A common requirement in integration projects is to transfer files in/out of a system in a secured manner. FTP is the usual protocol for transferring files and if additional security is required then SFTP (Secured FTP) is the way to go. In this post I would cover some of the ways FTP adapter can be configured in SOA 10g and 11g to make use of SFTP.
For additional details on FTP adapter configuration you can refer to the Oracle link
http://download.oracle.com/docs/cd/B31017_01/integrate.1013/b28994/adptr_file.htm
SFTP supports couple of authentication mechanisms to ensure additional security on top of the FTP protocol.
Similarly in Public key authentication, a private-public key pair is generated. The public key is shared with the external site/vendor which hosts the FTP server. At runtime when a SFTP connection is attempted, Fusion process will try to match the private key stored locally on SOA server with the public key on Remote FTP Server and do the authorization first before sending/posting the files.
The configuration information in either case is stored in SOA_HOME/j2ee/OC4J_SOA/application-deployments/default/FtpAdapter/oc4j-ra.xml (SOA 10g) or MW_HOME/Oracle_SOA1/soa/connectors/FtpAdapter.rar/weblogic-ra.xml (SOA 11g).
For Password authentication below are the properties which you need to set (oc4j-ra.xml sample shown below)
For Public Key authentication below are the properties which you need to set (weblogic-ra.xml sample shown below)
Apart from above configuration steps incase of Public Key authentication we can follow below additional steps to generate the private-public key pair and do corresponding setup for that.
1. On Remote FTP Server ensure that /etc/ssh/sshd_config has below parameters set
RSA Authentication Yes
PubKey Authentication Yes
2. On SOA server, generate the Public/Private Key pair using below command
ssh -keygen –t rsa
3. Once the public and private key are generated make a note of file path, file name etc.
4. Then copy the public key content to the Remote FTP Server . Login as the account with which the FTP has to be performed and put the public key content into file ~/.ssh/authorized_keys.
5. For modifying the weblogic-ra.xml in SOA 11g, extract the file from the FtpAdapter.rar file and after making changes repackage it using command (jar cvf FtpAdapter.rar .)
Incase you run into errors like below work with your network administrator to unblock the port 22 at firewall.
sftp xxxxx
Connecting to xxxxx...
ssh: connect to host xxxx port 22: Connection refused
Couldn't read packet: Connection reset by peer
Thats it ! Now you should be able to securely transfer files..
For additional details on FTP adapter configuration you can refer to the Oracle link
http://download.oracle.com/docs/cd/B31017_01/integrate.1013/b28994/adptr_file.htm
SFTP supports couple of authentication mechanisms to ensure additional security on top of the FTP protocol.
- Password authentication
- Public Key authentication
Similarly in Public key authentication, a private-public key pair is generated. The public key is shared with the external site/vendor which hosts the FTP server. At runtime when a SFTP connection is attempted, Fusion process will try to match the private key stored locally on SOA server with the public key on Remote FTP Server and do the authorization first before sending/posting the files.
The configuration information in either case is stored in SOA_HOME/j2ee/OC4J_SOA/application-deployments/default/FtpAdapter/oc4j-ra.xml (SOA 10g) or MW_HOME/Oracle_SOA1/soa/connectors/FtpAdapter.rar/weblogic-ra.xml (SOA 11g).
For Password authentication below are the properties which you need to set (oc4j-ra.xml sample shown below)
<config-property name="host" value="XXXXX"/> <config-property name="port" value="22"/> <config-property name="username" value="xxxxx"/> <config-property name="password" value="xxxxx"/> <config-property name="useSftp" value="true"/> <config-property name="authenticationType" value="password"/>
For Public Key authentication below are the properties which you need to set (weblogic-ra.xml sample shown below)
<wls:property> <wls:name>host</wls:name> <wls:value>XXXX</wls:value> </wls:property> <wls:property> <wls:name>port</wls:name> <wls:value>22</wls:value> </wls:property> <wls:property> <wls:name>useSftp</wls:name> <wls:value>true</wls:value> </wls:property> <wls:property> <wls:name>authenticationType</wls:name> <wls:value>publickey</wls:value> </wls:property> <wls:property> <wls:name>privateKeyFile</wls:name> <wls:value>path of private key file</wls:value> </wls:property>
Apart from above configuration steps incase of Public Key authentication we can follow below additional steps to generate the private-public key pair and do corresponding setup for that.
1. On Remote FTP Server ensure that /etc/ssh/sshd_config has below parameters set
RSA Authentication Yes
PubKey Authentication Yes
2. On SOA server, generate the Public/Private Key pair using below command
ssh -keygen –t rsa
3. Once the public and private key are generated make a note of file path, file name etc.
4. Then copy the public key content to the Remote FTP Server . Login as the account with which the FTP has to be performed and put the public key content into file ~/.ssh/authorized_keys.
5. For modifying the weblogic-ra.xml in SOA 11g, extract the file from the FtpAdapter.rar file and after making changes repackage it using command (jar cvf FtpAdapter.rar .)
Incase you run into errors like below work with your network administrator to unblock the port 22 at firewall.
sftp xxxxx
Connecting to xxxxx...
ssh: connect to host xxxx port 22: Connection refused
Couldn't read packet: Connection reset by peer
Thats it ! Now you should be able to securely transfer files..
