- November 23, 2023
by Amey Deshpande- Oracle Apps DBA
- Overview of OAuth-2.0–Based Authentication
- Prerequisites
- Create a Self-Signed Key Pair
- Set Up Microsoft Azure
- Set Up Oracle E-Business Suite
Introduction:
Encountering an abrupt halt in the Workflow Mailer, we initiated an Oracle Service Request (SR) to resolve the issue. The SR provided a comprehensive document (Oracle Doc ID 2884072.1) detailing the resolution: "Configuring Oracle Workflow for OAuth 2.0 in Oracle E-Business Suite Release 12.2 and Release 12.1.3."
Overview of OAuth-2.0–Based Authentication:
Auth 2.0 is a modern authentication framework that provides a more secure and flexible way to authenticate users and applications. It allows third-party applications to access resources on behalf of a user without exposing their credentials. With OAuth 2.0, the Oracle Workflow Notification Mailer can now securely connect to Microsoft Office 365 Exchange Online using tokens issued by the OAuth 2.0 authentication server. This helps improve security and streamline the authentication process.
The Overall Activity of Enabling OAuth-2 is divided into the following steps.
-
Prerequisites:
Apply Patch 31043260: UPDATE JAVAMAIL API LIBRARY VERSION TO 1.6.2 WITHIN IAS 10.1.3.5----- Export 10.1.3 IAS_ORACLE_HOME and apply OPatch. Generate Product JAR forcefully after this Patch as per Doc. |
Apply Patch 24693065: PROVIDE ALTER USER PRIVILEGE TO SYSTEM---10.1.2 Oracle-Home Adpatch. |
Apply Patch 26247424: R12.AD.B.delta.9: R12.AD.B.DELTA.9-----10.1.2 Oracle Home Adpatch |
Apply Patch 34632788:R12.OWF.B – OAUTH2.0 FOR IMAP CONNECTIONS TO OFFICE 365.---10.1.2 Oracle Home. |
Check jdk version minimum 1.7.0_321 or later required. Our version was 1.7.0_331 Hence No need to install JDK in our case. |
NOTE: After Applying the above patch 34632788:R12.OWF.B – OAUTH2.0 FOR IMAP CONNECTIONS TO OFFICE 365. A few OKL and JAI invalid objects were generated for which we had to create Oracle SR and perform the action plan as per SR and Invalid Objects were validated.
-
Create a Self-Signed Key Pair:
In Oracle E-Business Suite (EBS), you can create a self-signed key pair (private and public key) using the keytool command, which is part of the Java Development Kit (JDK). These keys can be used for various purposes, including securing communication, signing documents, and more. Here are the steps to create a self-signed key pair using keytool:
JDK Version 1.7.0_321 or later is needed for this.
Private Key:-
keytool -genkeypair -alias ms -keyalg "RSA" -keysize "2048" -dname "cn=Smith, ou=Development, o=Oracle, c=US" -storetype "PKCS12" -keystore ms.p12 -storepass -validity 3650
Public Key:-
keytool -exportcert -alias ms -keystore ms.p12 -storepass -file ms.cer -storetype "PKCS12"
NOTE-: You can put any phrase as a password but it should be same for above both Public and Private key.
*NOTE-: Provide above created Public and Private keys to Infra Team so that they can create Client ID and Tenant ID by setting up Microsoft Azure.
-
Set Up Microsoft Azure:
We need to perform configuration steps in the Microsoft Azure portal. The person should have global administrator privileges to perform these steps. Detail steps can be found in Oracle Document.
In our case client’s infra team did this activity as we didn’t have access to Azure portal. We only provided the Private and Public key to infra team and they generated the Client ID and Tenant ID for us.
Received the Client and Tenant ID from Infra team as follows:-
Application (client) ID:*********-7c50-****-968e-a***********3b2f
Directory (tenant) ID: ********-b985-*******-bdcf-1***********a9f
-
Set Up Oracle E-Business Suite
- Apply the required Patches as stated above in this Doc.
- Configure Oracle E-Business Suite for Outbound Connections over TLS 1.2
- Didn’t perform the above step as we had JDK 1.7 already installed after the April 2017 version.
- Define IMAP Configuration for OAuth
Enter the OAuth details, using the values you noted. The following screenshot shows an example of how to specify these details.
Click on Notification Mailers.
Click Edit.
Click Advance
Click Next
Click Next
In Above Screenshot select OAuth as authentication Type. Fill in the information given below.
Click Test inbound connection.
Then Click on Next. (Nothing change in Outbound Mail Account)
Click on Next. No Change.
Click on next.
Click on next.
After step 7 click next and on step 8 click on Finish.
Click on Apply.
Check whether the Workflow Notification Mailer is Up and running or not.
Conclusion:
This streamlined guide empowers users to efficiently configure OAuth 2.0 for Oracle Workflow Mailer in EBS 12.1.3, ensuring secure connections with Microsoft Office 365 Exchange Online. Following these steps will enable a smooth workflow and enhance communication security within the organizational framework. |