Thursday Aug 26, 2010

Securing E-Business Suite Web Services with Integrated SOA Gateway

The Oracle E-Business Suite Integrated SOA Gateway service-enables Oracle E-Business Suite public APIs for Service Oriented Architecture.  This feature was released in Oracle E-Business Suite Release 12.1.1. 

One of the most common questions that Oracle E-Business Suite developers have is, "How do you secure E-Business Suite web services?"  Generally, web service security consists of authentication, message integrity and confidentiality.  I'll discuss the authentication aspect of web service security in this article.
The WS-Security specification describes enhancements to SOAP that increase the protection and confidentiality of messages. It provides this protection by defining mechanisms for associating tokens with Simple Object Access Protocol (SOAP) messages.

To secure and authenticate Oracle E-Business Suite web service operations, the E-Business Suite Integrated SOA Gateway supports Username Token-based WS-Security.  In addition, it supports SAML Token (Sender Vouches) based security in Oracle E-Business Suite 12.1.3 and higher.

An Oracle E-Business Suite Integration Repository administrator can select the appropriate authentication type for each Web service-enabled interface.  The authentication type should be selected before deploying the API as a standard web service.  Integration Repository administrators can grant user access to E-Business Suite web service operations.

Username Token based security
The username token carries basic authentication information.  The username-token element propagates user name and password information to authenticate the message.  The information provided in the token and the trust relationship provides the basis for establishing the identity of the user.

A typical WS-Security header in a SOAP Request looks like this:

When invoking Oracle E-Business Suite Web services through SOA Provider using username token-based security, these security headers should be passed along with the SOAP request. The username/password discussed here in wsse:security is the Oracle E-Business Suite username/password (or the username/password created through the Users window in defining an application user).

SAML Token-based security

SAML security tokens (Sender Vouches) are composed of assertions: one or more statements about a user, such as an authentication or attribute statement.  SAML tokens are attached to SOAP messages by placing assertion elements inside the header. SAML security tokens enable interoperable single-sign-on and federated identity for E-Business Suite Web services.

When invoking Oracle E-Business Suite Web services through SOA Provider using SAML Tokens, the SOAP request should contain a sender-vouches SAML assertion. The Assertion and the Body elements should be digitally signed.  A reference to the certificate used to verify the signature should be provided in the header.  The basis of trust is the Web service Requester's certificate.  The Requester's private key is used to sign both the SAML Assertion and the message Body. The SOA Provider relies on the Web service Requester, who vouches for the contents of the User message and the SAML Assertion.

Your Feedback is Welcome

We're extremely interested in hearing about your use cases and your experiences with our Integrated SOA Gateway.  If you've used this product -- or are evaluating it -- please post a comment here or drop us a line with your thoughts.

Related Articles

Friday Feb 12, 2010

Build Custom WebADI Integrators with EBS 12.1.2 Desktop Integration Framework

[Nov. 22, 2010 Update:  Office 2010 (32-Bit) is now certified with the E-Business Suite; see this article for details]

Oracle Web Application Desktop Integrator (Web ADI) is Oracle E-Business Suite's solution for integrating E-Business Suite applications with desktop applications such as Microsoft Excel, Word and Projects.  "Integrators" encapsulate the metadata and other information needed to integrate a particular Oracle E-Business Suite task with a desktop application.

I'm pleased to announce the availability of Oracle E-Business Suite Desktop Integration Framework (DIF), a design time framework that you can use to create custom integrators for Oracle Web ADI in Oracle E-Business Suite Release 12.1.2.

Several Oracle E-Business Suite applications provide seeded integrators out-of-the-box. You can now use the Desktop Integration Framework to define custom integrators for tasks of your own.


Oracle E-Business Suite Desktop Integration Framework provides a graphical user interface which you can use to define integrators and associated supporting objects.  You can reduce development time by using the GUI instead of working directly with the underlying Oracle Web ADI tables and APIs.  This user interface makes it easier to maintain your integrators, too.  The Desktop Integration Framework supports native Oracle Application Framework (OAF) UI widgets like Flex-fields, List Of Values, Pop-lists and Date pickers.

The Desktop Integration Framework allows you to:
  • Create Integrators using a wizard-based user interface
  • Define Integrators to upload data through PL/SQL APIs or directly to tables
  • Define Integrators to download data from text files or using SQL Queries
  • Define data validation rules
  • Embed UI widgets (List of values, Pop lists, Date pickers, Flexfields) in spreadsheets
  • Use the Oracle E-Business Suite Security Model
  • Define layouts and mappings for custom integrators
Your feedback is welcome

We are very interested in hearing about your experiences with this new tool.  Please post your comments here or drop me an email at email.jpg

Wednesday Sep 02, 2009

Critical Rollup Update for E-Business Suite Integrated SOA Gateway Release 12.1.1

A critical Rollup Update for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.1 was released on August 21, 2009. It is a consolidated one-off fix to address some open issues in Oracle E-Business Suite Integrated SOA Gateway Release 12.1.1. Patch 8459663 for Integrated SOA Gateway R12.1.1 is now available for download.



