Securing E-Business Suite Web Services with Integrated SOA Gateway

The Oracle E-Business Suite Integrated SOA Gateway service-enables Oracle E-Business Suite public APIs for Service Oriented Architecture.  This feature was released in Oracle E-Business Suite Release 12.1.1. 

One of the most common questions that Oracle E-Business Suite developers have is, "How do you secure E-Business Suite web services?"  Generally, web service security consists of authentication, message integrity and confidentiality.  I'll discuss the authentication aspect of web service security in this article.
The WS-Security specification describes enhancements to SOAP that increase the protection and confidentiality of messages. It provides this protection by defining mechanisms for associating tokens with Simple Object Access Protocol (SOAP) messages.

AuthenticationType.jpg
To secure and authenticate Oracle E-Business Suite web service operations, the E-Business Suite Integrated SOA Gateway supports Username Token-based WS-Security.  In addition, it supports SAML Token (Sender Vouches) based security in Oracle E-Business Suite 12.1.3 and higher.

An Oracle E-Business Suite Integration Repository administrator can select the appropriate authentication type for each Web service-enabled interface.  The authentication type should be selected before deploying the API as a standard web service.  Integration Repository administrators can grant user access to E-Business Suite web service operations.

Username Token based security
The username token carries basic authentication information.  The username-token element propagates user name and password information to authenticate the message.  The information provided in the token and the trust relationship provides the basis for establishing the identity of the user.

A typical WS-Security header in a SOAP Request looks like this:

wsheader.jpg
When invoking Oracle E-Business Suite Web services through SOA Provider using username token-based security, these security headers should be passed along with the SOAP request. The username/password discussed here in wsse:security is the Oracle E-Business Suite username/password (or the username/password created through the Users window in defining an application user).

SAML Token-based security

SAML security tokens (Sender Vouches) are composed of assertions: one or more statements about a user, such as an authentication or attribute statement.  SAML tokens are attached to SOAP messages by placing assertion elements inside the header. SAML security tokens enable interoperable single-sign-on and federated identity for E-Business Suite Web services.

When invoking Oracle E-Business Suite Web services through SOA Provider using SAML Tokens, the SOAP request should contain a sender-vouches SAML assertion. The Assertion and the Body elements should be digitally signed.  A reference to the certificate used to verify the signature should be provided in the header.  The basis of trust is the Web service Requester's certificate.  The Requester's private key is used to sign both the SAML Assertion and the message Body. The SOA Provider relies on the Web service Requester, who vouches for the contents of the User message and the SAML Assertion.

Your Feedback is Welcome

We're extremely interested in hearing about your use cases and your experiences with our Integrated SOA Gateway.  If you've used this product -- or are evaluating it -- please post a comment here or drop us a line with your thoughts.

References
Related Articles

Comments:

We've succesfully implemented ISG for a set of complex interfaces between EBS 12.1.1 and third party systems. Custom pl/sql programs in EBS were exposed as webservices which are being invoked by the third-party system. While everything is running smoothly, we sometimes get memory errors and the Webservice invocation by the third-party system fails with Java heap space errors. Bouncing the oafm fixes the issue. Any idea why this would happen?

Also what is the maximum SOAP request size when invoking a webservice? How do we calculate the optimum SOAP request size? Any pointers would be highly appreciated.

Posted by Gopal on October 07, 2010 at 05:11 AM PDT #

Hello, Gopal,

I'm sorry to hear that you've encountered an issue with this.

We can provide general conceptual guidance here, but I'm afraid that this blog isn't the best place to get technical support for specific issues like the one that you're working through.

Your best bet would be to log a formal Service Request via My Oracle Support (formerly Metalink) to get one of our specialists engaged.

Please feel free to forward your Service Request number to me if it gets stuck in the support process for some reason.

Regards,
Steven

Posted by Steven Chan on October 11, 2010 at 03:12 AM PDT #

Hi,

While using the username token-based security, in the SOAP headers the username and password is passed in clear text or in encrypted format ?

Regards,

Makarand

Posted by guest on August 11, 2011 at 03:54 AM PDT #

Hi Makarand,

They are passed in clear text. However, if you have set up SSL, then the whole message is encrypted. I don't believe there is any way to encrypt the password unless you handle authentication yourself.

If you use SAML authentication, I believe then the credentials are encrypted.

