
</ns2:TransactionHeaderFLEX>
<ns2:TransactionInterfaceHeaderFLEX>
<ns13:CustomerTrxId/>
</ns2:TransactionInterfaceHeaderFLEX>
<ns2:TransactionHeaderGdf>
<ns14:CustomerTrxId/>
</ns2:TransactionHeaderGdf>
</ns1:sdoObject>
<tns:exceptionClassName>oracle.jbo.NoDefException</tns:exceptionClassName>
</tns:ServiceErrorMessage>
</detail>
</env:Fault>
</env:Body>
</env:Envelope>

Posted by guest on March 11, 2015 at 10:46 PM PDT #

I could not find any similar issues, so not sure why its failing. You may need to contact support and have a bug created. To triage you could try excluding the flex fields from the envelope and the invoice line also to narrow the issue.
--
Jani Rautiainen
Fusion Applications Developer Relations
https://blogs.oracle.com/fadevrel/

Posted by Jani Rautiainen on March 12, 2015 at 04:56 AM PDT #

This soapUI setup is not working for me. I am getting bellow error as response. Anything missed from my side?
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
<env:Fault xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>ns0:FailedCheck</faultcode>
<faultstring>FailedCheck : failure in security check</faultstring>
<faultactor/>
</env:Fault>
</env:Body>
</env:Envelope>

Posted by guest on September 23, 2016 at 06:29 AM PDT #

The error given is quite generic and does not tell exactly why it failed. If you have access to server logs you could check those for more details. The cause could be anything from the server system clock being incorrectly set to simply passing wrong username / credential.
To triage you would want to to double check that the values that you are using are correct; username and password valid and the timestamp is generated just before the call is made (there is a system specific configuration that controls the TTL so try using some smaller value like 30 seconds). Also check the policy supported by the service from the WSDL the above only works with SSL based policies it does not work with message protection. For latter see this A-team article:
http://www.ateam-oracle.com/using-soapui-for-secure-asynchronous-web-service-invocations-in-fusion-applications/

--
Jani Rautiainen
Fusion Applications Developer Relations

Posted by guest on September 27, 2016 at 02:04 AM PDT #

Hi,

I did the steps as described in order to invoke PurchaseOrderService of procurement cloud. I get mapping related errors, after resolving them I get "access denied" Oracle.wsm.security.WSFunctionPermission

Posted by guest on January 18, 2017 at 07:07 AM PST #

Oracle.wsm.security.WSFunctionPermission means that the user you authenticated with does not have the required access to invoke the service.
Security reference guides are available through this site:
http://www.oracle.com/webfolder/technetwork/docs/HTML/oer-redirect.html
--
Jani Rautiainen
Fusion Applications Developer Relations

Posted by Jani Rautiainen on January 18, 2017 at 09:37 AM PST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Follow us on twitter Fusion Applications Extensibility, Customizations and Integration forum Fusion Applications Dev Relations YouTube Channel
This blog offers news, tips and information for developers building extensions, customizations and integrations for Oracle Fusion Applications.

Search


Categories
Archives
« March 2017
SunMonTueWedThuFriSat
   
2
3
4
5
8
9
11
12
13
14
16
17
18
19
21
22
23
24
25
26
27
28
29
30
31
 
       
Today