1. Using the FTP Adapter with Oracle Integration 3
  2. Create an FTP Adapter Connection
  3. Create a Connection

Create a Connection

Before you can build an integration, you must create the connections to the applications with which you want to share data.

Note:

You can also create a connection in the integration canvas. See why working with projects is preferred.

To create a connection in Oracle Integration:

  1. Decide where to start:
    • Work in a project (see why working with projects is preferred).
      1. In the navigation pane, click Projects.
      2. Select the project name.
      3. Click Integrations Integrations icon.
      4. In the Connections section, click Add if no connections currently exist or + if connections already exist. The Create connection panel opens.
    • Work outside a project.
      1. In the navigation pane, click Design, then Connections.
      2. Click Create. The Create connection panel opens.

  2. Select the adapter to use for this connection. To find the adapter, scroll through the list, or enter a partial or full name in the Search field.

  3. Enter the information that describes this connection.
    Element Description
    Name

    Enter a meaningful name to help others find your connection when they begin to create their own integrations.

    Identifier

    Automatically displays the name in capital letters that you entered in the Name field. If you modify the identifier name, don't include blank spaces (for example, SALES OPPORTUNITY).

    Role

    Select the role (direction) in which to use this connection.

    Note: Only the roles supported by the adapter you selected are displayed for selection. Some adapters support all role combinations (trigger, invoke, or trigger and invoke). Other adapters support fewer role combinations.

    When you select a role, only the connection properties and security policies appropriate to that role are displayed on the Connections page. If you select an adapter that supports both invoke and trigger, but select only one of those roles, you'll get an error when you try to drag the adapter into the section you didn't select.

    For example, assume you configure a connection for the Oracle Service Cloud (RightNow) Adapter as only an invoke. Dragging the adapter to a trigger section in the integration produces an error.

    Keywords

    Enter optional keywords (tags). You can search on the connection keywords on the Connections page.
    Description

    Enter an optional description of the connection.
    Share with other projects

    Note: This field only appears if you are creating a connection in a project.

    Select to make this connection publicly available in other projects. Connection sharing eliminates the need to create and maintain separate connections in different projects.

    When you configure an adapter connection in a different project, the Use a shared connection field is displayed at the top of the Connections page. If the connection you are configuring matches the same type and role as the publicly available connection, you can select that connection to reference (inherit) its resources.

    See Add and Share a Connection Across a Project.

  4. Click Create.

    Your connection is created. You're now ready to configure the connection properties, security policies, and (for some connections) access type.

  5. Follow the steps to configure a connection.

    The connection property and connection security values are specific to each adapter. Your connection may also require configuration with an access type such as a private endpoint or an agent group.

  6. Test the connection.

Configure Connection Properties

The FTP Adapter supports the following types of FTP connections.

  • FTP connection: The FTP Adapter supports passive communication to an FTP server. You must configure passive configurations in the FTP server.
  • FTP over SSL connection: The FTP Adapter supports FTP over SSL, which supports explicit FTP over SSL.
  • sFTP connection: The FTP Adapter supports communication with a secure FTP server.

    Note:

    File Server only supports sFTP connections.

Configure an FTP Connection

Enter FTP connection information so your application can process requests.

  1. Go to the Properties section.
  2. Enter the following details:
    Element Description
    FTP Server Host Address Enter the host address of the FTP/FTPS server.
    FTP Server Port Enter the FTP server port number.
    SFTP Connection Select No from the list.
    Passive IP as Host Address If using a different IP in a passive configuration, select Yes from the list.
    FTP Server OS Select either Unix or Windows as the operating system of the host on which the FTP server is installed. The list operation requires this information to parse the response because Unix and Microsoft Windows use different line-ending characters.

    Note: This is an optional field used only with the List Files operation on the Invoke Operations page. See Invoke Operations Page.

    FTP Server Time Zone Select the time zone of the FTP server.

    Note: This is an optional field. If you plan to specify a processing delay, use the Minimum Age field of the List Files operation on the Invoke Operations page.