Posted by Ara on August 11, 2011 at 08:27 AM PDT #

Related comment about security: We discovered a bug in SOA Gateway having to do with grants. If you update your interface after assigning grants to it, the existing grants no longer become active, even though they still show up in the Integration Repository and in User Management. Also, if you assign a public grant (i.e., the service is available to any authenticated user), it does not show up in the Integration Repository GUI, although it does show up in User Management. I believe this has been elevated to Development. The workaround is to drop the grants and reassign them when you update your interface.

An underlying question, however, is this: If the interface gets updated, should the old version of the interface remain active (or, even better, is there a way for the administrator to choose)? Public interfaces are very touchy subjects. Once they are published, people expect them to remain available "forever". Providing a way of smoothly transitioning from one version to the other would be very valuable functionality.

Posted by Ara on August 11, 2011 at 08:35 AM PDT #

Not, by the way, that I'm complaining. I think the Integrated SOA Gateway is a very nifty feature of EBS R12.

Posted by Ara on August 11, 2011 at 08:36 AM PDT #

Hi Makarand,

Oracle E-Business Suite Integrated SOA Gateway supports Username Token based security with Username & Password in plain text format (password type http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText) in SOAP headers.

Regards,
Rekha

Posted by guest on August 11, 2011 at 08:17 PM PDT #

Hi Ara,

I am sorry to hear about the issue you mentioned. Please forward me the Service Request number.

Regarding your query on retaining older version of interface in active state: as of now, we do not have an ability to retain older version of interface. So, when you upload an updated interface, it overwrites existing older version of interface in Integration Repository.

I have noted the above requirement. To track your requirement, you may file Service Request in My Oracle Support.

Thanks,
Rekha

Posted by Rekha Ayothi on August 16, 2011 at 04:23 AM PDT #

Hi,

I need to get soa header on plsql. Is there ann way to getting soa header on plsql WS.

Thanks,
Murat.

Posted by Murat on November 17, 2011 at 06:57 AM PST #

Hi Murat,

SOA Header is SOAP Header defined for web services provided by Integrated SOA Gateway. It is defined by SOA Provider while generating the web service artifacts for the PLSQL API or other web service enabled interfaces. Integration Repository Administrator need not perform any additional step to get SOA Header as part of E-Business Suite Web service request definition.

The values passed for SOA Header elements will be used to set application context, and these values depend on the respective API; you may have to refer the respective product documentation for the same.

Thanks,
Rekha

Posted by guest on November 17, 2011 at 07:17 PM PST #

Hi Rekha,

Thanks for your response. I will develop a custom Web Service. I need additional security fields(such as hash or token) on WS. Thats why, I ask how can I get SOA Header . I will add hash parameter to WS. Thanks again.

Best regards,
Murat

Posted by guest on November 21, 2011 at 07:33 AM PST #

Hi Steven

Do you know if there is anyway to create a custom interface in the Integrated SOA repository that calls a procedure that has a ref_cursor as an out variable? I have hunted high and low but all examples seem to include simple data types such as varchar2 or number. I would like to create an web service published in the integration repository that would return a multi row data set from a select statement.

I can see solutions that use the Oracle SOA suite connecting to the database via a JCA connection but ideally would like all web services to be delivered by the Integration Repository.

Thanks in advance

Matt

Posted by guest on May 15, 2012 at 07:42 AM PDT #

Hi Matt,

I believe it may be possible. Just follow the usual steps. When you generate the WSDL in the Integrated Repository, SOA Gateway should map the REF_CURSOR to an array (in XML format). However, this is risky, because if the result set is very large, the response could take a very long time, eat up a lot of memory, etc.

Posted by guest on May 15, 2012 at 11:18 AM PDT #

Hi, I am trying to create a BPEL service and call ISG service but i get an error(SSL Handshake) as soon as i refer the wsdl.

Under Integrated SOA Gateway responsibility I generated and deployed the wsdl and then trying to use the wsdl as a partner link in BPEL process.

Posted by Rajesh on August 21, 2012 at 06:13 PM PDT #

Hi, Rajesh,

I'm sorry to hear that you've encountered an issue with this.

We can provide general conceptual guidance here, but I'm afraid that this blog isn't the best place to get technical support for specific issues like the one that you're working through.

Your best bet would be to log a formal Service Request via My Oracle Support (formerly Metalink) to get one of our specialists engaged.

