Friday, March 22, 2013

Configuring the FTP Adapter in SOA 11g for SFTP


Configuring the FTP Adapter in  SOA 11g for SFTP

1)  SOA Host – This is a SFTP client host that will host the FTP adapter.
2) SFTP Server- Remote SFTP server on which you want to put or get the file.

Setting up the SFTP communication based on Public key

1) Navigate to /home/<<User1>>/.ssh directory of the SOA Host.
2) Execute the below command “ ssh-keygen”. This will generate the pair of public key and private key
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home//<<User1>>/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home//<<User1>>/.ssh/id_rsa.
Your public key has been saved in /home//<<User1>>/.ssh/id_rsa.pub.
The key fingerprint is:
dddddddddddddddddddddddddddd /<<User1>>”SOAHost
The key's randomart image is:
+--[ RSA 2048]----+
|   
3)  Copy the public key of the SOA Host to remote  SFTP server’s authorized_keys file. This file is located in  “/home/<<user2>>/.ssh” directory.  Public key of the SOA server is in file “id_rsa.pub” file. Just copy the text content and copy in authorized_keys.

On Target server make sure the file and directory permission should not be too open,You can execute the below commands

cd ~
cd .ssh
chmod og-rw authorized_keys
chmod a-x authorized_keys
cd ~
chmod 700 .ssh

Also you /home/user2 should not be too open.
cd /home
chmod go-wrx user2
Also chmod 755 /home/user2 if you application need for some reason



4)  Test the SFTP setup. Login to SOA server and ssh to Remote SFTP server. One time you have to establish the authenticity of the remote SFTP server for that enter “Yes”. Please note you should prompt you for password. If this prompt of password then please review the above steps.
[user1@SOAHOST ~]$ ssh <<user2>>@ SFTPHOST
The authenticity of host IPADDRESS (IPADDRESS)' can't be established.
RSA key fingerprint isXXXXXXXXXXXXXXXXXXXX
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added IPADDRESS (RSA) to the list of known hosts.
 [<<user2>>@f14 ~]$

In this was you have successfully set-up the public key based Secure FTP connection from SOA Host to Remote FTP.

FTP Adapter configuration in WebLogic Application server:

  1.    Note down the JNDI name of the FTP server that you configured in the Jdeveloper. In my case this is eis/hcgftp/FtpAdapter
2)Login to WebLogic console and navigate to Deployments->FtpAdapter-> Outbound Connection Pool. In “javax.resource.cci.ConnectionFactory” connection pool .Create the instance with the name of “eis/hcgftp/FtpAdapter”.

3)  Select the “eis/hcgftp/FtpAdapter”  and update the below properties’ value with the bold typed value
         a. authenticationType – publickey
         b. host-                <<Remoted SFTP Server Host>>
         c. port -                22
         d. privateKeyFile-  /home/<<user1>>/.ssh/id_rsa 
         e. username –      <<user2>>
         f. useSftp –           true
4) After this update the deployment FTPAdpter. Activate the changes. 



After update you get the message that two “However 2 items must be restarted for the changes to take effect.”   There is no need to start the server or no need to stop and start the FTPAdapter deployment. Only Updating the FTPAdapter deployment is enough to make File Adapter working.
5.  FTP adapter Service is ready to used by other SOA components


3 comments: