Scribd
Upload
209 views9 pages

ssh-1901745 1

Uploaded by

Zafar Imam Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
209 views9 pages

ssh-1901745 1

Uploaded by

Zafar Imam Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

9/29/22, 11:38 PM Document 1901745.

1
  Imam (Available) (0) Contact Us Help
PLast Login: September 29, 2022 3:48 PM GST Switch to Cloud Support

  1901745.1
Dashboard Knowledge Service Requests Patches & Updates Community

Give Feedback... You have been directed to this document based on an ID match. Alternatively, click here to search on this phrase. Hide
Copyright (c) 2022, Oracle. All rights reserved. Oracle Confidential.

How To: Fusion Payment And Positive Pay File Transmission Using SFTP PUT Protocol (Doc ID 1901745.1) To Bottom

In this Document   Was this document helpful?  

Abstract Yes
No
History    

Details
  Document Details  
  1. Obtain the following details from your financial institution
  2. Key pair generation(Required only if using key file based authentication)
Type:
  3. Create SFTP_THROUGH_PROXY lookup Status: TECHNICAL BRIEF
  4. Configure payments Last PUBLISHED
Major
Jun 23, 2020
  5. Alternative approach in the absence of a direct SFTP connectivity Update:
Jul 19, 2022
Last
References Update:
   

APPLIES TO:   Related Products  

Oracle Fusion Receivables


Oracle Fusion Receivables - Version 11.1.4.0.0 and later Oracle Fusion Payables
Oracle Fusion Payables - Version 11.1.4.0.0 and later
Oracle Fusion Payables Cloud

Oracle Fusion Payables Cloud Service - Version 11.1.4.0.0 and later Service

Oracle Fusion Receivables Cloud Service - Version 11.1.4.0.0 and later Oracle Fusion Receivables
Cloud Service
Oracle Fusion Payments Cloud Service - Version 11.1.4.0.0 and later
Oracle Fusion Payments Cloud
Information in this document applies to any platform.
Service

Show More
   

ABSTRACT
  Information Centers  

The secure file transfer protocol (SFTP) is one of the most common delivery mechanisms supported by banks and financial Information Center: Patching
institutions for payment file and status report message exchange. This document describes the steps to enable a SFTP channel Issues with Fusion Financials
Management (FM)
within Oracle Fusion Payments in a Cloud environment.
[1625192.2]

Oracle Catalog: Service


HISTORY Request Data Collections
(SRDCs) for all Products and
Services [51.2]
 Created On: June 26, 2014
Oracle Catalog: Information
 Update On: Feb 16, 2017 for SFTP_THROUGH_PROXY Centers and Advisors for All
Products and Services [50.2]
 Update On: Oct 28, 2017 for Revamped for OPSS changes
Information Center: Fusion
Receivables (AR) [1362542.2]
DETAILS    

  Document References  
 One of the most common requirements in Payments is to transmit payment files to banks and financial institutions. Electronic
payment file transmission to financial institutions requires connectivity between the financial institution and the deploying Bank Statement File Download
company by using transmission protocols. Payments supports various standard transmission protocols used in the payments Using SFTP GET Protocol
[2243918.1]
industry such as SFTP and HTTPS. Among these, Secure File Transfer Protocol (SFTP) is one of the most common delivery
mechanisms supported by financial institutions for the exchange of payment files. By following the steps in this document, you Fusion Payment File
can easily configure a transmission to financial institutions by SFTP. Transmision Using HTTPS
Protocol [2154451.1]
The diagram below shows the SFTP configuration in an Oracle Cloud environment. You need to collaborate with both the Fusion Payment File
financial institution and Oracle Cloud Applications to exchange necessary information. Transmission Using Universal
Content Managment (UCM)
Protocol [1984935.1]

IP Allowlist for Web Service


Calls Initiated by Oracle Cloud
Applications [1903739.1]