Please feel free to forward your Service Request number to either Rekha or I if it gets stuck in the support process for some reason.

Regards,
Steven

Posted by Steven Chan on August 22, 2012 at 03:23 PM PDT #

I am trying use SAML token from BPEL process to access ISG web service. The Oracle note 1144313.1 provides a clear direction on how to call from a SOAP UI using saml. However, I am following http://biemond.blogspot.com/2011/08/do-saml-with-owsm.html trying to create OWSM assertion. Is there a better documentation which specifies how to connect to ISG from BPEL or OSB using SAML?

Posted by Sarathy Iyer on October 28, 2012 at 10:08 PM PDT #

Hi Sarathy,

Thanks for your inquiry. My Oracle Support Knowledge Document 1144313.1 provides the steps to test ISG web service deployed with SAML token policy from SoapUI and JAX-WS Client. Unfortunately, the steps to invoke ISG web service using SAML token from BPEL is not yet covered in ISG documentation. I have noted your request, you are welcome to monitor or subscribe to this blog for updates.

Meanwhile, you may refer following links from Oracle SOA Suite & Oracle Web Services Manager.
- Attaching security policy, Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite 11g Release 1 (11.1.1.6.1)
http://docs.oracle.com/cd/E25178_01/dev.1111/e10224/sca_policy.htm

- Adding assertion to policy, Oracle Fusion Middleware Security and Administrator's Guide for Web Services 11g Release 1 (11.1.1.6)
http://docs.oracle.com/cd/E23943_01/web.1111/b32511/creating_policies.htm#CIHDGGHA

Please note - The above documents provide general guidance for web service security in SOA composites.

Thanks,
Rekha

Posted by Rekha Ayothi on November 01, 2012 at 03:19 AM PDT #

Hi

How can we implement SAML ans SSO with R12. We want to implement that when users click link in other applications they will be redirected to R12.

Can SAML alone handle this OR do we need to have all the applications in OID/SSO.

Thanks
Sree

Posted by sreekumar on December 10, 2012 at 11:57 PM PST #

Hi Sree,

Thank you for the inquiry. I am not sure I understand your query - 'Can SAML alone handle this OR do we need to have all the applications in OID/SSO'. I will reach you directly to understand your query.

Meanwhile, here are few pointers to SSO and SAML configurations:
- Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate [MOS Note: 1484024.1]

- Setting Up SAML Token Security for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3 [MOS Note: 1144313.1]

Thanks,
Rekha

Posted by Rekha Ayothi on December 13, 2012 at 02:44 AM PST #

Hi
I have published custom pl/sql package as web service. Generation of WSDL and deployment went successful, but when we invoke any operation using SOAP UI we get following error message. We are facing this issue even to call any seeded web service from the SOA integrated repository.
Below example is when invoking HZ_PARTY_V2PUB.Update_Person opreation.

SOAPUI_LOG
------------
Mon Dec 17 02:01:50 EST 2012:ERROR:Exception in request: javax.net.ssl.SSLException: Received fatal alert: illegal_parameter
Mon Dec 17 02:01:50 EST 2012:ERROR:An error occured [Received fatal alert: illegal_parameter], see error log for details
Mon Dec 17 02:01:50 EST 2012:INFO:Error getting response for [HZ_PARTY_V2PUB_Binding.UPDATE_PERSON:Request 1]; javax.net.ssl.SSLException: Received fatal alert: illegal_parameter

Error.log
-------------
Mon Dec 17 02:01:50 EST 2012:ERROR:javax.net.ssl.SSLException: Received fatal alert: illegal_parameter
javax.net.ssl.SSLException: Received fatal alert: illegal_parameter
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.write(Unknown Source)
at java.io.FilterOutputStream.write(Unknown Source)
at org.apache.commons.httpclient.WireLogOutputStream.write(WireLogOutputStream.java:86)
at org.apache.commons.httpclient.methods.ByteArrayRequestEntity.writeRequest(ByteArrayRequestEntity.java:90)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
at com.eviware.soapui.impl.wsdl.submit.transports.http.support.methods.ExtendedPostMethod.writeRequest(ExtendedPostMethod.java:107)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:187)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:122)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Posted by Bharat Jain on December 16, 2012 at 11:34 PM PST #

Hi Bharat,

I am sorry to hear that you are facing this issue. Please log service request in My Oracle Support, one of our Support Engineers will help you.

