Rafael Andrade, Nedzad Saranovic

In our recent TechNote we discussed the pros and cons of Cloud Adapter versus Custom Web Service Call. In this How To we will guide you through the installation of Cloud Adapter and detail some of the issues you can face during installation and the changes needed to fix them.

Installation steps cookbook:

  1. To use the Cloud Adapter for Salesforce.com, you need to install the initial 12.1.3.0.0 version of SOA Suite or BPM Suite 12c.
  2. If you want to use it only within a SOA Suite SCA calling the adapter from a BPEL flow, no additional installation is needed.
  3. If you want to create a Business Service in OSB and expose the Salesforce Adapter operations via Proxy Service, there are additional steps that you need to follow (see details in the bottom of the post):
        a) Apply Bundle patch 12.1.3.0.1 for SOA Suite or 12.1.3.0.4 for BPM Suite [Issue #1].
        b) Create a Security System Policy using Enterprise Manager. [Issue #2]
        c) Change server configuration to not validate hostname or allow wildcards in the certificate URLs. [Issue #3]
  4. Follow the Cloud Adapter instructions download the Salesforce supported WSDL and do the additional server configuration changes:
        a) Download Salesforce Enterprise WSDL from Salesforce.com Setup web page.
        b) Export Salesforce Certificate from the browser and import into the server Keystore using java Keytool.
        c) Configure EM Credentials, defining CSF Key and using username and password (with security token).
    Check all configuration steps here: https://docs.oracle.com/middleware/1213/cloudadapter-salesforce/TKSDP.pdf

Issues and solutions:

Below you have the details for some of the issues you can face during installation and the changes needed to fix them:

#

Issue

Solution

1

If you do not apply the Bundle Patch for SOA/BPM suite, once you call
Salesforce during run-time you should see the error message below:

OSB-380001: Invoke JCA outbound service failed with application error, exception: com.bea.wli.sb.transports.jca.JCATransportException:
oracle.tip.adapter.sa.api.JCABindingException: oracle.tip.adapter.sa.impl.fw.ext.org.collaxa.
thirdparty.apache.wsif.WSIFException:
servicebus:/SBProject/Resources/salesforceReference.wsdl
[ salesforceReferencePortType::create(parameters,parameters) ] –
WSIF JCA Execute of operation ‘create’ failed due to:
JCA Binding Component connection issue.

JCA Binding Component is unable to create an
outbound JCA (CCI) connection.

servicebus:/SBProject/Resources/salesforceReference.wsdl
[ salesforceReferencePortType::create(parameters,parameters) ] – :
The JCA Binding Component was unable to establish an outbound
JCA CCI connection due to the following issue: BINDING.JCA-12561

JCA Resource Adapter location error (WebLogic).

Unable to locate the JCA Resource Adapter via .jca binding file element <connection-factory/>

The JCA Binding Component is unable to locate the Resource
Adapter specified in the <connection-factory/> element:
location=’cloud/CloudAdapter’
 ManagedConnectionFactory=
‘oracle.cloud.connector.salesforce.SalesforceConnectionFactory’
(properties: {csfkey=SalesForceKey, applicationVersion=34.0, csfMap=oracle.wsm.security, jndi.location=cloud/CloudAdapter, targetWSDLURL
=servicebus:/SBProject/Resources/enterprise.wsdl})

The reason for this is most likely that either

 1) the Resource Adapters RAR file has not been deployed successfully to the WebLogic J2EE Application server or

 2) the JNDI <jndi-name> setting in the WebLogic JCA deployment descriptor has not been set to cloud/CloudAdapter. In the last case you might have to add a new ‘connector-factory’ entry (connection) to the deployment descriptor.

