Oracle FA - Credential Store Framework (CSF) Key Registration with Oracle Integration Cloud for Business Events

The purpose of this entry is to provide information regarding registering CSF keys and configuring connectivity between the Fusion based ERP application and Oracle OIC!

As discussed in prior entries, Cloud ERP provides business events which can be subscribed to by Oracle Integration. To enable the trust between OIC and ERP, in a FA-based SaaS instance, the outbound call of a webservice uses a OWSM security policy which retrieves the credentials for the call from a CSF Key.

Credential Store Framework (CSF) keys are credentials that use basic authentication (username and password) to certify the access of users and system components. Once the registration process is completed then the CSF keys will help to trigger the business events and call-backs from ERP to OIC, and after catching the event in OIC, we can apply our business logic and perform any other action, such as calling an external API, sending an email, writing the output to a database, and more.

For this to work we must create a local IDCS account with admin privileges in OIC, and use that ID in the CSF key configuration. We must note that Oracle now also has a token based alternative, but that will be covered in another entry.

To generate the CSF key, follow the below steps:

a. Login into the OIC instance with the user credentials and navigate to the Integration home page.

b. Click on the username from the top right corner of the OIC page and select About.

c. The CSF Key will be generated by appending the identity domain and OIC admin. The format for the csf key generation is mentioned in the below table.

Format: <Identity Domain><Service Instance>

Now, follow the step by step process to configure CSF key:

a. Navigate to Oracle ERP SOA Composer to configure CSF key from the below mentioned url.

b. SOA Composer URL - https://<erphostname>/soa/composer

c. Login to the cloud application with your Oracle Cloud ERP user credentials

Note that you will need the following two roles, to perform the following actions:

SOA_OPERATOR_ROLE_JOB

SOA_DESIGNER_ROLE_JOB

d. Once the login is successful then click on the Manage Security from the right side of the page. Then click on the Manage Security and another popup will be open to provide the Manage Credentials details. Please refer to the below table to provide the Manage Credentials details.

Once the details are provided then click on the Register button to complete configuring the CSF KEY.

#	Element	Description	value
1	csf-key	Specify the csf key as extracted from the section before.	<Identity Domain><Service Instance>
2	User Name	Enter the OIC admin user name	Local account we talked about earlier.
3	Password	Enter the password for accessing OIC application	<PASSWORD>
4	Confirm Password	Renter the same password for second time	<PASSWORD>

Now it's time to verify the configuration has been done successfully.

Once the CSF Key configuration is completed then the CSF Key verification should be done.

a. Access the below mentioned FA Cloud instance by executing the following URL in a browser.

NOTE – Access the Event Subscription URL from IE, Firefox or Edge Browsers. Do not use Google Chrome browser

 
b. Event Subscription URL – https://<erphostname>/ soa-infra/PublicEvent/subscriptions

If the event subscription url doesn’t work from the browser, then use the same URL in Postman to test it.

In the basic authentication section in Postman, pass the credentials for the local user and run the endpoint.

With this, OIC will now be able to listen to business events from ERP. One additional point to note, if you ever change the password for the account used for this setup, this trust will be broken. Also, rather than using the "update" option when changing the password and following these steps, you have to "register" again, because the changes won't take effect due to caching.

Oracle Integration Cloud (OIC) - Introduction and Best Practices

As more customers adopt the Oracle Cloud Infrastructure (OCI) platform, and also the Fusion applications, such as ERP and HCM, the usage and prominence of the Oracle Integration Cloud (OIC) platform will continue to grow. OIC is a middleware, much like other competitors in the market, such as the Azure integration options, Biztalk, Boomi, and such. The competitive advantage of OIC, as it relates to the Oracle space, particularly for Cloud tools, is how the OIC product managers work closely with the FA development teams, and ensure that the adapters provided inside OIC for ERP, HCM, etc. stay up to date and are tested as quarterly patches are rolled out for both OIC and FA. In short, there's technical stack harmony when you use OIC to integrate with Oracle Cloud, not to mention that if you want to subscribe to business events from ERP, if you are looking to do event driven integrations that are real time, then OIC is your only option, since other tools cannot subscribe to these business events. In terms of adapters in OIC, the ERP and HCM adapters provide for reduced complexity when integrating with those systems. With the adapters, for example, you can subscribe to events, but also integrate via FBDI or HDL files without having to orchestrate calling many different jobs, and the adapters will instead handle a lot of the complexity on your behalf.

OIC is currently in it's third generation (Gen3), although a lot of customers are still using Gen2, and it has grown quite a bit in terms of capabilities over the last few years, particularly in terms of it's service limits. Previously OIC did not handle large files very well, or large payloads for API patterns, and although it still has limitations in this space, great strides have been made, and it can satisfy a lot of requirements that you may throw at it. As you utilize OIC, before implementing a design pattern, carefully review the service limits here, as you don't want to spend many cycles developing integrations that will fail when being load tested, or performance tested later on.

