Thursday Dec 03, 2015

Support of multiple e-mail addresses for a single user or role

In Oracle EBS 12.0 and 12.1 the Workflow notification system was not enabled to send e-mail notifications to users or roles who happened to have multiple e-mail addresses associated to them. For instance, if user JDOE had two e-mail addresses ( and only one of them could be associated to the user for the Workflow notification mailer to send any e-mail notifications.

This limitation has been lifted in EBS 12.2.5 and now both users and roles can define multiple e-mail addresses as needed. This means that still a notification is intended for one recipient but the same notification will be sent to all associated e-mail addresses.

Note: The limit size of the table column holding the list of e-mail addresses is 320 so bear this limitation in mind. This should not be an issue as it is not common to see a single user with as many e-mail addresses so as to pass this limit. Consider the use of a role and multiple users associated to that role if this limit is still an issue.

Defining multiple e-mail addresses for a user or role

  • If the target role is an FND user then this setting takes place in the corresponding user definition form:

  • If the target is an ad-hoc role or ad-hoc user the assignment takes place when the user or role is being created. For instance:
     WF_DIRECTORY.CreateAdHocUser(name => 'ADHOC-USER',
                                  display_name => 'ADHOC-USER',
                                  notification_preference => 'MAILHTML',
                                  email_address => ',',
                                  expiration_date => SYSDATE+1);
  • If the user or role is created from code, the setting will look like:
       l_params wf_parameter_list_t;
       WF_EVENT.AddParameterToList('USER_NAME', 'JDOE', l_params);
       WF_EVENT.AddParameterToList('MAIL', ',', l_params);
       WF_LOCAL_SYNCH.propagate_user(p_orig_system => 'FND_USR',
                                     p_orig_system_id => 123435,
                                     p_attributes => l_params);

Notification action history

When the Notification Mailer receives the e-mail response the from e-mail address is compared against the list of addresses corresponding to the target of the notification recipient. If there is a match the responder is set to the value of the recipient. If no matches are found then one of two actions will happen:

  • If the Notification Mailer Parameter Allow Forwarded Response is set to Yes the responder of the notification is set to the value of the from e-mail address, or
  • If not, such e-mail response is treated as an unsolicited e-mail: the notification is not processed and a message is sent to the sender indicating so.

What happens with invalid addresses? 

In the event that a user or role was created using invalid e-mail addresses - subsequently causing the SMTP server to fail to deliver e-mail to them - the following takes place: 

  • If the notification is successfully delivered to at least one e-mail address mail status of the notification is set to SENT and the invalid addresses are added to the in-memory list of invalid addresses so that they are not attempted further on.
  • If all of them are invalid the notification mail status is set to FAILED and the user/role notification preference is set to DISABLED

In both cases a notification is sent to the user SYSADMIN indicating that a user/role contains invalid addresses and require fix.

Friday May 29, 2015

Increase throughput of your Workflow Mailers

The Workflow Notification Mailer is a component running on the Workflow Mailer GSM Service (also known as container). This service can host multiple instances of the Workflow Notification Mailer so that the load of sending and receiving e-mails can be shared, improving the overall performance. This is specially true as more and more applications moved from PLSQL-based notifications, that pretty much only required access to the database, to HTML/Framework-based notifications that also require access to the application server to retrieve the content of these good-looking notifications. 

Note: to learn more about Generic Service Management click here.

Creating a new component for the mailer allows the following:

  • Increase the number of processes for inbound and outbound processors - although this can also achieved simply by increasing the number of processors in the existing Notification Mailer 
  • Use a different SMTP account to process outbound messages and/or a different IMAP account for inbound processing
  • Specify a different correlation ID to dedicate message processing to a specific item type
  • Specify a user, responsibility and application different from the default one (SYSADMIN). This is typically done when specific profile values need to be applied for the applications user that the mailer will use to retrieve its content.

Creating another Notification Mailer component

 By creating a new Container a whole new set of components will be added to exclusively manage the components (mailers) and this way provide more scalability. The diagram below depicts what a Component Container is composed by.


