Friday, 10 February 2017

SFDC Upgrade for impacts to existing custom integration (TLS1.1)


Introduction

The TLS protocol provides communications security over the Internet.The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. Now SFDC is going to upgrade the TLS 1.0 to 1.1.This may impact the existing custom integration.So need to apply patches to the SOA and JDeveloper.

Business Requirement:

Currently the integration between Oracle E-biz to SFDC is working under TLS 1.0.Now the version is going to be upgraded to 1.1.

After upgradation of TLS 1.1 , the existing integration system will not work.It may shown a error as "This version is no longer supported" or "Unsupported Clients" in SFDC Adapter.

Following are the 4 phases to achieve the TLS 1.1 or higher Http security upgradation in SFDC and SOA.

Phase (1) SFDC Change/Configuration:

Login to the SFDC and do the following steps

1.1) Upgrade TLS 1.0 to 1.1 in SFDC:
       Go to Critical Updates --> Click Activate next to "Require TLS 1.1 or higher..."
1.2) Generate WSDL file for SFDC
       Go to the API under Develop --> get the enterprise WSDL.

Phase (2) Weblogic, SOA and Jdeveloper Patch Application to upgrade the Instance for HTTP TLS1.1 or Higher:

2.1) Upgrade the java from 1.6.0_45 to 1.7.0_45 in (Weblogic + SOA) Server.

2.2) Apply the patch(22612527) for Both SOA(Run time) in the Server and Jdeveloper(Design time) in Desktop Only. (Ref:Oracle Doc ID 2112308.1)
  • Apply the pre-requisite first, before applying the patch (22612527) refer README.txt.
  • Note : This patch requires pre-requisite, Please check that also.Before applying Patch 22612527 , must correctly apply the prerequisite Patch 13866584 as per the readme. Be aware that patch 13866584 will not appear in the OPatch inventory since its installation is a copy/paste method.
  • Apply the patch 11.1.1.7.0 version of 22612527 after step2.
  • Correct the JAVA_HOME path in script file setDomainEnv.sh ,
  • Also,have to add JAVA_OPTIONS in setDomainEnv.sh 
  • Edit JAVA OPTIONS inside setDomainEnv.sh[cmd] under %domain_home_dir%/binfolder. Include the following java option: 
          {JAVA_OPTIONS} -Dhttps.protocols=TLSv1.0,TLSv1.1,TLSv1.2"
          export JAVA_OPTIONS 
  • Restart the Weblogic& SOA server. 
  • Please make sure -Dhttps.protocols="TLSv1.1,TLSv1.2" shows up server.outfile after server startup
  • As you can see, the list is comma delimited. If you want support forversion 1.0 through 1.2, you would set the property:
         -Dhttps.protocols="TLSv1.0,TLSv1.1,TLSv1.2"

Phase (3) Server Changes/Configuration:

Login to the Console(http://url:port/console).Go to Server under Environment,choose the following server

3.1) Admin server:
       Under SSL enable tick mark in USE JSSE SSL parameter
       Hostname verification field is to be set to "None" on server side
3.2) SOA server: 
       Under SSL enable tick mark in USE JSSE SSL
       Hostname verification field is set to "None" on server side.

Phase (4) Create a SOA composite and deploy:

4.1)Open JDeveloper , create a SOA Composite according to the business requirement.
4.2)Deploy it in the server.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)