How to setup and analyze BI


Publisher report generation
using detailed XDODEBUG
logging in Fusion instances
[1517954.1]

Show More
   

  Recently Viewed  

How To: Fusion Payment


And Positive Pay File

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=397794979271530&id=1901745.1&_adf.ctrl-state=vsixgzj53_460 1/9
9/29/22, 11:38 PM Document 1901745.1
Transmission Using SFTP
PUT Protocol [1901745.1]
Working With Fusion
Payments Formats
[1413989.1]
Fusion Payment File
Transmission Using Universal
Content Managment (UCM)
Protocol [1984935.1]
PGP Encryption and Digital
Signature for Payment Files
[2134791.1]
How To Generate SSH Key
Pair For Fusion Payments
Using Puttygen Tool
[2685912.1]
Show More
   

Instructions to enable SFTP Channel

1. Obtain the following details from your financial institution

• The financial institution’s implementation guide that describes technical details of SFTP connectivity

• The financial institution’s SFTP server details, such as the IP address, port number, SFTP account name, password,
remote directory, and file naming convention for both the production server and the test server. Important: Oracle Network
Security requires IP address not the hostname of the SFTP server.

• Whether or not a whitelist of the host name/IP address of Oracle Cloud Applications server is necessary

• Key pair data if SFTP authentication is required

o Check with your financial institution to determine whether client-side SFTP authentication is required through a
predetermined key pair.

o If a remote financial institution’s server requires key based authentication, where Oracle Cloud Applications presents
a key to establish its identity, then generate the key pair on your premise and share the public key file with them.
Import the private key file into the pod.

o If your financial institution expects you to provide the public key file, then you must retrieve the public key file
generated in the Fusion server and share with your financial institution.

2. Key pair generation(Required only if using key file based authentication)

Key pair used for authentication can be generated using either of the following options.

Note: In order to create and save a transmission configuration, payment wallet is necessary. If a wallet is
not already created, please follow the steps below to create one:
1. Go to Manage System Security Options task

2. Click on the 'Apply quick Defaults' button (if


a wallet is already created before, this option will be greyed

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=397794979271530&id=1901745.1&_adf.ctrl-state=vsixgzj53_460 2/9
9/29/22, 11:38 PM Document 1901745.1
out/disabled)
3. Select the first option in the check box "Automatically create wallet file and master encryption key" and submit

Option 1 - Key file generated by customer/bank:

• Customer/Bank creates the SFTP key pair on their premise. If you are using unix/linux based system, you can use the
following command to generate 3072 byte RSA key file

          ssh-keygen -t rsa -b 3072

For instructions on how to generate key pair using Windows based puttygen tool, please see Doc ID 2685912.1

 
• Make sure the private key file name doesn’t have any special character (underscore ‘_’ character is acceptable). Once file
is generated, rename the private key file to contain  ‘.ssh’ extension.

Ensure that file name length (including extension) does not exceed 26 characters.

example:

[fusion@psd keys]$ ssh-keygen -t rsa -b 3072


Generating public/private rsa key pair.
Enter file in which to save the key (/home/fusion/.ssh/id_rsa): oracle     ===> key file name
Enter passphrase (empty for no passphrase):          ===> key file password
Enter same passphrase again:
Your identification has been saved in oracle.
Your public key has been saved in oracle.pub.
The key fingerprint is:
f2:59:7d:b4:3f:46:77:ea:e7:93:d9:a7:16:dd:33:76 [email protected]

[fusion@psd keys]$ ls -ltr ora*


-rw-r--r-- 1 fusion fusion 574 Dec 12 09:00 oracle.pub  ===> public key file
-rw------- 1 fusion fusion 2523 Dec 12 09:00 oracle      ===> private key file
[fusion@psd keys]$ mv oracle oracle.ssh        ====> rename private key file to contain .ssh extension
[fusion@psd keys]$

• Upload the private key file into UCM (File Import and Export) under ‘fin/payments/import’ folder

Note: Currently BI Publisher does not support private key file encrypted with AES-128-CBC. Exact
encryption algorithm used is dependent on operating system. You can check the algorithm used by viewing the
private key file in a notepad. Header would contain something like “DEK-Info: AES-128-CBC,……”). BIP currently
only supports  DES-EDE3-CBC algorithm.