Configure an FTP over SSL Connection

Enter FTP over SSL connection information so your application can process requests.

  1. Go to the Properties section.
  2. Enter the following details:
    Element Description
    FTP Server Host Address Enter the host address of the FTP/FTPS/sFTP server.
    FTP Server Port Enter the FTP server port number.
    SFTP Connection Select No from the list.
    Passive IP as Host Address If using a different IP in a passive configuration, select Yes from the list.
    FTP SSL Type
    • Explicit
    • Implicit
    SSL Certificate Note: This field is now optional. The PKCS12 certificate format is no longer required. You can instead upload a public certificate on the Certificates page. See Upload an SSL Certificate in Using Integrations in Oracle Integration 3.

    If you are using an FTP over SSL certificate, click Upload icon to upload a certificate in PKCS12 format (.p12 extension).

    FTP Server OS Select either Unix or Windows as the operating system of the host on which the FTP server is installed. The list operation requires this information to parse the response because Unix and Microsoft Windows use different line-ending characters.

    Note: This is an optional field used only with the List Files operation on the Invoke Operations page. See Invoke Operations Page.

    Channel Mask If you are using FTP over SSL, select a channel encryption option:
    • Control: Encrypts the control channel. Data is transferred in plain text.
    • Data: Encrypts the data transferred. Commands in the control channel are in plain text.
    • Both: Encrypts both the control and data channels.
    • None: No encryption is performed.
    FTP Server Time Zone Select the time zone of the FTP server.

Configure an sFTP Connection

Enter sFTP connection information so your application can process requests.

Note:

File Server only supports this type of connection.
  1. Go to the Properties section.
  2. Enter the following details:
    Element Description
    FTP Server Host Address Enter the host address of the FTP/FTPS/sFTP server.
    FTP Server Port

    Enter the FTP server port number.

    For connecting to File Server, use the port number provided in Oracle Integration on the File Server Settings page. See Configure File Server Settings in Using File Server in Oracle Integration 3.

    SFTP Connection Select Yes from the list.
    Host Key This is an optional field for adding extra security for host key authentication. Host key authentication is used by a server to verify its identity to a client (the FTP Adapter, in this case). This authentication guards against man-in-the-middle-style attacks. The FTP Adapter currently supports keys of type RSA, ECDSA, and EDDSA/ED-25519 in OpenSSH format for host key verification.
    1. Click the Host Key check box.
    2. Click Upload to upload the host key.

      • The default location of the RSA key is /etc/ssh on the server.

      • You can identify the host keys supported by the server with the following command:
        ssh-keyscan -p port_number Server_IP

      • If you are using Oracle Managed File Transfer Cloud Service, download the host key from the Oracle Managed File Transfer Cloud Service Console.

      • If you are using vsftpd, you can find the host key under /etc/ssh.

    See Generate SSH Keys in PEM Format to Connect to a Public or On-Premises sFTP Server.

    SFTP Key Exchange Algorithm This selection is required if you are using an sFTP connection. If your sFTP server is restricted to a specific algorithm, select an algorithm to use from the list.

    Note: If you use the FTP Adapter with the connectivity agent, you must select a value for this field. Do not select the algorithm diffie-hellman-group1-sha1. This algorithm is not supported with the connectivity agent.

    SFTP Preferred PKI Algorithm This selection is required if you are using host key verification. You must select the algorithm specified in the Host Key field. You can find the algorithm specified with the following command: 
    cat path_to_host_key
    Where path_to_host_key is the location of the host key present in the local system of the user. The user uploads this key to the Connections page. For example:
    cat Documents/OIC/FTP_enhance/test_host_key_rsa.pub

    This ssh-rsa output provides the PKI algorithm to use: 

    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA7LidUL6bvwlG61oTd/9InpmNdyB7BuRdJx+D76tn868hNFUg1OFZ24t7qRrgatKeWH0I3AjDbljSEtvtlK88wEZPn
EJpFNO3YqBaaTdtzQvDpcSWlUVNjf+u2XWETDNXe5JFCM07q5SRkBO6ja+tfsPyNG3buYvRXt+/l2V3DllCKDS4iOgr5f6/DgbKSpvyxduCZje6Vj89rAQwPzCWH1kqA7WpwO3
. . .
. . .
/lMEmrJuw==

    By default, the FTP Adapter is configured to use the ssh-ed25519 host key (if a host key is uploaded, but no PKI algorithm is selected).

