Pages

Friday, June 1, 2018

Invoking HTTPS Service Request from Oracle API Platform

Oracle API Platform's API Implementation has two service naming convention 1) API Request 2) Service Request.

API Request - is the endpoint to which users or applications send requests for your API.

Service Request - is the URL at which your back-end service receives requests.

In this blog we are going to discuss what are the additional configuration we need to done inside API Platform Gateway Server while invoking a HTTPS Service Request URL.

Since, its HTTPS URL obviously there is associated SSL cert with that URL which is signed by Certificate Authority.

Recently, I have been doing one POC where I was invoking a Service Request HTTPS URL but it was not working and later found out it's because of associated SSL certificate was not configured in Weblogic JKS Keystore.

Before, I get into detailed solution, let me tell you bit more about problem. At very initial stage when I tried creating an API which is in-turn calling an HTTPS service request, it was failing while invoking that service from rest POSTMAN tool and was getting "Internal Server error" as per below snap.


1

It was quite tricky to find out what's went wrong in back-end which was resulting above error. After struggling a bit I found one very important log file "Default.log" for API Gateway server aka Oracle Communication Service Gatekeeper (OCSG) Server, located at e.g. /u01/apics/install/domain/gateway1/servers/managedServer1/trace/ path. In your case "/u01/apics" might be different, but rest PATH should be same.

This logs, clearly state there was issue with SSL Handshake and was getting "javax.net.ssl.SSLHandshakeException: General SSLEngine problem" error as per given snap-


2


Thursday, May 31, 2018

Oracle API Platform Gateway Log files Summary

 
Is Troubleshooting Important for you ? I hope, the answer is Yes. If that's the case for you then first thing we need to know where to look for the detailed error message when something going wrong e.g. Gateway server not pooling API configuration from Management tier, while Invoking API end user getting "Internal Server Error", "Resource not found" etc etc. There could be many types of error but often its hard to find out root cause of exact error.

Recently, I have created an API which was further calling and HTTPS endpoint. While, invoking that API I was getting error "Internal server error", However, there was nowhere I could easily locate the details error about this problem. I had looked Managed server.log, ManagedServer.out, APICS EDR file and many other files but couldn't find useful error message related to my error. Later, I found one log file "default.log" which helped me to get root cause of my error. Hence, I decided to compile a list of all logs files, their location and bit of description, so that next time when I hit the some issue, it could be much easier for me to find out root cause by looking relevant log file. This blogs definitely helps to reader as well if they got stuck with API Gateway Error.

Note: The path given in my explanation could be different than your environment but I hope you can very well workout your environment path after looking my sample PATH which I have mentioned in this blog. My base location of installation was "/u01/apics", the rest PATH should be same in your environment.

Also, before enabling debug/trace severity make sure it's impact on file size because some of the files start getting thousand of lines of logs once you enabled the debug/trace log severity.
So, here is my comprehensive logs files list, their location and bit of description which you won't find in Oracle APICS documentation.

Thursday, May 10, 2018

Create and Delete Users in Weblogic using WLST Script

In one of my recent Event engagement, I was expected to provision 50+ users in Weblogic. Creating users in Weblogic is not cumbersome process, it's fairly easy. However, when you need to do in bulk it can take hours.

So, I just came up with simple WLST script which take an configuration file as input which contains all the server credentials required to make connectivity and list of users, description and group name etc and create and delete users in Weblogic.

Note: I have tested this script in Weblogic 12.2.1.2 but it should work in all Weblogic version as long as the beans which I have used inside python not been change in particular Weblogic Version.

Creating Users


Configure Letsencrypt SSL Certificate in Weblogic 12c

Who doesn't like the security. This is one of critical element of our IT Infrastructure. Recently I was doing one POC and got requirement to setup a valid SSL certificate in Weblogic. However, since it was just an POC we were not having any valid SSL certificate issued by some Certificate Authority. Later, I came across for one website called https://letsencrypt.org/ . Let’s Encrypt is a free, automated, and open certificate authority (CA). they give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, and its free, yes you heard correctly It's FREE !!!. You don't need to pay them at all. So if you need a valid SSL certificate for your POC or even for Production environment you can get one from them. Although their certificate comes with 3 month validity, so while using for Production environment user need to keep renewing with them with simple automated process.

In this blog we will be learning how we can generate letsencrypt SSL certificate, what's prerequisite to get the certificate and setup that certificate in Weblogic server to enable SSL communication.
So, Lets move on. We will be doing below stuff in sequence -
  1. Get a registered domain name (This required while generating SSL Cert)
  2. Install Certbot ACME Tool and Apache HTTP Server
  3. Generate Letsencrypt SSL Certificate
  4. Configure Letsencrypt SSL in Weblogic Identity Store

Monday, March 19, 2018

'API life Cycle is invalid!' Error for Oracle API CS API's

Hi, just thought to post the solution for this error, when I hit this error, searched all over internet couldn't find any specific blog describing possible cause of getting this error while invoking an API.
Let me give some background. I have created an API using Oracle API Platform Management Portal and when I tried invoking that API using google postman tool I was getting below error -
postmane
This was a silly mistake but worth highlighting. When we create API definition in API Management portal there is tab page "API Implementation" which has configuration field "API Request" where we need to define the API endpoint URL where consumer of this API will send input request. While I was declaring that portion I have given this URL "api/medrec".
APIRequest
There is no issue with declaring the endpoint URL in this way. However, the important point which I need to stress up on that anything after first forward slash become Private URI portion (e.g. medrec) of the API which will be passed to back-end service and if your back-end service doesn't know how to handle this private URI then we see this error while invoking the API. 
I am not saying this is one and only root cause which can produce this error message, but in my case this was the reason. There could be more scenarios which might can result same error message. If I hit with some other causes resulting this error message, I will update this blog post.
In order to fix this error, either modify the back-end service to deal with this private URI or change front-end API endpoint URL. In my case I have changed front-end endpoint URI for my API to this "apimedrec"
APIRequest1
I hope when next time someone will search google with error message "API life cycle is Invalid" this blog may be able to fix that issue.