Thanks,
Rekha

Posted by Rekha Ayothi on December 17, 2012 at 01:18 AM PST #

Rekha

I have opened the SR 3-6562514831. In meanwhile, i'm wondering if anyone can share there thoughts on this issue.

Appreciate your help in advance.

Thanks, Bharat Jain

Posted by Bharat Jain on December 17, 2012 at 06:53 AM PST #

Hi

Our client is having existing and applications and LDAP.

We are imlementing R12 EBS. Client wants to integrate R12 with existing applications using SAML 2.0 (without using OID/SSO).

Thanks in advance.
Sree

Posted by sreekumar on January 08, 2013 at 10:36 PM PST #

Hi Sree

Have you able to implement R12 with existing applications using SAML 2.0? If so, could you please share your implemention steps.

Posted by guest on May 01, 2013 at 07:58 AM PDT #

Dear Guest,

Recently, we published a blog article on SAML support in EBS Integrated SOA Gateway (ISG): https://blogs.oracle.com/stevenChan/entry/saml_based_authentication_for_web

Please refer the same for links to SAML configuration. Also, as of 12.1.3, ISG supports SAML Sender Vouches as per SAML 1.0 (http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf) for inbound web services.

Thanks,
Rekha

Posted by Rekha Ayothi on May 01, 2013 at 11:54 PM PDT #

Hi Rekha,

I seek your help in getting information on below requirement.

1. We want to invoke external webservice (.net product) to get xml data from Oracle EBiz -R12

How to achieve this from Oracle E-BIZ. User will give request from EBIZ which in- turn access webservice and get xml data based on parameter value passing from oracle e-biz.

Can you please share some idea to achieve this.

Thanks in Advance.

Posted by Raj on May 02, 2013 at 12:13 PM PDT #

Hi Raj,

One of the components of Integrated SOA Gateway is Service Invocation Framework (SIF). Using SIF, you can invoke external web service from EBS. For details, refer Chapter 9 of Oracle E-Business Suite Implementation Guide (http://docs.oracle.com/cd/B53825_08/current/acrobat/121isgig.pdf ) and, Chapter 11 of Oracle E-Business Suite Integrated SOA Gateway Developer Guide (http://docs.oracle.com/cd/B53825_08/current/acrobat/121isgdg.zip ).

If you have any specific requirements on web service, feel free to drop me an email.

Thanks,
Rekha

Posted by Rekha Ayothi on May 03, 2013 at 02:27 AM PDT #

Hi Rekha,

Thanks for your reply and time.

Can you please share your email id. Moreover, is there any way we can achieve mentioned scenario.

Actually, i tried using webservice proxy client to do that. But we are not sure, whether that will help us. Kindly give some hints on that.

Meanwhile, you share you email id i will send the more detail about our requirement.

Regards,
Raj

Posted by guest on May 05, 2013 at 04:28 AM PDT #

Hi Rekha,

Thanks for your time and help...

Is there any way we can invoke webservice apart from soa gateway.. we heard, we can use Webservice client proxy will fit for our requirement.

Please provide some information on the same. Moreover, kindly share ur email id. So that i will give you the detailed information about our requirement. Looking for your great help.

Regards,
Raj

Posted by Raj on May 05, 2013 at 06:52 AM PDT #

Hi Raj,

If requirement is to invoke an external web service from EBS and consume the response within EBS, Integrated SOA Gateway's Service Invocation Framework is the answer. You may send me your specific use case. My email address is available from this blog, also, you will receive mail if you subscribe to this blog.

Thanks,
Rekha

Posted by Rekha Ayothi on May 06, 2013 at 07:01 AM PDT #

Hi,
I am able to expose custom package as a webservice through ISG. However, in the header which has elements like Responsibility, RespApplication,SecurityGroup,NLSLanguage, Org_id even if i do not pass any value, i am able to get the output.While generating ildt, the command used is $IAS_ORACLE_HOME/perl/bin/perl $FND_TOP/bin/irep_parser.pl -g -v -username=sysadmin ont:/patch/115/sql:annotation_file:12.1=/home/appltst/bin/annotation_file.pls. I am getting output in cases when
1. I don't pass anything in the header
2. I pass correct values but not related to ONT (e.g. related to AR)
3. I pass values related to ONT

How do i restrict getting output only for ONT.(since the service is related to order management )

Posted by Ravali on September 17, 2013 at 08:38 AM PDT #

Hi Ravali,

Responsibility, RespApplication, etc are used to set application context for APIs that require them. However, these are optional elements as not all APIs depend on application context.