Please correct this and then restart the WebLogic Application Server

 

Caused by: javax.naming.NameNotFoundException: While trying to lookup ‘cloud.CloudAdapter’ didn’t find subcontext ‘cloud’. Resolved ”; remaining name ‘cloud/CloudAdapter’

There are 2 solutions for this issue:

1) manually changing the connection mode parameter in the advanced section for transport on business service in OSB console after deploy:

1.       open OSB console

2.       create a session

3.       click on project and then on business service for salesforce

4.       open the Transport detail tab

5.       open advanced section and change connection mode to unmanaged

6.       activate the session in console

2) patching to 12.1.3.0.1 or up and no manual configuration will be needed

 

2

If you do not create the Security Policy, once you call Salesforce in run-time you should see the error message below:

javax.resource.ResourceException: Unable to create Cloud Operation:

  at oracle.tip.adapter.cloud.CloudAdapterInteraction.create
CloudOperation(CloudAdapterInteraction.java:274)

  at oracle.tip.adapter.cloud.CloudAdapter
Interaction.execute(CloudAdapterInteraction.java:136)

  at oracle.tip.adapter.sa.impl.fw.wsif.jca.
WSIFOperation_JCA.performOperation
(WSIFOperation_JCA.java:537)

  at oracle.tip.adapter.sa.impl.fw.wsif.jca.WSIFOperation_
JCA.executeOperation(WSIFOperation_JCA.java:374)

 ….

Caused by: oracle.cloud.connector.api.CloudInvocationException: Unable

to find username in credential store.

  at oracle.cloud.connector.salesforce.
SalesforceSessionManager.get
SessionRequestMessage(SalesforceSessionManager.java:63)

  at oracle.cloud.connector.impl.
AbstractRemoteSession
Manager.establishSession(AbstractRemote
SessionManager.java:37)

  at oracle.tip.adapter.cloud.CloudAdapterInteraction.create
CloudOperation(CloudAdapterInteraction.java:253)

The steps below describe how to create the Security Policy needed:

1. Log in to Fusion Middleware Control Enterprise Manager.

2. Expand “Weblogic Domain” in the left panel

3. Right click on the domain you want to modify and select Security > System Policies to display the page System Policies.

4. In the System Policies page, click on “Create…” button.

5. In the Codebase field enter the path to the jar file i.e file:${osb.oracle.home}/soa/modules/oracle.

soa.adapter_11.1.1/jca-binding-api.jar

6. In the Permissions section click on “Add” button.

7. In the new window modify the “Type” field to “Principal” and click on the search button. Select the “Administrator” permission and click “Ok”

8. Back in the previous windows you will see now under Permissions “oracle.security.jps.service.credstore.CredentialAccessPermission”

9. Select “oracle.security.jps.service.credstore.Credential

AccessPermission” and click on “Edit…” button and modify it as follow:

Resource Name: context=SYSTEM,mapName=SOA,keyName=*

Permission Action: *

10. Click on “OK” to save the new permission.

See more details at Oracle Support “SOA/OSB 12c: Cloud Adapter Patch Reference (Doc ID 1917423.1)”

3.

If you do not change the server configuration related to hostname validation, once you call Salesforce in run-time you should see the error message below:

javax.net.ssl.SSLKeyException

Certificate chain received from [URL – IP] failed hostname verification check. Certificate contained *.[URL] but check expected [URL]

There are 2 options to solve this:

1. Disable hostname verification, as explained by the Cloud Adapter documentation (“Set Hostname Verification to None”)

https://docs.oracle.com/middleware/1213/cloudadapter-salesforce/TKSDP.pdf

2. Change Hostname Verifier to allow wildcards:

http://serverfault.com/questions/503751/certificate-verification-error-when-sending-a-service-request-from-weblogic

1. Go to the WebLogic admin console -> Environment -> Servers -> your server -> Configuration -> SSL

2. Click “Lock & Edit”

3. Open the “Advanced” flap

4. Change “Hostname Verification” from “BEA Hostname Verifier” to “Custom Hostname Verifier”

5. Set “Custom Hostname Verifier” to weblogic.security.utils.SSLWLSWildcardHostnameVerifier

6. Click “Save” and then “Activate Changes”

7. Restart your server.

 

4

Once you create a new Salesforce Adapter instance selecting SOSL/SOQL, in case you add parameters to the query, you can get the error message below once you complete the wizard and the Business Service is not created.

Failed to generate the business service

error: Unexpected character encountered (lex state 3): ‘<some character>’

 

The workaround for this issue:

is to create the Salesforce Adapter instance without any query parameter and, after completing the wizard, right-click on the adapter and select “Edit JCA”, running the adapter wizard again and replacing the query, including the parameters. This time the wizard will complete as expected and all adapter metadata files will be updated accordingly.