X

Antony Reynolds' Blog

Verifying White Listing for Oracle Integration Platform

Antony Reynolds
Senior Director Integration Strategy

Verifying Your White List is Working

A lot of customers require all outbound connections from systems to be validated against a whitelist.  This article explains the different types of whitelist that might be applied and why they are important to Oracle Integration Cloud (OIC).  Whitelisting means that if a system is not specifically enabled then its internet access is blocked.

The Need

If your company requires systems to be whitelisted then you need to consider the following use cases:

  • Agent Requires Access to Integration Cloud
  • On-Premise Systems Initiating Integration Flows
  • On-Premise Systems Raising Events

In all the above cases we need to be able to make a call to Integration Cloud through the firewall which may require whitelisting.

Types of Whitelisting

Typically there are two components involved in whitelisting: the source system and the target system.  In our case the target system will be Oracle Integration Cloud, and if using OAuth then the Identity Cloud Service (IDCS) as well.  The source system will be either the OIC connectivity agent, or a source system initiating integration flows, possibly via an event mechanism.

Whitelisting Patterns
  Source Whitelisted Target Whitelisted
Target Only No Yes
Source & Target Yes Yes
Source Only No No

Only the first two are usually seen, the third is included for completeness but I have not seen it in the wild.

Information Required

When providing information to the network group to enable the whitelisting you may be asked to provide IP addresses of the systems being used.  You can obtain these by using the nslookup command.

> nslookup myenv-mytenancy.integration.ocp.oraclecloud.com
Server:		123.45.12.34
Address:	123.45.12.34#53

Non-authoritative answer:
myenv-mytenancy.integration.ocp.oraclecloud.com	canonical name = 123456789ABCDEF.integration.ocp.oraclecloud.com.
Name:	123456789ABCDEF.integration.ocp.oraclecloud.com
Address: 123.123.123.123

You will certainly need to lookup your OIC instance hostname.  You may also need your IDCS instance which is the URL you get when logging on.

Testing Access

Once the whitelist is enabled we can test it by using the curl command from the machine from which we require whitelist access.

> curl -i -u 'my_user@mycompany.com:MyP@ssw0rd' https://myenv-mytenancy.integration.ocp.oraclecloud.com/icsapis/v2/integrations
HTTP/1.1 200 OK
Date: Sun, 23 Sep 2018 23:19:44 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-ORACLE-DMS-ECID: 1234567890abcdef
X-ORACLE-DMS-RID: 0
Set-Cookie: iscs_auth=0123456789abcdef; path=/; HttpOnly

...

The -i flag is used to show the header of the response, if there is an error this flag will enable you to see the HTTP error code.

The -u glag is used to provide credentials.

In the example above we have listed all the integrations that are in the instance.  If you don't see the list of integrations then something is wrong.  Common problems are:

  • Wrong URL
  • Wrong username/password - pass them using single quotes to prevent interpretation of special characters by the shell.
  • Access denied due to whitelist not enabled - depending on the environment this may show as a timeout or an error from a proxy server.

Summary

As you can see gathering the information for whitelisting and then testing that it is correctly enabled are straightforward and don't require advanced networking skills.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.