10/10/2019 Drivers Location In Odi 12c Temporary
SSL configuration in ODI Prior to 12c ODI was able to use OdiInvokeWebservice tool to access webservices over SSL and also invoke operations on remote ODI Agents over SSL. Late in the 11g release train - by 11.1.1.7.0 - it was also possible to setup an ODI Standalone Agent in SSL mode. But the configurations for all these were a bit confusing, to say the least. With ODI 12c there was an effort to simplify and unify all the configuration options and also add more flexibility in the SSL configuration. A rose by any other name There are multiple Agent configurations, when you really come to think about it. There is Studio Local Agent, Jetty-based Standalone/Collocated Agent and also JEE Agent that runs within WLS.
Oracle Data Integrator 12 Project Table to Table mapping. Skip navigation Sign in. ODI 12C Table to Table Mapping Praveen Kumar. Create first mapping in Oracle Data Integrator ODI. Oracle Data Integrator 12c New Features Overview 1 Disclaimer. Execution within these objects and set breakpoints to interrupt execution at pre-defined locations. Values of variables can be introspected and changed during a debugging session, and data of. ODI 12c New Features Overview October 2013 Author: ODI Product Management.
Each of these requires some sort of configuration to be able to call out to HTTP services over SSL or, in the case of Standalone/Collocated Agents, be able to serve requests over SSL. We will look at each of these separately. Note that Java 'keytool' is your friend for creating/importing/exporting certificates. Read up about its functionality in the standard JDK Javadoc.
Standalone/Collocated Agents over SSL In order for these Agents to be SSL-enabled the first requirement is that you must edit ' instance.properties' file to set ' PROTOCOL' to ' https'. Then you must provide the location of a keystore file. This location is supplied through the standard Java system property ' javax.net.ssl.keyStore'. It is defined in ' instance.cmd/sh' file. Note that the location of instance.properties file and instance.cmd/sh file are a little peculiar. You will find them under /config/fmwconfig/components/ODI/ /bin. By default the keystore location points to the domain's demo identitystore.
For initial testing you can use this, but be sure to change the location and keystore for any production use. This keystore file must contain the SSL certificate for the server. The next piece of information to provide is the keystore password.
The password has to be ODI-encoded password. Use the encode.cmd/sh shell script to convert plaintext keystore password to ODI-encoded format.
![]()
This value is then to be stored in ' instance.properties' as value of ODIKEYSTOREENCODEDPASS. If the key itself is password-protected this password too must be ODI-encoded and stored as value of ODIKEYENCODEDPASS. An additional configuration that can be performed is to disable less secure SSL ciphers. This can be done using ODIEXCLUDEDCIPHERS - also from instance.properties.
The names of the ciphers to be excluded are to be provided as a comma-separated list. If Agent has been started at INFO level or more verbose logging and at least one cipher name is set for this property, then you can see a list of ciphers available in the JVM printed out to the log. This list can then be used for further pruning of less-secure ciphers, if necessary. JEE Agent SSL In this case no configuration is needed.
WLS takes care of SSL transport. Standalone/Collocated/JEE Agent as SSL client OdiInvokeWebservice or OdiStartScen tool in ODI Package/Procedure can require SSL configuration if the remote endpoint is only accessible over SSL. For this you need to configure a truststore from where the remote server's SSL certificate may be obtained.
For Standalone/Collocated servers the truststore location and type are to be supplied via the standard ' javax.net.ssl.trustStore' and ' javax.net.ssl.trustStoreType' in ' instance.cmd/sh'. The truststore password is to be supplied as ODI-encoded string set as value of 'ODITRUSTSTOREENCODEDPASS' in ' instance.properties'. For WLS, the standard Java properties will already be available, but you will need to provide the truststore password by setting 'ODITRUSTSTOREENCODEDPASS' as a system property and its value as the ODI-encoded password string. You can use the domain script or the Managed server script for adding this system property. This does create a limitation that a WLS Managed server having more than one ODI Agent can only support one truststore.
Default WLS truststore location: /server/lib/DemoTrust.jks Default WLS truststore password: DemoTrustKeyStorePassPhrase WLS Domain keystore: /security/DemoIdentity.jks ODI Studio Local Agent as SSL client Pre-12c you would have had to add the SSL Java system properties as well as the 'ODITRUSTSTOREENCODEDPASS' in odi.conf file. But starting from 12c you can go to Tools - Preferences - Credentials to configure your truststore. These will be available as standard Java system properties for Studio Local Agent. In case this does not work you can directly add the SSL system properties and ODI-encoded truststore password in odi.conf.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |