Saturday, 30 June 2018

Start, Stop and Status of API CS Physical Gateway

In our previous blog, we have showcased how to install API Cloud Service physical gateway. In this blog, we'll execute some useful commands. For instance, how to start, stop and check status of the physical gateway.

Important Blogs to learn more about API CS

 Below command must run from the directory where Gateway installer was unzipped.

Command to check the status of Physical Gateway

Run below command to check the status of Physical Gateway

 python APIGateway.py -f gateway-props.json -a status

Enter username and password of the Physical gateway which was given during installation


Command to  stop the Physical Gateway

JAVA_HOME path should be set before run the stop command

Run below command to stop Physical Gateway

 python APIGateway.py -f gateway-props.json -a stop

Enter username and password of the Physical gateway which was given during installation


Command to start the Physical Gateway

JAVA_HOME path should be set before run the start command

Run below command to start Physical Gateway

 python APIGateway.py -f gateway-props.json -a start

Enter username and password of the Physical gateway which was given during installation




Agent Group Existance Check Failed, Recheck ICS Username, ICS Password and Proxy Username, Proxy Password or Contact Customer Support

After ICS POD upgraded to 18.2.3.0.0, ICS agent will not come up and throw an error "Agent Group Existence Check Failed, Recheck ICS Username, ICS Password and Proxy Username, Proxy Password or Contact Customer Support".

The reason being of the issue is, ICS certificate has been changed. Certificate changes for ICS happened on the Cloud (outside of Agent). It can be mapped to 18.2.3 MLR 00.

This is known Bug 28242477 logged by Oracle.

To resolve this issue, the user needs to re-import the CA certs from ICS on to agent keystore. Ensure that entire certificate chain is imported to agent keystore.

Follow below steps to resolve the issue:

1) Download Certificate Chain from ICS
  • Login into ICS console using Firefox browser
  • Click on Security Report and More Information
  • Go to Security Tab and Click on View Certificate button
  • Click on Details tab. Once click on Details tab, you will notice Certificate Chain (Root, Intermediate & Leaf)
  • Download all three (Root, Intermediate & Leaf) Certificate one by one
  • Click on Root Certificate and Click on Export button
  • Save the certificate with .crt extension

  •  Repeat last two steps for Intermediate and Leaf certificate
2) Import Certificate Chain into keystore
  • Login to ICS agent server
  • Move certificates to /tmp/cert directory
  • Go to <AgentHome>/cert/ directory
  • Take backup of keystore.jks file
  • Ensure JAVA_HOME is set to run keytool command
  • Import leaf certificate first by issuing following command
keytool -import -trustcacerts -keystore keystore.jks -file /tmp/cert/integration.us2.oraclecloud.cer -alias integration.us2.oraclecloud.com
  • Once promoted for keystore password, enter "changeit". This is default password of keystore.jks
Note: You may get a prompt like an alias or certificate already exists. Ignore and proceed.
  • Run below command to import root certificate
keytool -import -trustcacerts -keystore keystore.jks -file /tmp/cert/DigiCertGlobalRootCA.cer -alias integrationroot.us2.oraclecloud.com
  • Run below command to import intermediate certificate
keytool -import -trustcacerts -keystore keystore.jks -file /tmp/cert/DigiCertSHA2SecureServerCA.cer -alias integrationintermediate.us2.oraclecloud.com

Above three commands will import certificate chain into keystore

3) Start ICS Agent
  • Run below command to start ICS agent
nohup ./startAgent.sh -u=test@test.com -p=TEST@123 &

Now ICS Agent should be started successfully without any issue.

Sunday, 24 June 2018

Implementing Oracle Integration Cloud Service


We have consolidated all the ICS / OIC AIC articles on a single article which will help learners to quickly find out the relevant blog as per the choice

This article will be updated as soon as we write a new article.

S. No.
Topic
Tags
1
ICS
2
ICS
3
ICS, Connection
4
ICS, Mapping
5
ICS, Lookup
6
ICS, Lookup
7
ICS, Lookup
8
ICS, On-Premise Agent
9
ICS, On-Premise Agent
10
ICS, Adapter, REST
11
ICS, Adapter, REST
12
ICS, Integration
13
ICS, Integration
14
ICS, Integration
15
ICS, Administration
16
ICS, Fault Handler
17
ICS, Logs
18
ICS
19
ICS
20
ICS
21
ICS, Email
22
ICS, Adapter, FTP
23
ICS, Adapter, FTP
24
ICS, Adapter, FTP
25
ICS, Adapter, FTP
26
ICS ,OIC ,Adapter, FTP
27
ICS ,OIC ,Adapter, FTP
28
ICS, Adapter, Database
29
ICS, Adapter, Database
30
ICS, Adapter, Database
31
ICS, Adapter, SOAP
32
ICS, Adapter, SOAP
33
ICS, Adapter, SOAP
34
ICS, Adapter, E-Business
35
ICS, Adapter, E-Business
36
ICS, Adapter, SFDC
37
ICS, Adapter, SFDC
38
ICS, Adapter, MS Email
39
ICS, Adapter, MS Email
40
ICS, Adapter, MS Email
41
ICS, OIC, Adapter, MS Email
42
ICS, OIC, Adapter, MS Email
43
ICS, Adapter, MS Calendar
44
ICS, Adapter, MS Calendar
45
ICS
46
ICS
47
ICS
48
ICS
49
ICS
50
ICS

Wednesday, 20 June 2018

Key Validation Policies in Oracle API Cloud Service (CS)


The Verify API Key policy lets user enforce verification of API keys at run-time, letting only apps with approved API keys access the APIs. This policy ensures that API keys are valid, have not been revoked, and are approved to consume the specific resources associated with the API products.

Use a key validation policy when we want to reject requests from unregistered (anonymous) applications.

Important Blogs to learn more about API CS


Keys are distributed to clients when they register to use an API on the Developer Portal. At run-time, if they key is not present in the given header or query parameter, or if the application is not registered, the request is rejected; the client receives a 400 Bad Request error if no key validation header or query parameter is passed or a 403 Forbidden error if an invalid key is passed.

This policy can be added only to the request flow.

Let's get in to the implementation on how to apply Key Validation policy.

Assume we already have API configured in API CS. If not, follow the blog Create API in Oracle API CS.

To configure a key validation policy please follow below steps:

  • Click on the TestAPI which we created in previous blog  Create API in Oracle API CS
  • Click on API Implementation tab
  • In the Available Policies region, expand Security, hover over Key Validation, and then click Apply

  • From the Key Validation Dialog Enter below and click Next button:

    • Your Policy Name (Optional): Enter a name for the policy
    • Comments (Optional): Describe why we are applying the policy for this API
    • Place after the following policy:  Select the policy after which this policy is placed in the request flow
    • From the Key Delivery Approach region, select either Query Parameter or Header depending on the choice. If Query Parameter is selected then, key will be passed in the query parameter in API request or if Header is selected then key need to pass in header. The request is rejected if the parameter/header is not present, if the key is not present, or if the key is invalid. Enter Parameter / header name and Click Apply button
    • Click Save button and redeploy the API from Deployments tab
    • Hit the API and include appkey query parameter
    • Hit the API without appkey query parameter

    The TestAPI is entitled with MyApp which was created in the previous blog and MyApp has subscription of MyPlan which was created in another blog. Suppose MyPlan has the limitation to serve 100 request per minute so if the request hit will exceed then the request will be rejected