Oracle E-Business Suite Integrated SOA Gateway (ISG) was released with Oracle E-Business Suite Release 12.1.1. It allows Oracle E-Business Suite public integration interfaces to be exposed as standard web services. It allows integration between heterogeneous applications and allows you to deploy web services for consumption via standard web service clients.

Why is this Rollup Update Important?

This Rollup Update fixes outstanding bugs in ISG R12.1.1 and introduces key changes in SOAHeader elements. SOAHeader elements are SOAP Header elements defined by Integrated SOA Gateway for Web services through SOA Provider. It is used for setting appropriate application context for executing PL/SQL APIs in Oracle E-Business Suite.

Oracle highly recommends that all customers who have installed the Oracle E-Business Suite Integrated SOA Gateway Release 12.1.1 upgrade to this one-off patch as soon as possible

Key Enhancements and Fixes in Rollup Update
One of the key changes with this release is change in SOAHeader elements in SOAP Requests for PL/SQL and Concurrent Program services. There are changes in element names and expected values in SOAHeader. Now instead of language dependent names, language independent key values should be sent in SOAP Request.  Other key enhancements & fixes include:
  • Support for SSL-based Web Service Invocation Over HTTPS
Service Invocation Framework now supports SSL-based Web service invocation using Server Authentication method.
  • Web Service NLS Compliance
In ISG R12.1.1, although we had the NLSLanguage element in SOAHeader, it was not used. Now, ISG supports Web service NLS compliance and it can consume SOAP requests in the language specified in the SOAHeader.
  • Security Grant on Overloaded Functions
Each of the overloaded function in a package can now be uniquely granted to a specific user, user group, or all users.
  • Standalone script to generate services for IREP interfaces
Some interfaces take long time to generate WSDL, and the Integration Repository UI may time out. Now, there's a standalone script to generate Web service artifacts.
  • Check to restrict simultaneous 'Generate Service' requests
Multiple requests to generate Web service for an integration interface are now restricted. 


For more information on mandatory consolidated one-off release, see:

Monday Jun 08, 2009

Sneak Preview: Integrating EBS with Desktop Apps via Web ADI Development Framework

Web Applications Desktop Integration (Web ADI) is an enterprise framework for integrating the Oracle E-Business Suite with desktop applications. It's a Self-Service Oracle Application that lets you download and upload selected data between EBS products and  Microsoft Excel.  It allows you to modify bulk data in Microsoft Excel, working either online or offline, and upload the modified data using Web ADI.  It also allows you to generate Microsoft Word documents for mail merges.

What's Coming for Web ADI?

Are you interested in integrating EBS application with desktop application using Oracle’s Web ADI framework? Are you interested in creating custom Web ADI integrators with the ability to define validations, lookups, and business rules? Well, you're in the right place! The Oracle Applications Technology Group is working on providing a new development framework to create and manage custom desktop integrators.

Web ADI integration architecture diagram

We're building out this upcoming framework to provide rich functionality to:

Define integrators

  • Security rules
  • One or more interfaces to import data-to EBS
  • One or more contents to extract data-from
  • Validation rules – flex fields, description flex fields, SQL-based lookup
  • Business rules to import data to EBS

Manage integrators

  • Create integrators
  • Edit and delete custom integrators
  • View Oracle-seeded and custom integrator definitions

Define and Manage UI components and lookup screens

Let Us Know About Your Integration Requirements

We're very interested in hearing about your requirements for integrating the E-Business Suite with your desktop applications.  If you're using Oracle Web ADI or have a requirement to create custom integrators, please email the following questionnaire to:

Rakha Ayothi email

For Oracle-seeded Web ADI Integrators:

  1. Does your company use Oracle Web ADI?
  2. What is your current version of Oracle Applications? (11i RUP __ / R12 RUP __ )

For Custom Integrators:

  1. What requirements do you have for developing custom integrators?
  2. How are you creating custom integrators? (In-house development / Vendor Product _<name>_)
  3. Are you interested in participating in an Early Adopter Program for the Web ADI Development Framework?

Your Contact Details

  • Company Name:
  • Contact Person:
  • Contact Number:
  • Contact E-mail address:

Related Articles



« July 2016