Tuesday, October 11, 2011

Import Client Certificates in SOA 11g

This Article will teach you how to Import Client Certificates in SOA 11g 


Solution 1:


Steps:   
  • Download client certificate from Mozilla or IE,name it as gmail-smtp.cer   
  • Open command prompt and Import this Certificate into your JDK certs file using keytool
keytool -import  -file E:\gmailCert\gmail-smtp.cer -alias RootCA -keystore C:\Oracle\Middleware\jdk160_24\jre\lib\security\cacerts -storepass changeit

  • Create new keystore  and name it myykeystore.jks using blow command 
keytool -genkey -keystore C:\Oracle\Middleware\wlserver_10.3\server\lib\mykeystore.jks -storepass welcome1

  • Import your certificate into mykeystore.jks keystore.
keytool -import  -file E:\gmailCert\gmail-smtp.cer -alias RootCA -keystore C:\Oracle\Middleware\wlserver_10.3\server\lib\mykeystore.jks -storepass welcome1

  • Edit C:\Oracle\Middleware\user_projects\domains\base_domain\bin\setDomainEnv.cmd.search for -Djavax.net.ssl.trustStore text in the file and replace with
-Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/mykeystore.jks   
-Djavax.net.ssl.trustStorePassword=welcome1

  •  Open Admin Console and modify the keystore for SOA server.Click on Change button and select the custom Identity and java standard trust  from dropdown.
Custom Identity Keystore:C:\Oracle\Middleware\wlserver_10.3\server\lib\mykeystore.jks
Custom Identity Keystore Type: jks
Custom Identity Keystore Passphrase: welcome1
Confirm Custom Identity Keystore Passphrase: welcome1

Restart SOA server and then test.


Solution 2



  •     Obtain security certificate from SFDC to connect to SFDC services (e.g. sfdc-client.cert).
  •    Import certificate obtained from SFDC into keystore
  •       /xgsoadv4a/oracle/fmw/java/bin/keytool -import -alias proxy.salesforce.com -keystore     SFDCKeyStore.jks -file /home/soaadmin/temp/sfdc-client.cert
  •   Remove the following entry from domain's setDomainEnv.sh (<domain_home>/bin/setDomainEnv.sh) -  
  •           -Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/DemoTrust.jks .
  •  Login to the Fusion Middleware Control console (i.e. "http://WLserver:port/em") . Navigate to Farm_<domain>/SOA/soa-infra". Right-click on "soa-infra" on the left pane. Select "SOA Administration --> Common Properties", click the hyperlink at the bottom for "More SOA Infra Advanced Configuration Properties".
  •  Find the entry for KeystoreLocation - and provide the path to the keystore that contains CA Certificates. Click on Apply.



6.       Add credential entry to allow BPEL to open the keystore file. Navigate to "WebLogic Domain/<domain name>". From pulldown menu, select "Security->Credentials". Add a new map called "iClickSFDC" and add two new keys inside that map (default password is changeit):
Key Name
Type
User Name
Password
KeyPassword
password
KeyPassword
<password>
KeystorePassword
password
KeystorePassword
<password>




7.       Restart webLogic domain servers.



Posted by at 3 comments:

Tuesday, March 15, 2011

How do you configure transaction timeout for BPEL on SOA 11g?

As a general rule, you should keep the following relation between the timeout parameters:

syncMaxWaitTime < BPEL EJB's transaction timeout < Global Transaction Timeout
Note: This recommendation are ONLY applicable to Sync Processes. Additionally the default Timeout setting that comes with SOA 11g installation does not comply with this rule. You might need to adjust the setting according to your particular business needs.


1. Setting syncMaxWaitTime:

This property controls the maximum time the process result receiver will wait for a result before returning for Sync processes.

For SOA 11g R1 PS1 (11.1.1.4 and later):
* Login into EM
* Expand SOA and right click on "soa-infra" and select: SOA Administration -> BPEL Properties
* Click on "More BPEL Configuration Properties..." link
* Locate syncMaxWaitTime and change it.


2. Setting the transaction timeout for BPEL EJB's:

The timeout properties for the EJB's control the particular timeout setting for the SOA application, overriding the global setting specified by the JTA timeout (See step 3).

* Log into Oracle WebLogic Administration Console.
Stop SOA Managed Server
* Click Deployments.
* Expand soa-infra -> EJBs.
* Following EJBs need to be updated:
BPELActivityManagerBean
BPELDeliveryBean
BPELDispatcherBean
BPELEngineBean
BPELFinderBean
BPELInstanceManagerBean
BPELProcessManagerBean
BPELSensorValuesBean
BPELServerManagerBean
* You can check in the config tab for the timeout setting in the BPEL* EJBs.
* Click Save.
* Restart Oracle WebLogic Server.

3. Setting the global transaction timeout at Weblogic Domain Level:


This property controls the transaction timeout seconds for active transactions. If the transaction is still in the "active" state after this time, it is automatically rolled back.

   * Log into Oracle WebLogic Administration Console.
   * Click Services -> JTA.
   * Change the value of Timeout Seconds (the default is 30).
   * Click Save.
   * Restart Oracle WebLogic Server.



More information available at:



Note: For receive/invoke timeout introduced for Async Processes with PS3, refer:
http://download.oracle.com/docs/cd/E17904_01/integration.1111/e10224/bp_events.htm#insertedID0
Posted by at 1 comment:

How to set delay between JMS/AQ Quque Messages in soa11g



After reading your issue, description I would like to suggest the below solution:


There is an activation agent which can be used to control the speed at which the adapter posts messages to BPEL 


in 11G the setting would be configured as a binding property in the composite.xml the corresponding (inbound) <service>, e.g. 


<service name="Inbound">
<interface.wsdl interface="http://xmlns.oracle.com/pcbpel/demo1#wsdl.interface(SampleInbound_PortType)"/>
<binding.jca config="Dequeue_jms.jca">
<property name="minimumDelayBetweenMessages">1000</property> ------ this is the property that is being implemented.
</binding.jca>
</service> 


This setting ensures that there at least will be 1000 milliseconds delay between the two consecutive messages being posted to the BPEL process.


Note: this setting pertains only to BPEL, and only to one adapter polling thread. If multiple adapter polling threads (e.g. multiple JMS dequeuer threads) have been configured, this setting will control the speed of each thread, not the combined speed.


By implementing the above mentioned solution, I would like to highlight one point though, you need to keep in mind that the delay will happen all the time regardless of heavy or light load. 

Posted by at No comments:

How to make your File Adapter pick only one file at a time from a location

In SOA 11g, you use File adapter to read files from the given location.
With this read operation it picks all the files at time.

You want to configure File Adapters that it should pick one file at time from the given location with given polling interval.

Solution :

You set the "SingleThreadModel" and "MaxRaiseSize" properties for your file adapter.
Edit the adapter's jca file and add the following properties:

property name="SingleThreadModel" value="true"
property name="MaxRaiseSize" value="1"

You can set these properties also through jdeveloper, by opening composite.xml, selecting the adapter and then changing the properties through the properties panel.
Posted by at 2 comments:
Subscribe to: Comments (Atom)