Please note it is upto the custom package to define or implement application specific validation and such security rules. Hence, if you want your custom package to work only for ONT, or particular set of users, the logic should be implemented in your code. You should implement function security. Refer Oracle E-Business Suite's Developer Guide ( http://docs.oracle.com/cd/B53825_08/current/html/docset.html ) for Function security. At runtime, ISG takes care of setting the context before calling the API.

Thanks,
Rekha

Posted by Rekha Ayothi on September 17, 2013 at 09:26 PM PDT #

Hi,
I don't find Authentication Token option while deploying the "SQL Interface: Work Request Import" form integration repository. Is that could be a installation issue or some configuration needs to be done to enable the Authentication section.

I have created a BPEL process to invoke the Work Request Import service, but its always end up with throwing System fault "oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : AuthorizationFailure : User not authorized to execute service".

Please help me out.
Thanks in advance

Regards
Abhishek

Posted by guest on September 26, 2013 at 12:25 AM PDT #

Hi Abhishek,

If you are in release 12.1.3, Authentication Type section should appear in PL/SQL Interface Detail page. It was introduced when we provided the SAML Token option. Prior releases (12.1.1 & 12.1.2) support Username Token only and hence, Authentication Type option is not available in 12.1.1 & 12.1.2. Not sure, you are in which release.

For error message: verify the username sent in wsse header. The EBS user should have necessary privileges to execute 'work request import' API. And, ensure to create grant from Integration Repository for that user. If you still face the issue, please log a Service Request in My Oracle Support. And, feel free to pass me the SR number.

Thanks,
Rekha

Posted by Rekha Ayothi on September 26, 2013 at 10:42 PM PDT #

Hi Rekha,

Thanks for the reply.

I am using EBS version 12.1.1.

I am using ASADMIN user in the security header, also I am passing the SOAP header details i.e. : ResponsibilityName, ResponsibilityApplName , SecurityGroupName values with the request, but getting the same error. I have also created SR in oracle support SR#3-7818978121. Below are the security header and SOAP header details I am using.

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>ASADMIN</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Pwd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>

<wip:SOAHeader>

<wip:ResponsibilityName>EAM_ASSET_MANAGEMENT</wip:ResponsibilityName>

<wip:ResponsibilityApplName>EAM</wip:ResponsibilityApplName>

<wip:SecurityGroupName>STANDARD</wip:SecurityGroupName>

<wip:NLSLanguage>AMERICAN</wip:NLSLanguage>

</wip:SOAHeader>

Any urgent help is highly appreciated.

Regards
Abhishek

Posted by Abhishek on September 27, 2013 at 09:59 AM PDT #

Hi Rekha,

Thanks for your reply.

I am using EBS release 12.1.1.

Regarding the error.
I am using ASADMIN user in my security header. I already added grant for the user from integration repository. I am also passing the SOA header details i.e. ResponsibilityName = EAM_ASSET_MANAGEMENT , ResponsibilityApplName = EAM & SecurityGroupName = STANDARD, but still getting the same error. my SR No is : SR# 3-7818978121.

Any Urgent help is highly appreciated.

Regards
Abhishek

Posted by Abhishek on September 27, 2013 at 10:06 AM PDT #

Hi Abhishek,

I suspect if ASADMIN user has responsibility 'EAM_ASSET_MANAGEMENT'. Please note that the EBS user should have necessary privileges/ responsibilities to execute the API.

Thanks,
Rekha

Posted by Rekha Ayothi on September 30, 2013 at 01:26 PM PDT #

I have granted 'EAM_ASSET_MANAGEMENT' responsibility to ASADMIN, then tried to execute the web service. Still getting the same error message. Besides that I have granted 'EAM_ASSET_MANAGEMENT' responsibility to 'SYSADMIN' user. In that case also the result is same.

Is there any default responsibility & user available that has privileges to call the web service.

Below is the complete error details I have taken from SOA monitor in as the response of the request.

