Saturday, January 23, 2016

Oracle API Gateway 12c : Getting started with SFTP server

In this blog post I going demonstrate how to create a SFTP server inside the Oracle API Gateway (OAG).

Below are the steps required to create SFTP server:

  • Generate SSL certificate for sftp server
  • Configure SSL certificate in OAG
  • Create SFTP Incoming file policy
  • Create Password Authentication Policy
  • Create User in OAG
  • Configure SFTP server in OAG
  • Test and verify SFTP connection using client


Generate SSL certificate for sftp server

You need openssl to create ssl certificate. you can download the openssl from here : https://www.openssl.org/source/

Please follow below blog post to configure ssl certificate

http://www.codeconfuse.com/2016/01/how-to-generate-ssl-certificate-using.html

Configure SSL certificate in OAG

  • Open policy studio --> Go to Certificates and Keys --> Certificates --> Click on Create/Import



  • Import the certificate that you have created above, click on import certificate




  • Go to Private Key tab and import the private key

  • Click Ok and finish the certificate import wizard.

Create SFTP Incoming Policy

This policy is used to handle the incoming file coming from the sftp client and this is required to create sftp server listener.
  • Under Policies --> Create container "File Transfer" --> Right click and Add Policy, give the name of the policy "SFTP Incoming"
  • Open the SFTP Incoming policy, from the right menu go to Routing --> drag n drop "Save to File" filter.

Note: For the demonstration purpose I am saving the file in local server, you can use other filters according to your usecases.

  • Open "Save to File" filter and configure as below



Create Password Authentication Policy

This policy required to authenticate the client using username and password.

  • Add new policy similary created for SFTP Incoming policy, give the name "Password Authentication"
  • Open the policy, from right menu go to Authentication --> drag n drop Attribute Authentication and configure as below

  • Click Finish.

Create a User in OAG
  • Go to Users and Groups --> Users --> Click on Add, add new user weblogic.


  • Click Ok.

Configure SFTP server in OAG


  • Go to Listeners --> Oracle API Gateway --> Right Click and selct "Add File Transfer Service"
  • Configure as shown below


  • Select Password Authentication policy and SFTP Incoming policy as shown in the picture above
  • Select the IA server Cert that you have created above.
  • The directory used above is default directory, you can change this directory by putting folder name like ${environment.VINSTDIR}/file-transfer/in/weblogic

Test SFTP server connection

You can use any client like Filezilla or WinScp to test the SFTP connection. 
Use the user weblogic that is created in Oracle API Gateway.

Reference
  • https://docs.oracle.com/cd/E39820_01/doc.11121/gateway_docs/content/general_file_transfer.html


5 comments:

  1. Hi there, have you been able to fathom out how to do public key authentication of the sftp user rather than use password?

    ReplyDelete
    Replies
    1. well I never tried that, but you can try passing server key pair instead of server certificate in oracle api gateway listener.
      check this link : https://docs.oracle.com/cd/E39820_01/doc.11121/gateway_docs/content/general_file_transfer.html

      Delete
  2. Hi , Have you tried to do a POC on FTP service setup , if yes could you please share.

    ReplyDelete
    Replies
    1. Well I did the same way as I mentioned in the post I don't have the samples right now, if you have any issue please post here.

      Delete
    2. Thanks Anshul for the reply.
      I want to download a txt file to my development server , it means I have to pick from source location and place in my development server.

      Could you please tell me what steps I have to take here like you have shown for SFTP.

      Delete