OIC can be licensed in several ways, but with the Enterprise License, you will get more than just Integrations, and you also get the Visual Builder web development IDE, to extend your SaaS applications, as well as the Oracle Process Cloud product (although this may no longer be bundled with OIC starting with Gen3). With OIC you need to keep a close eye on your message pack consumption, as that can drive up your cost a bit and also impact performance, if you environment is not sized correctly for your usage.

Below I've consolidated a lot of the best practices we have identified by using OIC over the past 4 years, to execute hundreds of integrations across multiple business units.

If you are planning to use OIC, review these in detail, and also pay attention to the third slide that talks about message pack consumption, as depending on how you implement your integrations, you could be unnecessarily incurring additional cost.

Another recommendation is taking complex business logic out of OIC, and instead use OIC to invoke stored procedures in a database cloud service (via a connectivity agent) or autonomous database (via adapter), because these heavy operations that rely on extensive business logic can be done with PLSQL quite more efficiently, and you can use OIC to control the flow, make external calls, and much more.

In terms of drawbacks, OIC still struggles with large files if you want to deal with them outside of them being an opaque element (meaning you don't understand the contents of the file and it's schema). We have also ran into issues when scheduling too many integrations, even with the maximum allowed number of message packs (but this isn't an area of concern unless you are scheduling hundreds of integrations in the same environment). From a disaster recovery perspective, OIC is highly available within it's region, but if you want to implement HA capabilities across multiple regions, accomplishing this is a bit manual and not as efficient as it could be, the architecture can be seen here, for Gen2.

In summary, OIC is a strong solution that continues to grow, but understanding it's limitations is key in order to implement the most robust integrations on behalf of your business partners.

API Gateways, and Oracle FA, with Examples!

API Gateways have gotten increased exposure over the past few years, as SaaS offerings from major vendors continue to accelerate in usage. SaaS in general provides many benefits to customers, but it does present several challenges relative to integrations and extensions, as you are restricted to public API's provided by the vendor, or native file loading capabilities, if you want to perform inbound and outbound data movement of any kind.

In Oracle FA specifically, the necessity of utilizing the API framework for your real time or near real time needs is paramount, and Oracle does a good job of documenting their API capabilities, which can be seen here for Financials, and just with a few clicks you can browse API support for other FA offerings.

Now, an API Gateway provides a layer between the caller and the target, let's say Oracle FA, where in you can perform several actions that will greatly benefit you at scale. With an API Gateway you get some of the following benefits, which are summarized in the graphic below in bullet #1, also, #2 talks to some of the capabilities that you would not want to perform in the gateway, and instead utilize a middleware tool for.

Let's take Oracle ERP as an example, and let's say you want to publish AP related API's to certain consumers but you want to distinguish the traffic generated among them, and you want to protect ERP from abuse. With the gateway you can create quota policies that will limit the usage of the consumer of the API that is proxied in the gateway, and after the user has utilized their quota, their access will be revoked. Similarly, you can create spike arrest policies that will prevent abnormal behavior from taking place, in the way of excessive amount of calls from a consumer that typically does not have that kind of volume. You can also create security policies that inspect incoming request payloads and look for malicious code, in the proxy execution flow, before the message can damage the target. In terms of usage metrics, you can direct results from the API interactions to an Enterprise Logging tool, such as Splunk, where you can build dashboards that will give you in depth analytics about who is making which calls, and what the errors are, etc. so you can discover trends and proactively resolve issues, and you will not be able to do this by just allowing users to call API's in FA directly, and troubleshooting will be labor intensive.

Let's discuss another use case, around simplifying consumer experience of your services. In ERP, oftentimes you need internal ID's from multiple API call's to ultimately perform an action, or just executing API's in sequence. Examples of this can be creating an AR Invoice for a new customer, creating a new customer, or creating a supplier, where multiple API calls have to be made in sequence to accomplish the task. In order to simplify the process and create developer friendly APIs, you can utilize your gateway to create API chains, where you can create a consolidated proxy endpoint with all the payload elements that the consumer will need to pass, and they can make that one call to create a new supplier, and your gateway will then orchestrate the chain of events to create the header, sites, addresses, locations, etc. without burdening the consumer who likely doesn't understand Oracle ERP. You can also hide away the complexity from the Gateway entirely, and proxy an application driven integration from OIC in the gateway instead (or another middleware), as shown in the below example, this is very useful if the actions in the gateway would require significant business logic or complexities beyond what is recommend as far as Gateway scope (see first graphic). Additionally, you can drive reusability and speed up adoption since consumers will just need to meet your payload requirements and understand their own data, and not build significant technical debt or have significant knowledge of Oracle ERP technically.