If you see private key file is generated using AES-128-CBC, you can convert it to DES-EDE3-CBC using the
following openssl command before uploading to Fusion

    openssl rsa -des3 -in <aes encoded private key file> -out <des3 encoded private key file>

 
• Create/Update the SFTP transmission configuration from the UI. The private key file should now be available for
selection in the ‘Client Private Key File’ LOV. Select this key, enter the applicable password for this key file in ‘Client
Private Key Password’ field and save.

• Share the corresponding public key with the Bank/Financial-institution in order for it to be installed in the remote
SFTP server.

Note: Key pair can also be generated using 'puttygen' tool using instructions in How To Generate SSH Key Pair For
Fusion Payments Using Puttygen Tool Document: 2559663.1

Option 2: Key file generated by Oracle:

Starting Release 13, key pair generation and management can be done as self-service from transmission configuration UI.
To generate the key pair from transmission configuration UI, see instructions below:

• From Setup and Maintenance,  query Manage Transmission Configuration task

• Create/Open transmission configuration for which key pair needs to be generated

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=397794979271530&id=1901745.1&_adf.ctrl-state=vsixgzj53_460 3/9
9/29/22, 11:38 PM Document 1901745.1
• Enter transmission details and go to dropdown for 'Client Private Key File'. You will see a 'Create' options as shown below:

• Click on 'Create' to generate key pair. Note: Before creating the key pair, password for private key file should be entered in
'Client Key File Password' field.

• System will generate key pair and populate 'Client Private Key File' field with private key file name ( for example,
102917_141949.ssh) as shown below

• Corresponding public key file can be downloaded from UCM account '/fin/payments/import'. This public key will have
same naming convention as private key file but .pub extension (102917_141949.pub). This key file should be shared with
bank to deploy on SFTP server.

Note: The SSH key format does not support key end-dates. Key files generated will never expire. If customer wishes to
rotate key files, they can always have cloud ops re-generate key files and share the new public key file with bank and
update transmission configuration with location and name of new private key file.

3. Create SFTP_THROUGH_PROXY lookup

In Nov 2017 Patch Bundle, Oracle Fusion Payments introduced a new feature that enables customers to setup SFTP connections
as self-service thus reducing the time required to configure and test payment file transfers.  When using the new
SFTP_THROUGH_PROXY functionality for transmission of payment and positive pay file, customers will NO longer need to log
service request with Oracle Support to open point-to-point connection between source and destination servers. Instead,
connectivity will be routed through Oracle https proxy server.

Use of SFTP through proxy functionality requires SFTP_THROUGH_PROXY lookup to be created in Fusion Applications. Follow the
steps below to create the lookup.

Important Note: From R13B (13.18.05) on wards, payment connectivity will by default use SFTP_THROUGH_PROXY
approach. There is no need to create this lookup to use proxy based connection.

For customer's using direct connection prior to 13B upgrade, no action is needed if th SFTP server is not using IP white
listing. However, if the SFTP server is using IP white listing, they would have white listed Oracle's firewall IP when using

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=397794979271530&id=1901745.1&_adf.ctrl-state=vsixgzj53_460 4/9
9/29/22, 11:38 PM Document 1901745.1
direct connection. Post 13B, Oracle proxy server IP needs to b white listed instead. Customer can find Oracle proxy server IP
in Document:2698639.1.