    Disable Directory Check Select Yes to disable checks of the SFTP directory.

    This action may be required if you cannot list files in the SFTP directory after an FTP server upgrade. See Cannot List Files in the SFTP Directory After FTP Server Upgrade.

Configure Connection Security

Security policies capture information about how the FTP Adapter must authenticate against the target FTP server.

The following security policies are supported:

  • FTP Server Access Policy: This policy uses the user name and password for authentication and enables users to configure the PGP values.

  • FTP Public Key Authentication: This policy connects to the sFTP server using a key. This is used only for sFTP connections. The user enters a user name and uploads the private key file. A passphrase for the private key is optional. The user can also configure the PGP values in this connection.

  • FTP Multi Level Authentication: This policy uses multiple independent credentials to log in to the server. This process creates an extra layer of defense against unauthorized users. With this policy, you provide a user name, user password, private key, and private key passphrase to connect to the sFTP server. You also configure the first authentication sequence between the password and the public key.

    Note:

    File Server does not support use of this security policy.
In addition, each security policy provides options for specifying PGP encryption and decryption and signing verification details. You can generate the PGP keys to use. See Generate PGP Keys to Use in Oracle Integration.
  • Encryption
    • Provide encryption details if the FTP Adapter connection is used to encrypt the contents while writing the file to a target FTP server.
    • Do not provide encryption details if the file being written to the target FTP server is already encrypted using the stage file action.
  • Decryption
    • Provide decryption details if the FTP Adapter connection decrypts the contents while downloading the file from the source FTP server.
    • Do not provide decryption details if the stage file action is used to decrypt the downloaded file.
Signing and verification details:
  • Signing
    • Provide signing details if the FTP Adapter connection is used to write a file to the target FTP server that must be optionally signed.
  • Signature verification
    • Provide signature verification details if the FTP Adapter connection reads and downloads a file that is digitally signed from the source FTP server.

Configure FTP Connection Security

Configure FTP connection security.

  1. Go to the Security section.
  2. Complete the following fields to configure an FTP connection.
    Element Description
    Security Policy Select FTP Server Access Policy.

    User Name

    Enter the username to connect to the FTP server.

    Password

    The FTP Adapter supports a nonmanaged connection factory.

    Enter the password to connect to the FTP server, then enter the password a second time for confirmation.

    SSL Certificate Password

    If you uploaded an FTP over SSL certificate, enter the password for the .p12 format certificate. Enter the password a second time for confirmation.
  3. If required for your integration, specify PGP encryption and decryption and signing verification details. See Configure a PGP Encryption Decryption Connection.

Configure FTP over SSL Connection Security

Configure FTP over SSL connection security.

  1. Go to the Security section.
  2. Complete the following fields to configure an FTP over SSL connection.
    Element Description
    Security Policy Select FTP Server Access Policy.

    User Name

    Enter the username to connect to the FTP server.

    Password

    The FTP Adapter supports a nonmanaged connection factory.

    Enter the password to connect to the FTP server, then enter the password a second time for confirmation.

    SSL Certificate Password

    If you uploaded an FTP over SSL certificate, enter the password for the .p12 format certificate. Enter the password a second time for confirmation.
  3. If required for your integration, specify PGP encryption and decryption and signing verification details. See Configure a PGP Encryption Decryption Connection.

Configure sFTP Connection Security

Configure sFTP connection security.

  1. Go to the Security section.
  2. Select a security policy. The fields that are displayed for configuring are based on your selection.