Error Description User not authorized to execute service.
Error Details

oracle.apps.fnd.soa.util.SOAException: AuthorizationFailure: Error in authorization check. Responsibility Name and Responsibility Application Name are either invalid or not assigned to the user
at oracle.apps.fnd.soa.provider.services.jca.JCAHandler.handleRequest(JCAHandler.java:110)
at oracle.apps.fnd.soa.provider.SOAProvider.processMessage(SOAProvider.java:272)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:956)
at oracle.j2ee.ws.server.WebServiceProcessor$1.run(WebServiceProcessor.java:358)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:355)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessing(ProviderProcessor.java:466)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:114)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:96)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:194)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:713)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:313)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:199)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:619)
oracle.apps.fnd.soa.util.SOAException: InvalidHeader: Responsibility Name and Responsibility Application Name are either invalid or not assigned to the user
at oracle.apps.fnd.soa.provider.services.AuthorizationHandler.authorize(AuthorizationHandler.java:104)
at oracle.apps.fnd.soa.provider.services.jca.JCAHandler.handleRequest(JCAHandler.java:98)
at oracle.apps.fnd.soa.provider.SOAProvider.processMessage(SOAProvider.java:272)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:956)
at oracle.j2ee.ws.server.WebServiceProcessor$1.run(WebServiceProcessor.java:358)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:355)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessing(ProviderProcessor.java:466)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:114)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:96)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:194)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:713)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:313)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:199)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(Serve

Please tell me if I can use some other user to call the web service.

Regards
Abhishek

Posted by Abhishek on October 01, 2013 at 11:57 PM PDT #

Hi Abhishek,

Please note, ISG uses seeded ASADMIN user for secured database connection. I do not recommend to use the same for functional web service requirements.

You should be able to use any EBS user with responsibility/ privilege to execute the EAM API. That is, you can use the EBS User who can perform 'Work Request Import' function in E-Business Suite. If your business & security requirements demand to use different EBS User for backend processing through web service, you would need to know the RESPONSIBILITY KEY to execute the EAM API; and, create EBS user for EAM web service with necessary responsibility.

I am not an EAM expert. Hence, I may not be able to suggest value for RESPONSIBILITY KEY. However, I will pass on your request to EAM team.

Thanks,
Rekha

Posted by Rekha Ayothi on October 10, 2013 at 12:04 PM PDT #

Hi Rekha,
How do i delete a custom web service from Integration Repository? I do not want that entry to be seen when searching for available interfaces.

Thanks for your time,
Ravali

Posted by Ravali on October 29, 2013 at 02:21 PM PDT #

Hi,
I am new using webservice,now only i started using webservices in ISG.I am able to expose custom package as a webservice through ISG. while test that WSDL file in SOAP UI which require Responsibility, RespApplication,SecurityGroup,NLSLanguage, Org_id.I dont know how to solve that problem.I got WSDL URL from ISG which was used USERTOKEN Security and gave to CRM application where that file not read.I dont whether i have to add SOAP HEADER value and how to add SOAP header value in WSDL file.Please help me...... Please give the example WSDL file along with SOAP Header........

I am using below comment to parsing

IAS_ORACLE_HOME/perl/bin/perl $FND_TOP/bin/irep_parser.pl -g -v -username=SYSADMIN \
CUSTOM:patch/115/sql:XXQA_FACTORIAL_PUB.pls:12.0=/home/appsdemo/ISG/XXQA_FACTORIAL_PUB.pls

Thanks,
Sathiya

Posted by guest on December 11, 2013 at 03:00 AM PST #

Hi friends,

Please suggest me how to set Responsibility, RespApplication,SecurityGroup,NLSLanguage, Org_id value set in EBS Application.

EBS WSDL file able to call along with empty value for Responsibility, RespApplication etc...But I got below mentioned error while i invoke EBS WSDL file from SOAPUI tool.