i) From Setup and Maintenance, query Manage Standard Lookups task

ii) Under Search Results section, click on Add (+ sign) to add a new lookup as shown below:

a) Lookup Type = SFTP_THROUGH_PROXY


b) Meaning = SFTP Connection Via Proxy
c) Description = SFTP Connection Via Proxy
d) Module = Payments
e) Customization Level = User

iii) Save and click on Add to add a new Lookup Code for newly created Lookup Type:

a) Lookup Code = Y
b) Meaning = Y

c) Description =
Turns on SFTP Over Proxy

iv) Save and close

Note: If your non-Oracle SFTP server target uses Internet Protocol (IP)-whitelisting as part of its security scheme, you must
ensure that the IP # range for your Oracle Public Cloud data center will be accepted (i.e. whitelisted) by the target server for
SFTP sessions. Below are the external IP # ranges that will be seen by your SFTP server for each Oracle Public Cloud datacenter.

IP white list

4. Configure payments

To configure a transmission setup using SFTP for disbursement payment files or positive pay files, perform the following steps:

a. Create a new transmission configuration with a SFTP protocol by selecting the SFTP option from the Select Protocol choice list
on the Manage Transmission Configurations page and click the Create button.

b. On the Create Transmission Configuration page, enter the following SFTP transmission parameter values obtained from your
bank or payment system:

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=397794979271530&id=1901745.1&_adf.ctrl-state=vsixgzj53_460 5/9
9/29/22, 11:38 PM Document 1901745.1

Remote server host name/IP address


• Port number

• FTP account
user name
• Password


directory
• Remote file
• File name


Some financial institutions refresh the SFTP server IP address periodically. If the remote server IP is
• Important:
changed, transmission configuration details should be updated to reflect the new IP address.

Note: Post P2T refresh, transmission configuration details on the target POD will contains production (source) values.
Transmission configuration details should be updated before releasing the refreshed POD to users.

c. Client Private Key File Attribute (Optional Step): If client authentication is required, select the file name from the dropdown.
This LOV will display private key file that was created using either of the options mentioned above. Also enter password in Client
Private Key Password and save.

d. Create a new payment system for the financial institution that will receive payment files. The new payment system can be
your bank or any other service provider.

e. On the Manage Payment Systems page, click the Create icon to open the Create Payment System page.

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=397794979271530&id=1901745.1&_adf.ctrl-state=vsixgzj53_460 6/9
9/29/22, 11:38 PM Document 1901745.1

f. On the Create Payment System page, perform the following steps:

i. Enable capability for disbursement by selecting the Electronic funds transfer and positive pay check box.
ii. Add the payment format to be used in the payment process profile by selecting an option from the choice
list in the
Formats section.
iii. Add the SFTP
protocol by selecting the SFTP option from the choice list in the Transmission Protocols section.
iv. Add settings required by the payment system, if any.

Payment system settings are in the form of flexible name-value pairs and mapped with the specific attributes in the
payment format template. The values for the settings are provided by your payment system.
v. Click the Save and Add Accounts button to open the Edit Payment System Accounts page.

g. On the Edit Payment System Accounts page, add a payment system account and enter values for the account settings. These
values are generally provided by your bank or payment system. The values you enter are populated in the payment file at the
time of formatting.

h. Configure the payment process profile:

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=397794979271530&id=1901745.1&_adf.ctrl-state=vsixgzj53_460 7/9
9/29/22, 11:38 PM Document 1901745.1
i. On the Create Payment Process Profile page, from the Payment File Format choice list, select the same format used by
your payment system.
ii. On the Payment System tab, select the payment system you set up previously from the Payment System choice list.
Once you select it, the Payment System Accounts section renders as seen below.
iii. From the Payment File Transmission Configuration choice list, select the transmission configuration you set up previously.
iv. Optionally, select the option to automatically transmit the payment file after formatting.

You have now enabled the payment file transmission in the Oracle Cloud Applications environment.

i. To transmit a positive pay file to your bank when you print check payments, perform the same steps as described above.

j. In the Positive Pay section, select the Positive Pay File Format from the Format choice list and then select the Automatically
transmit file check box.