    Note:

    Public and private keys created using OpenSSH are only supported if they are created on a version below 7.8.

    • FTP Server Access Policy

    • FTP Public Key Authentication

    • FTP Multi Level Authentication
  3. If you select FTP Server Access Policy:
    1. Complete the following fields.
      Element Description

      User Name

      Enter the username to connect to the FTP server.

      Password

      Enter the password to connect to the FTP server.

      The FTP Adapter supports a nonmanaged connection factory.
    2. If required for your integration, specify PGP encryption and decryption and signing verification details. See Configure a PGP Encryption Decryption Connection.
  4. If you select FTP Public Key Authentication:
    1. Complete the following fields.
      Element Description

      User Name

      Enter the username to connect to the FTP server.

      Private Key File

      If you have a private key, click the checkbox and then click Upload to upload the key. You do not need to enter a password to access the server. However, some private keys are encrypted and require a passphrase. If that is the case, enter it in the following field.

      PassPhrase

      If your private key file is passphrase protected, enter the passphrase here.
    2. If required for your integration, specify PGP encryption and decryption and signing verification details. See Configure a PGP Encryption Decryption Connection.
  5. If you select FTP Multi Level Authentication:
    1. Complete the following fields.
      Element Description

      User Name

      Enter the username to connect to the FTP server.

      Password

      The FTP Adapter supports a nonmanaged connection factory.

      Enter the password to connect to the FTP server.

      First Authentication

      This provides the sequence of authentication. If the first authentication is a password, then first password authentication is used. After a successful authentication, public key authentication is performed.

      Private Key File

      If you have a private key, click the checkbox and then click Upload to upload the key. You need to enter a password to access the server. However, some private keys are encrypted and require a passphrase. If that is the case, enter it in the following field.

      PassPhrase

      If your private key file is passphrase protected, enter the passphrase.
    2. If required for your integration, specify PGP encryption and decryption and signing verification details. See Configure a PGP Encryption Decryption Connection.

Configure a PGP Encryption Decryption Connection

Each security policy (FTP Server Access Policy, FTP Public Key Authentication, and FTP Multi Level Authentication) provides options for specifying PGP encryption and decryption and signing verification details.

Connection Type Supported Security Policy See
FTP Server FTP Server Access Policy Specify PGP Encryption Decryption and Signing Verification for FTP Server Access Policy
FTP over SSL FTP Server Access Policy Specify PGP Encryption Decryption and Signing Verification for FTP Server Access Policy
sFTP
  • FTP Server Access Policy
  • FTP Public Key Authentication
  • FTP Multi Level Authentication

Specify PGP Encryption Decryption and Signing Verification for FTP Server Access Policy

  1. Specify PGP encryption and decryption and signing verification details.
    Element Description

    PGP Public Key

    If using a PGP public key, click the check box, then click Upload to upload the key for encrypting the payload. Pretty Good Privacy (PGP) is a data encryption and decryption program that provides cryptographic privacy and authentication for encrypting and decrypting message files. Message file encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and public-key cryptography. Each step uses one of several supported algorithms. Each public key is bound to a user name, an e-mail address, or both.

    ASCII-Armor Encryption Format

    Select to format the encrypted message in ASCII armor. ASCII armor is a binary-to-textual encoding converter. ASCII armor formats encrypted messaging in ASCII. This enables messages to be sent in a standard messaging format. This selection impacts the visibility of message content. If not selected, the message is sent in binary format.

    Cipher Algorithm
    Select the symmetric cryptographic algorithm to use. Symmetric-key algorithms for cryptography use the same cryptographic keys for both encryption of plain text and decryption of cipher text.

    • CAST5

    • TDES

    • AES128

    • AES192

    • AES256

    Use Secure RNG

    If using a ECDSA or EDDSA key pair for PGP signing and verification, select Yes from the drop-down list.

    PGP Private Key

    If using a PGP private key, click the check box, then click Upload to upload the key for decrypting the payload.