Error Description Error occured while service was processing.
Error Details oracle.apps.fnd.soa.util.SOAException: ServiceProcessingError: Exception returned from JCA Service Runtime. file:/u01/apps/apps/inst/apps/demovis_oraapps/soa/PLSQL/4856/ITERATIVE.wsdl [ ITERATIVE_ptt::ITERATIVE(InputParameters,OutputParameters) ] - WSIF JCA Execute of operation 'ITERATIVE' failed due to: Could not instantiate InteractionSpec oracle.tip.adapter.apps.AppsStoredProcedureInteractionSpec due to: Error while setting JCA WSDL Property. Property setIRepOverloadSeq is not defined for oracle.tip.adapter.apps.AppsStoredProcedureInteractionSpec Please verify the spelling of the property. ; nested exception is: ORABPEL-12532 Error while setting JCA WSDL Property. Property setIRepOverloadSeq is not defined for oracle.tip.adapter.apps.AppsStoredProcedureInteractionSpec Please verify the spelling of the property. ; nested exception is: org.collaxa.thirdparty.apache.wsif.WSIFException: Could not instantiate InteractionSpec oracle.tip.adapter.apps.AppsStoredProcedureInteractionSpec due to: Error while setting JCA WSDL Property. Property setIRepOverloadSeq is not defined for oracle.tip.adapter.apps.AppsStoredProcedureInteractionSpec Please verify the spelling of the property. ; nested exception is: ORABPEL-12532 Error while setting JCA WSDL Property. Property setIRepOverloadSeq is not defined for oracle.tip.adapter.apps.AppsStoredProcedureInteractionSpec Please verify the spelling of the property. at oracle.apps.fnd.soa.provider.services.jca.JCAHandler.invoke(JCAHandler.java:169) at oracle.apps.fnd.soa.provider.services.jca.JCAHandler.handleRequest(JCAHandler.java:113) at oracle.apps.fnd.soa.provider.SOAProvider.processMessage(SOAProvider.java:342) at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:958) at oracle.j2ee.ws.server.WebServiceProcessor$1.run(WebServiceProcessor.java:388) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:396) at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:385) at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessing(ProviderProcessor.java:481) at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:114) at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:96) at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:200) at javax.servlet.http.HttpServlet.service(HttpServlet.java:763) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:734) at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:391) at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:908) at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:458) at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:313) at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:199) at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260) at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:234) at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:29) at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:879) at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303) at java.lang.Thread.run(Thread.java:619) org.collaxa.thirdparty.apache.wsif.WSIFException: file:/u01/apps/apps/inst/apps/demovis_oraapps/soa/PLSQL/4856/ITERATIVE.wsdl [ ITERATIVE_ptt::ITERATIVE(InputParameters,OutputParameters) ] - WSIF JCA Execute of operation 'ITERATIVE' failed due to: Could not instantiate InteractionSpec oracle.tip.adapter.apps.AppsSto

Thanks,
Sathiya

Posted by guest on December 11, 2013 at 08:16 PM PST #

Hi Sathiya,

ISG expects application context related information such as Responsibility, RespApplication in custom SOAP Header called "SOAHeader". The elements within SOAHeader are optional. But, SOAHeader element (at parent level) needs to be present. If you pass appropriate values in SOAHeader, then ISG ensures to initialize the application context before executing the PL/SQL API.

If your custom API does not expect EBS application context to be set before executing the API, then you may just send empty SOAHeader element in SOAP Header.

Also, if you are looking for an ability to set application context within your API, we have public API - FND_GLOBAL.APPS_INITIALIZE for that.

Hope that helps! And, if you are still getting run-time exception, please log formal service request in My Oracle Support, one of our Support Engineers will assist you.

Thanks,
Rekha

Posted by Rekha Ayothi on December 12, 2013 at 05:34 AM PST #

Hi Rekha,

Thanks for replying.I want to know how to upload custom composite BPEL API like that Custom PL/SQL.I got Bpel file from local then i changed Bpel file to annotated format as per document
http://docs.oracle.com/cd/E26401_01/doc.122/e20927/T511473T543283.htm said.I uploaded successfully using command but couldnt see that file in ISG even i couldnt see that composite folder in ISG .I was used below mentioned command to upload

$IAS_ORACLE_HOME/perl/bin/perl $FND_TOP/bin/irep_parser.pl -g \
-v -username=SYSADMIN \
AS:patch/115/bpel:TEST_FACTORIAL_PUB.bpel:12.0=/home/appsdemo/ISG/TEST_FACTORIAL_PUB.bpel

which is correct.Please advice me.

Thanks,
Sathiya

Posted by guest on December 15, 2013 at 08:38 PM PST #

Hi Sathiya,

Please note that custom BPEL Composite can be uploaded to Integration Repository but it cannot be deployed as SOAP web service like custom PL/SQL API.

However, I see you are not able to view custom BPEL composite in Integration Repository. Please log formal Service Request in My Oracle Support, one of our Support Engineers will assist you. And, please forward me the SR number.