The above is exemplified in the following graphic, where the Apigee API Gateway is utilized to hide away the complexity of creating a Customer from the consumer. Here the consumer calls the gateway with a consolidated payload, and the gateway invokes OIC where the various API calls to accomplish the task are performed, without the consumer needing to take on this complexity.

Lastly, in terms of options, Oracle has an API Gateway offering that integrates very well with FA and also the Oracle Integration Cloud, and if you don't have an enterprise wide gateway that you are required to use, this will be your best option, you can read more about it here. However, if you have your own gateway and want to use it to enhance FA in ways similar to those described here, then you can certainly proxy your API's in your gateway of choice, and you will just need to integrate your Gateway with Oracle IDCS to securely do auth with FA, unless you are willing to store basic authentication details in your gateway and bypass IDCS (which is not recommended).

Business Events in Oracle ERP - Is OIC the Only Option?

Event frameworks are popular in the industry for many use cases, particularly when an action occurring in the source system should trigger a real time response to an external system that wants to passively wait to be told that an action can take place. To this end, in the ERP world, Oracle had provided the business events framework in Oracle EBS, and now also in Cloud ERP there's a similar, although quite different alternative.

The event framework in Oracle EBS allowed you to create custom business events that could be invoked by a stored procedure, or trigger after a custom concurrent program executed, etc. and you had complete control around what the logic in the event was, and so much more.

However, in my experience, business events in ERP are nowhere near as useful as they were in Oracle EBS, yet, as they are not very flexible and you cannot customize them in any way. I personally haven't found a use case where with enough scale the events worked as I wanted them to exactly, but the framework continues to grow and evolve, so it will eventually become more viable. For example, I had several use cases around AP payment acks and acks in AR for various reasons, as well as projects when the workflow changes the status of a project, etc., but the events didn't include all the fields the downstream systems wanted to be in the payload (and you can't just add fields, you would have to make a lookahead call after catching the event to an API and merge the additional data into the payload, assuming the API's had those fields), and also if you want source specific data, sometimes you couldnt filter the payload enough with the event wizard in OIC, and you have to parse through a lot of data to get it to what the downstream system wants and not other systems data. We did successfully use events to build an email ack framework to let downstream systems know about the status of their FBDI files, once uploaded to ERP.

The other challenge is that you can only utilize Oracle Integration Cloud (OIC) to subscribe to business events from FA, so if you use another middleware solution like Biztalk or MuleSoft, etc. you won't be able to subscribe to the events framework without using OIC. This does force clients that have invested in Enterprise tools that would otherwise not want to utilize OIC, to jump on it. However, OIC is pretty inexpensive when compared to other competitors, and if you just want to use it for events, you can have OIC catch your event and pass the payload to your middleware of choice and do what you want there, it's not ideal but it's an option, and it doesn't require complex knowledge of OIC. Also, even if event listening was exposed to other consumers, OIC has a competitive advantage because the wizard to configure an integration that listens to an event, and the options it provides, would still be superior than just listening to a raw event.

If using OIC is completely out of the question, then consider building a message aggregation service with your middleware of choice that calls the REST or SOAP API's in FA in some near real time fashion, which are likely to have far more fields in their payloads than the events themselves anyway, allowing for more flexibility. You can have the middleware send the payloads to a topic using Oracle OCI streaming or your own implementation of Kafka, and then have whoever wants the information consume the topic.

Oracle Visual Builder Backend ERP Service Connection - Loading Service Definition Error

Hello everyone,

Today we are going to cover a frequently asked question in Customer Connect, and other places, and it is regarding an error you may encounter when creating a backend connection in Oracle Visual Builder with Oracle ERP Cloud, so that you can inherit the API catalog and use the API's within VBCS.

The error occurs after successfully creating a backend connection, when you go to create a service connection and use "Select from Catalog" to select one of the options below, and then go into the service definition loading screen, and ultimately encounter an error. 

In this post we will cover the creation of a profile option in Oracle Fusion, that will resolve this issue.

First the error:

Select any of them, example highlighted.

Now the solution:

In Setup and Maintenance, open Task list and click Search. Enter 'Manage Profile Options' and click on the link.

Click on + to add a new profile option

Define a new profile option.

Profile Option Code: ORACLE.BC.REST.IGNORECATALOGERRORS
Profile Display Name: REST Describe Catalogue Profile
Application: Application Common Resources
Module: Application Common Resources
Description: If a catalog describe fails for a particular resource, log an error and proceed with other resources.

Save and close when done.

In the next screen in the Profile Option Levels section select Enabled and Updateable check boxes for Site & User. Save and Close

Then
1. Go to Fusion Apps Home page and navigate to Setup and Maintenance. Search for task “Manage Administrator Profile Values”.
2. Click on “Manage Administrator Profile Values” task and search for “ORACLE.BC.REST.IGNORECATALOGERRORS”
(enter this value in “Profile Option Code”).
3. To turn on the feature,(Under Profile Values)
a. Set the user and site level profile option ORACLE.BC.REST.IGNORECATALOGERRORS = "true";

 

You can now retry loading the service definitions in VBCS!