5. Alternative approach in the absence of a direct SFTP connectivity

In very rare cases, a direct SFTP connection to the remote financial system may not be practical, either because of
implementation deadlines, or because too many distinct connections are required with the same or different financial institutions.
In such cases, an alternative approach may be to use the Universal Content Management (UCM) server. This will be available in
Release 9.

Release 9 and Onwards: Payments supports direct integration with the Universal Content Management (UCM) server. Using
Payments, you can transmit the payment file to the UCM server instead of the SFTP server. To transmit a payment file from the
UCM server to your financial institution’s SFTP server, you can use a customized process or you can download and transmit the
files manually.

On the Create Transmission Configuration page, you can configure a transmission configuration as shown below using the UCM
upload protocol.

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=397794979271530&id=1901745.1&_adf.ctrl-state=vsixgzj53_460 8/9
9/29/22, 11:38 PM Document 1901745.1
 

REFERENCES

NOTE:2154451.1 - Fusion Payment File Transmision Using HTTPS Protocol


NOTE:1984935.1 - Fusion Payment File Transmission Using Universal Content
Managment (UCM) Protocol
NOTE:1903739.1 - IP Whitelist for Web Service Calls Initiated by Oracle Cloud Applications

NOTE:2685912.1 - How To Generate SSH Key Pair For Fusion Payments Using Puttygen Tool
NOTE:2559663.1 - How to generate SFTP private key using PuttyGen


Oracle ERP Cloud
NOTE:2698639.1 - Oracle White List IP's For Outbound Connectivity For
Didn't find what you are looking for? Ask in Community...

Attachments
Create_PS1 (98.01 KB)
Create_PS2 (50.19 KB)
Create_TC1 (28.65 KB)
Create_TC2 (44.57 KB)
Manage_PS (26.49 KB)
PPP (49.92 KB)
Pos_Pay (15.55 KB)
Proxy_Lookup1 (28.95 KB)
Proxy_Lookup2 (30.29 KB)
R13_Create_Key1 (44.15 KB)
R13_Create_Key2 (40.41 KB)
SFTP_Config (174.78 KB)
UCM (23.61 KB)

Related
Products

Oracle Fusion Applications > Financials Management > Receivables > Oracle Fusion Receivables
Oracle Fusion Applications > Financials Management > Payables > Oracle Fusion Payables > Manage Payments-Prepare and Record Payments > Process Payment Process Request
Oracle Cloud > Oracle Software Cloud > Oracle Enterprise Resource Planning Cloud > Oracle Fusion Payables Cloud Service
Oracle Cloud > Oracle Software Cloud > Oracle Enterprise Resource Planning Cloud > Oracle Fusion Receivables Cloud Service
Oracle Cloud > Oracle Software Cloud > Oracle Enterprise Resource Planning Cloud > Oracle Fusion Payments Cloud Service
Oracle Cloud > Oracle Software Cloud > Oracle Enterprise Resource Planning Cloud > Oracle Fusion Payments Cloud Service
Oracle Fusion Applications > Financials Management > Payables > Oracle Fusion Payments > Set Up Procurement-Configure Payment System Connectivity > Manage Transmission
Configurations

Keywords
CLIENT AUTHENTICATION; CLOUD; CONNECTION; CONNECTIVITY; CREDENTIALS; FILE TRANSFER PROTOCOL; FUSION APPLICATIONS; INBOUND; IP ADDRESS; NETWORK;
OUTBOUND; PAYMENT; POSITIVE PAY; PRIVATE KEY; PROXY; PUBLIC KEY; SAAS; SFTP; UNIVERSAL CONTENT MANAGEMENT
Errors
IBY_0001

Back to Top
 
Copyright (c) 2022, Oracle. All rights reserved. Legal Notices and Terms of Use Privacy Statement
   

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=397794979271530&id=1901745.1&_adf.ctrl-state=vsixgzj53_460 9/9

You might also like