    PGP Private Key Password

    Enter the password to encrypt the payload. Enter the password a second time for confirmation.

    PGP Sign Public Key

    Click the check box, then click Upload to upload the public key to verify a digitally-signed certificate.

    PGP Sign Private Key

    Click the check box, then click Upload to create a digitally-signed certificate.

    PGP Sign Private Key Password

    Enter the sign private key password, then enter the password a second time for confirmation.

Specify PGP Encryption Decryption and Signing Verification for FTP Public Key Authentication

  1. Specify PGP encryption and decryption and signing verification details.
    Element Description

    PGP Public Key

    If using a PGP public key, click the check box, then click Upload to upload the key for encrypting the payload. Pretty Good Privacy (PGP) is a data encryption and decryption program that provides cryptographic privacy and authentication for encrypting and decrypting message files. Message file encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and public-key cryptography. Each step uses one of several supported algorithms. Each public key is bound to a user name, an e-mail address, or both.

    ASCII-Armor Encryption Format

    Select to format the encrypted message in ASCII armor. This option is used if you want the encrypted file in readable format. Readable format does not mean that anyone can view the decrypted data.

    • If you select Yes, the file has a BEGIN PGP MESSAGE header.
    • If you select No, the file is not readable and has junk characters.

    ASCII armor is a binary-to-textual encoding converter. ASCII armor formats encrypted messaging in ASCII. This enables messages to be sent in a standard messaging format. This selection impacts the visibility of message content. If not selected, the message is sent in binary format.

    Cipher Algorithm
    Select the symmetric cryptographic algorithm to use for encryption. Symmetric-key algorithms for cryptography use the same cryptographic keys for both encryption of plain text and decryption of cipher text.

    • CAST5

    • TDES

    • AES128

    • AES192

    • AES256

    Use Secure RNG

    If using a ECDSA or EDDSA key pair for PGP signing and verification, select Yes from the drop-down list.

    PGP Private Key

    If using a PGP private key, click the check box, then click Upload to upload the key for decrypting the payload.

    PGP Private Key Password

    Enter the password to encrypt the payload. Enter the password a second time for confirmation. If the PGP private key is passphrase-protected, enter the passphrase. Otherwise leave it blank. This field is optional.

    PGP Sign Public Key

    Click the checkbox, then click Upload to upload the public key to verify a digitally-signed certificate.

    PGP Sign Private Key

    Click the checkbox, then click Upload to create a digitally-signed certificate.

    PGP Sign Private Key Password

    Enter the sign private key password, then enter the password a second time for confirmation.

    If the PGP sign private key is passphrase-protected, enter the passphrase. Otherwise leave it blank.

Specify PGP Encryption Decryption and Signing Verification for FTP Multi Level Authentication

  1. Specify PGP encryption and decryption and signing verification details.
    Element Description

    PGP Public Key

    If using a PGP public key, click the checkbox, then click Upload to upload the key for encrypting the payload. Pretty Good Privacy (PGP) is a data encryption and decryption program that provides cryptographic privacy and authentication for encrypting and decrypting message files. Message file encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and public-key cryptography. Each step uses one of several supported algorithms. Each public key is bound to a user name, an e-mail address, or both.

    ASCII - Armor Encryption Format

    Select to format the encrypted message in ASCII armor. This option is used if you want the encrypted file in readable format. Readable format does not mean that anyone can view the decrypted data.

    • If you select Yes, the file has a BEGIN PGP MESSAGE header.
    • If you select No, the file is not readable and has junk characters.

    ASCII armor is a binary-to-textual encoding converter. ASCII armor formats encrypted messaging in ASCII. This enables messages to be sent in a standard messaging format. This selection impacts the visibility of message content. If not selected, the message is sent in binary format.

    Cipher Algorithm
    Select the symmetric cryptographic algorithm to use for encryption. Symmetric-key algorithms for cryptography use the same cryptographic keys for both encryption of plain text and decryption of cipher text.