Low Code Development and Oracle APEX

Low code development is in fashion, and there's many offerings in the market that allow the power of low code development to be unlocked by the enterprise. The allure of low code is the time to market, where solutions, particularly web apps, can be quickly created by following a wizard, and can really be done by non-developers or "citizen" developers. Due to its benefits, many companies have adopted a low code strategy to supplement their existing software engineering offerings, where possible, specially where subject matter experts in the business could leverage low code in a self-service capacity, if the requirements aren't too complex.

Oracle APEX is available at no extra cost with your Oracle database, additionally, if you have an Autonomous database (in OCI), APEX (and ORDS - Oracle Rest Data services), already comes available and enabled in the autonomous databases. This allows you to create applications very quickly on top of the data you already have in your database, minimizing data movement, simplifying security and support, and more. For more information regarding APEX, and to try it for free, you can visit https://apex.oracle.com/en/.

I have observed where companies, who already own Oracle Database licenses and have a large footprint in the space, bypass Oracle APEX and jump on paid low code offerings from other vendors, and whereas this post will not focus heavily on what Oracle APEX is, because it's very well documented as it has been around for over 20 years already, there's definitely content that those trying to jump on APEX or even experienced users may not be aware of, and will be shared here.

The APEX Product Managers are Jayson Hanes and Monica Godoy, you can find them on LinkedIn and follow them for news, etc.

Below you will find information about the APEX Roadmap, training, events, and more:

1. APEX 23.1 is out, the feature set can be viewed at https://apex.oracle.com/en/platform/features/whats-new-231/.
2. Past Roadmap and Upcoming Road (see Appendix A)
3. Training and Certifications (see Appendix B)
4. Events calendar for APEX: https://apex.oracle.com/pls/apex/r/grand_prix/apex-events/events?session=6298691857842
5. APEX Office Hours with Oracle (see Appendix C)
6. APEX Idea Lab (Different from the Cloud Customer Connect Idea Lab) (see Appendix D)
7. Cost model in OCI (see Appendix E)

Appendix A (Roadmaps)

Past Roadmap:

Upcoming Roadmap (Post 23.1):

Appendix B (Training)

You can try APEX for free at: https://apex.oracle.com/en/

There’s also professional training available, as seen below.

Appendix C (Office Hours)

Appendix D (Ideas)

Appendix E (OCI Cost)

If you own Oracle Databases and want a low code solution that uses data from your Oracle databases primarily (although APEX can connect to other sources via API's and "DB Links"), then APEX is truly your best bet, among all the low code solutions.

OML - Oracle Machine Learning

The advent of AI and ML is near and fast approaching. Offerings such as ChatGPT are changing the way we go about doing research and just ways of working in general. To this end, it is worth noting that great strides have already been made relative to data science and analysis, and that Oracle has a strong offering that allows descriptive and predictive analytics to be performed where your data resides, which can be different from Generative AI, like ChatGPT, but just as powerful based on context.

If you have an autonomous database in Oracle Cloud Infrastructure, then you already have default access to the Oracle Machine Learning features within it. After performing a few steps from the OCI Admin console within your autonomous database area, you can access the Oracle Machine Learning Home Page, where you can create a Workspace, which encapsulates your ML projects, and you can also create notebooks, which is an interface for the creation of complex queries using SQL. There's also full permission sets where you can grant viewer, developer or manager to users for your workspace and child attributes.

The below graphic from Oracle showcases the features of the OML offering inside the ADW/ATP:

The below graphic from Oracle shows how OML is "different" from generic ML:

So why is this important? This offering gives you the ability to do data discovery and analytics on top of your data, without having to move it out of the database which can create performance issues, security issues, etc. Using the below features of the OML engine, you can find hidden patterns in your data that can both benefit your operations and processes, bottom line, and more.

You can also use Python and R via the OML interfaces provided if you are more comfortable with that toolset, versus PLSQL. Additionally, there's API support for OML itself, so that a tool like Postman can be used versus the web UI, the Git Hub project with Oracle provided collections can be found at: https://github.com/oracle-samples/oracle-db-examples/tree/main/machine-learning/oml-services/postman-collection-examples

The below graphics from Oracle showcase the capabilities of the OML service, in terms of what algorithms and functionality are provided:

Overall, for an embedded service of the autonomous database at no additional cost, this is a great feature that allows several algorithms to be leveraged out of the box, plus the capability to build your own, and definitely worth checking out further! Oracle has a simple course over at Oracle University and there's even a certification for it and can be found at: Become an Associate on Oracle Machine Learning with Autonomous Database - Oracle MyLearn