 To create a new component follow this simple steps:

  • Connect to Oracle Apps with the responsibility Workflow Administrator Web Applications
  • Navigate to Oracle Applications Manager -> Workflow Manager
  • Click on Notification Mailer. Then click on the Create button on the top right part of the page
  • Select the Workflow Mailer service and hit Continue
  • Key in the corresponding parameter values for this new Notification Mailer.
  • Use the Advanced option to specify the Correlation Id and other parameters. The Inbound Agent is always WF_NOTIFICATION_IN while the Outbound Agent is WF_NOTIFICATION_OUT.

Creating a new Workflow Mailer service

A new Workflow Mailer component still has a limitation: the connection to retrieve HTML/Framework content is synchronized and this means that only one Java thread can retrieve the content at a time. Of course, this retrieval happens very fast, but still there is the chance of a bottle neck when the number of this kind of notifications is very high. 

To increase the performance in this scenario a new Workflow Mailer service is the solution, and it can be done as follows:

  • Connect to Oracle Apps with the responsibility Workflow Administrator Web Applications
  • Navigate to Oracle Applications Manager -> Workflow Manager
  • Under column Container, click on Workflow Mailer Service and hit the Create New button
  • Enter the names desired for the new service. The image below provides an example
  • Use the button Add from Available Shits to indicate the availability of this new service. Use the one called Active 24 hours every day.

  • Save the changes

Now new Workflow Notification component can be created with the steps given earlier, but instead of using service Workflow Mailer, use New Workflow Mailer with the desired parameter values.

Tuesday Nov 11, 2014

Scheduling Workflow Mailer Stop and Start events as good practice

The Workflow Notification Mailer runs on the generic service called Workflow Mailer Service, which in turn uses the Standard workshift, active 24 hours every day. This means the notification mailer runs non-stop.

 Not allowing the mailer to restart periodically may present some issues:

  • The corresponding log file corresponding to the Workflow Mailer Service will grow several gigabytes large and eventually the OS will error due to I/O file handling.
  • Some SMTP servers and IMAP servers used for outbound and inbound processing respectively, have time limits to the sessions connected to them. If the mailer reaches those time limits it will encounter a connection error and will be abnormally brought down.
  • Similarly the same might happen to the session the mailer establishes to retrieve HTML and framework content from the application server. This is less likely though but it has been seen.
  • The size of the INBOX folder in the IMAP server won't get expunged as long as the mailer does not refreshes the session. For a purged INBOX folder it takes the mailer to restart - and for parameter Expunge Inbox on Close to be set to Yes.

In order for the issues above to be minimized, a good practice is to schedule the Mailer to automatically go down and start up periodically, daily preferably. This can be done by using the event schedule feature provided in the Workflow Mailer configuration. This can be done as follows:

First, connect to EBS using the responsibility Workflow Administrator Web Applications and go to Workflow Manager

Then edit the Notification Mailer configuration. Continue going through the train stages until you reach the Schedule Events stage:

Use the corresponding link/button to create two events, one for stopping the mailer and one for starting it up:

In the screen shot above the stopping event is set to happen at 11:50 PM and the starting event at 11:55 PM, and these are set to repeat every using 1440 minutes as the interval. If no interval value is specified the stop/start events are raised just once.

Tuesday Nov 13, 2012

Using GMail's SMTP and IMAP servers in Notification Mailer


GMail offers free, reliable, popular SMTP and IMAP services, because of which many people are interested to use it. GMail can be used when there are no in-house SMTP/IMAP servers for testing or debugging purposes. This blog explains how to install GMail SSL certificate in Concurrent Tier, testing the connection using a standalone program, running Mailer diagnostics and configuring GMail IMAP and SMTP servers for Workflow Notification Mailer Inbound and Outbound connections.

GMail servers configuration

SMTP server

Host Name
SSL Port  465
TLS/SSL required  Yes
User Name  Your full email address (including or
Password  Your gmail password

 IMAP server

 Host Name
 SSL Port
TLS/SSL Required
 User Name
 Your full email address (including or
 Password Your gmail password

GMail SSL Certificate Installation

The following is the procedure to install the GMail SSL certificate

  • Copy the below GMail SSL certificate in to a file eg: gmail.cer


  • Install the SSL certificate into the default JRE location or any other location using below command
  • Installing into a dfeault JRE location in EBS instance
        # keytool -import -trustcacerts -keystore $AF_JRE_TOP/lib/security/cacerts  -storepass changeit -alias gmail-lnx_chainnedcert -file gmail.cer
  • Install into a custom location