    • CAST5

    • TDES

    • AES128

    • AES192

    • AES256

    Use Secure RNG

    If using a ECDSA or EDDSA key pair for PGP signing and verification, select Yes from the drop-down list.

    PGP Private Key

    If using a PGP private key, click the checkbox, then click Upload to upload the key for decrypting the payload.

    PGP Private Key Password

    Enter the password to encrypt the payload, then enter it a second time for confirmation.

    Enter the password to encrypt the payload. Enter the password a second time for confirmation. If the PGP private key is passphrase-protected, enter the passphrase. Otherwise leave it blank. This field is optional.

    PGP Sign Public Key

    Click the checkbox, then click Upload to upload the public key to verify a digitally-signed certificate.

    PGP Sign Private Key

    Click the checkbox, then click Upload to create a digitally-signed certificate.

    PGP Sign Private Key Password

    Enter the sign private key password, then enter the password a second time for confirmation.

    If the PGP sign private key is passphrase-protected, enter the passphrase. Otherwise leave it blank.

Configure the Endpoint Access Type

Configure access to your endpoint. Depending on the capabilities of the adapter you are configuring, options may appear to configure access to the public internet, to a private endpoint, or to an on-premises service hosted behind a fire wall.

Select the Endpoint Access Type

Specify an agent group only when the FTP server is not publicly accessible from Oracle Integration. Install the connectivity agent on the same network as the FTP server. This enables the connectivity agent to access the FTP server. Troubleshoot any connectivity agent issues that occur. See Troubleshoot Connectivity Agent Issues with the FTP Adapter.

  1. Go to the Access type section.
  2. Select the option for accessing your endpoint.
    Option This Option Appears If Your Adapter Supports ...
    Public gateway Connections to endpoints using the public internet.
    Private endpoint Connections to endpoints using a private virtual cloud network (VCN).

    Note: To connect to private endpoints, you must complete prerequisite tasks in the Oracle Cloud Infrastructure Console. Failure to do so results in errors when testing the connection. See Connect to Private Resources in Provisioning and Administering Oracle Integration 3 and Troubleshoot Private Endpoints in Using Integrations in Oracle Integration 3.

    Connectivity agent

    Connections to on-premises endpoints through the connectivity agent.

    1. Click Associate agent group.

      The Associate agent group panel appears.

    2. Select the agent group, and click Use.

    To configure an agent group, you must download and install the on-premises connectivity agent. See Download and Run the Connectivity Agent Installer and About Creating Hybrid Integrations Using Oracle Integration in Using Integrations in Oracle Integration 3.

Ensure Private Endpoint Configuration is Successful

  • To connect to private endpoints, you must complete prerequisite tasks in the Oracle Cloud Infrastructure Console. Failure to do so results in errors when testing the connection. See Connect to Private Resources in Provisioning and Administering Oracle Integration 3.
  • When configuring an adapter on the Connections page to connect to endpoints using a private network, specify the fully-qualified domain name (FQDN) and not the IP address. If you enter an IP address, validation fails when you click Test.
  • IPSec tunneling and FastConnect are not supported for use with private endpoints.

Test the Connection

Test your connection to ensure that it is successfully configured. If necessary, you can self-diagnose connectivity issues that occur with the sFTP server.

  1. In the upper right corner of the page, click Test.
  2. Select the type of connection testing to perform:

    • Diagnose & Test: If you receive issues after selecting Test, select this option to diagnose sFTP server networking issues. The diagnostics can take more than 15 minutes to perform. Once selected, you cannot cancel this option. After completing network diagnostics, a response is displayed for debugging the issue. Resolve the issues, or, if necessary, contact your network support for additional assistance.

    • Test: Performs a normal connection test.

    If successful, the following message is displayed and the progress indicator shows 100%.

    Connection connection_name was tested successfully.

  3. If your connection was unsuccessful, an error message is displayed with details. Verify that the configuration details you entered are correct. Select Diagnose & Test to perform further diagnosis.
  4. When complete, click Save, then click Back button.