Thanks,
Rekha

Posted by Rekha Ayothi on December 16, 2013 at 02:16 AM PST #

Hi Rekha,
I have created PLSQL customAPI in EBS and generated WSDL URL.
When i going to check with this WSDl in SOAPUI it throws ' Responsibility key is not valid'. So kindly send me the screen shot for creating new responsibily name and key in EBS R12.1.3. OR descripe how to test in SOAPUI

Thanks
Govindh

Posted by guest on December 18, 2013 at 09:59 PM PST #

Hi Friends,
I created Custom PL/SQL file and uploaded that file in EBS ISG.As well as generated WSDL file,deployed that WSDL file successfully.Even i tested that WSDL file in SOAP-UI tool successfully with context related information such as Responsibility, RespApplication.When i gave EBS WSDL URL in FUSION CRM Application that file not even read.Please advice me,how to solve this problem.

Thanks,

Sathiya

Posted by guest on December 23, 2013 at 10:16 PM PST #

Hi Govindh,

Happy New Year to you!

Coming to your question, let me try to explain:
The elements in 'SOAHeader' are used to set E-Business Suite application context before executing EBS APIs. These elements are optional. If your custom API does not expect EBS application context to be preset (which I guess is the case), send empty SOAHeader element in SOAP Header.

Coming to the later part:
Now, you may implement EBS function security for your custom application and API. Refer Chapter 4 of Oracle E-Business Suite Security Guide [http://docs.oracle.com/cd/V39571_01/current/acrobat/122ebssc.pdf ] for details (including steps to create new responsibility).
Then, you may initialize application context within custom API using FND_GLOBAL.APPS_INITIALIZE. Again, in this case, your custom API does not expect EBS application context to be preset - send empty SOAHeader element in SOAP Header.

Thanks,
Rekha

Posted by Rekha Ayothi on January 03, 2014 at 01:59 AM PST #

Hi Sathiya,

Please log formal service request in My Oracle Support against Fusion CRM application. One of our Support Engineers will assist you.

Thanks,
Rekha

Posted by Rekha Ayothi on January 03, 2014 at 02:03 AM PST #

Hi,

I understand this is not the right forum to discuss this but i need urgent help here

I need a quick input on whether to leverage the ISG and the integration repository services installing and procurement of SOA Suite (middleware) is compulsory? Cant we leverage the services of ISG (Consuming & Publishing web services) without SOA suite license? Please clarify

Thanks,
Gowri

Posted by Gowri Shankar on February 04, 2014 at 08:45 AM PST #

Hi,
I don't think we need SOA Suite license to use ISG services.

Thanks,
Ravali

Posted by guest on February 04, 2014 at 12:22 PM PST #

Thanks Ravalli for the comment. Even i was under the same understanding. But as per the installation guide of ISG for EBS 12.2, it looks like from EBS 12.2 version it is mandatory to have SOA Suite and link it with EBS to have SOAP enabled services.

I went through the 12.1.x installation guide in metalink and there is nothing mentioned about SOA Suite.

Has it changed from 12.2? Can some one confirm the same.

Posted by Gowri Shankar on February 05, 2014 at 03:42 AM PST #

Hi Gowri & Ravali,

In Oracle E-Business Suite Release 12.2, Integrated SOA Gateway uses Oracle Fusion Middleware components - Oracle SOA Suite and Oracle Applications Adapter (a.k.a. E-Business Suite Adapter) for SOAP based web services.

Please work with your Oracle Sales representative for licensing details.

Thanks,
Rekha

Posted by Rekha Ayothi on February 05, 2014 at 04:21 AM PST #

Thanks Rekha. Leaving the licensing requirements, can we conclude the below,

1) EBS 12.2 - SOA suite is mandatory for leveraging the services from ISG (both publish and consume)?
2) EBS 12.1.x - SOA suite is not mandatory

Posted by Gowri Shankar on February 05, 2014 at 07:02 AM PST #

Hi,

After deploy the WSDL When i'm trying to give grant access to all users in SOA Repository getting bellow error.

"Data does not exist for the HZ_LOCATIONS object with LOCATION_ID=Please verify"

please gide me if any solution to fix the issue.

Posted by guest on April 16, 2014 at 10:33 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
4
5
6
7
8
9
10
11
12
13
14
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today