Thursday, March 15, 2018

Oracle API Platform Cloud Service – Installation Steps of Gateway Node

In this blog I am going to document the Oracle API Platform Gateway Node (Version : 18.1.3) Installation steps which is one of the critical components of API Platform Cloud Service.
Oracle provides API Platform Cloud Service as a foundation product for API Management that comprises the Full API Lifecycle, encompassing the complete API Design & Documentation, API Security, Discovery & Consumption, Monetization, and Analysis etc.
Oracle API Platform comprises 3 major components as stated below to serve specific purpose-
Management Portal – This is used to create and manage APIs, deploy APIs to gateways, and manage gateways, and create and manage applications. You can also manage and Deploy APIs and manage gateways with the REST API.
Developer Portal – Application developers subscribe to APIs and get the necessary information to invoke them from this portal.
Gateway Node  – This is the security and access control run-time layer for APIs. Each API is deployed to a gateway node from the Management Portal or via the REST API.
In addition to above, Oracle also offer Oracle Apiary to quickly design, prototype, document and test APIs.
Below is the high level architecture diagram of API Platform.



Wednesday, March 8, 2017

SOA Suite 11g to SOA Suite 12c Migration Experience !!!

In this post, I am going to list of some of the problems which I could remember; I have faced during SOA Suite 11g to SOA Suite 12c migration for one the recent project which I have completed.

Problem1: 'jca.retry.count’ error

While running some of the composite, transaction was getting rolled back with below error message –
Cannot parse JCA binding retry property 'jca.retry.count', value '0' due to: Value of JCA binding retry property
'jca.retry.count' must be a positive number: Cannot parse JCA binding retry property 'jca.retry.count', value '0' due to:
Value of JCA binding retry property 'jca.retry.count' must be a positive number</summary>
,code=<code>oracle.fabric.common.FabricException</code>
,detail=<detail>oracle.fabric.common.FabricException: javax.resource.ResourceException: Cannot parse JCA binding
retry property 'jca.retry.count', value '0' due to: Value of JCA binding retry property 'jca.retry.count' must be a positive
number: Cannot parse JCA binding retry property 'jca.retry.count', value '0' due to: Value of JCA binding retry property
'jca.retry.count' must be a positive number
at oracle.integration.platform.blocks.event.jms2.EdnBus12c.publish(EdnBus12c.java:1438

Solution 1:

This error was coming because ‘0’ was set for “NumberofRetry” located at this path
We have modified soainfrastructure>>
SOA Administration>> common properties>> More SOA Advance Configuration Properties >> Application
Defined Beans >> oracle.as.soainfra.config>>EDNConfig>>edn
I believe some internal changes been made for EDN delivery retry mechanism. Earlier as part of 11g, we were able to set “NumberOfRetry=0” but when we carried forward same value for SOA Suite 12c then composite start failing JCA error as listed above.
To fix this error we just change “NumberOfRetry =1” or any positive number up to 5.
Note: Setting number of “NumberOfRetry” =1 does not retry failed JCA transaction automatically.
Refer this document for detailed understanding about different value of NumberOfRetry and its impact.
 






Thursday, February 2, 2017

“Test Console” service not running. Contact administrator to start this service



I am sure if you are working as SOA administrator you might have bumped with this error. 

In this blog post I am just trying to highlight few configurations which needs to verified ; if user is not able to launch OSB test console. I have faced this issue couple of time in various environments but fix for that problem was always different, so I just thought to compile some of causes which might help you to fix your environment problem for the same issue. 

Please note: I may be keep adding more causes as I found related to this issue in future assignments.

When OSB console is not accessible then its look like this – 


 

Cause 1:
First and foremost problem, I have noticed that OSB server is not running mode many times. Although user able to access Oracle Service Bus Console which gets deployed on Weblogic Admin Server but if OSB server is not up and running then OSB test console will never work. So make sure Weblogic Admin Server and Weblogic OSB server both must be up and running condition.


Tuesday, January 24, 2017

Weblogic Users Password Policy Enforcement



Most of clients as part of their security obligation needs to reset weblogic user password frequently and want to adhere strict password policy to avoid any security loophole. Resetting the Weblogic password is very easy but in this simple article I will just explain how to implement strict password policy rule.  Below is one sample password policy requirement given which needs to be implemented.




In order to achieve above password policy, below steps need to be performed-

Navigate to WLS Admin console >> Domain Home >Summary of Security Realms >myrealm >Users and Groups >Providers >SystemPasswordValidator >> Provider Specific tab page >> change highlighted value as per below snap