        # keytool -import -trustcacerts -keystore <customLocation>  -storepass changeit -alias gmail-lnx_chainnedcert -file gmail.cer
       <customLocation> -- directory in instance where the certificate need to be installed

  • After running the above command you can see the following response

        Trust this certificate? [no]:  yes
        Certificate was added to keystore

Running Mailer Command Line Diagnostics

  • Run Mailer command line diagnostics from conccurrent tier where Mailer is running, to check the IMAP connection using the below command

$AFJVAPRG -classpath $AF_CLASSPATH -Dprotocol=imap -Ddbcfile=$FND_SECURE/$TWO_TASK.dbc -Dport=993 -Dssl=Y -Dtruststore=$AF_JRE_TOP/lib/security/cacerts -Daccount=<gmail username> -Dpassword=<password> -Dconnect_timeout=120 -Ddebug=Y -Dlogfile=GmailImapTest.log -DdebugMailSession=Y

  • Run Mailer command line diagnostics from concurrent tier where Mailer is running, to check the SMTP connection using the below command 

 $AFJVAPRG -classpath $AF_CLASSPATH -Dprotocol=smtp -Ddbcfile=$FND_SECURE/$TWO_TASK.dbc -Dport=465 -Dssl=Y -Dtruststore=$AF_JRE_TOP/lib/security/cacerts -Daccount=<gmail username> -Dpassword=<password> -Dconnect_timeout=120 -Ddebug=Y -Dlogfile=GmailSmtpTest.log -DdebugMailSession=Y

Standalone program to verify the IMAP connection

Run the below standalone program from the concurrent tier node where Mailer is running to verify the connection with GMail IMAP server. It connects to the GMail IMAP server with the given GMail user name and password and lists all the folders that exist in that account. If the GMail IMAP server is not working for the  Mailer check whether the PROCESSED and DISCARD folders exist for the GMail account, if not create manually by logging into GMail account.

Sample program to test GMail IMAP connection

 The standalone program can be run as below

 $java GmailIMAPTest GMailUsername GMailUserPassword           

Standalone program to verify the SMTP connection

Run the below standalone program from the concurrent tier node where Mailer is running to verify the connection with GMail SMTP server. It connects to the GMail SMTP server by authenticating with the given user name and password  and sends a test email message to the give recipient user email address.

Sample program to test GMail SMTP connection

The standalone program can be run as below

 $java GmailSMTPTest GMailUsername GMailPassword recipientEmailAddress   


  • As is an external domain, the Mailer concurrent tier should allow the connection with GMail server
  • Please keep in mind when using it for corporate facilities, that the e-mail data would be stored outside the corporate network

Tuesday Apr 17, 2012

SMTP Authentication Feature in R12.1.3


Oracle E-Business Suite Workflow Notification Mailer leverages the functionality of SMTP and IMAP services to send and receive notification and alert emails respectively. Until E-Business Suite Release 12.1.3, Workflow Notification Mailer supports authentication for only IMAP server connections. Starting Release 12.1.3, Workflow Notification Mailer supports authentication for SMTP servers.

Main reasons to support authentication for SMTP servers are,

  1. An attacker could hijack the SMTP connection either pretending the server does not support the Authentication extension or causing all AUTH commands to fail.
  2. A SMTP server accessible over public domain could be misused by spammers to hide their identify and send spam e-mails.

How to configure

  • Go to Workflow Manager Screen and navigate to Workflow Notification Mailer page.
  • Edit the Workflow Mailer configuration, update "SMTP user" and "SMTP Password" parameters, SAVE and bounce the Workflow Service Container.

Authentication Mechanisms

    Workflow Mailer supports PLAIN, LOGIN and CRAM-MD5 mechanisms with JavaMail version 1.4.

How to check

On a non-SSL enabled SMTP server, it can be checked easily: 

$ - telnet 25
Connected to (
Escape character is '^]'.
220 ESMTP Sendmail 8.13.8/8.13.8; Tue, 17 Apr 2012 10:11:36 -0400
EHLO Hello [], pleased to meet you
250 HELP


This blog is dedicated to bring latest information on Oracle Workflow new features, best practices, troubleshooting techniques and important fixes directly from it's Development Team.


« February 2016