0% found this document useful (0 votes)
540 views184 pages

DEH Installation Guide

This document provides instructions for installing the Digital Engagement Hub (DEH). It outlines prerequisites, order of installation, database creation steps for multiple database types, setup of third-party components like Redis, Node.js OAuth server, and load balancers, and common property and data configurations. The guide covers topics such as database installer configuration, server and client configuration for the configuration server, Node.js OAuth server setup including configuration, environment variables, monitoring, and issues. It also discusses integrations with tools like Graylog, Elastic, Graphite, HAProxy, and NGINX.

Uploaded by

THAMARAI SELVAN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
540 views184 pages

DEH Installation Guide

This document provides instructions for installing the Digital Engagement Hub (DEH). It outlines prerequisites, order of installation, database creation steps for multiple database types, setup of third-party components like Redis, Node.js OAuth server, and load balancers, and common property and data configurations. The guide covers topics such as database installer configuration, server and client configuration for the configuration server, Node.js OAuth server setup including configuration, environment variables, monitoring, and issues. It also discusses integrations with tools like Graylog, Elastic, Graphite, HAProxy, and NGINX.

Uploaded by

THAMARAI SELVAN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 184

ht

ig
yr
Digital Engagement Hub op
C
Installation Guide
e

11.12
cl
na

16 April, 2021
Fi

© 2021 EdgeVerve Systems Limited. Strictly private and confidential. No


part of this document should be reproduced or distributed without the prior
permission of EdgeVerve Systems Limited.

Username : [email protected] Ip address : 182.66.67.250:58972 Time Stamp : 7/21/2023 8:28:15 AM


Digital Engagement Hub Installation Guide
Table of Contents
1. Introduction ................................................................................................................ 6
2. Prerequisites .............................................................................................................. 7
3. DEH Order of Installation ........................................................................................... 8
4. DB Installer Configuration Steps ................................................................................ 9
4.1 EBD DB Creation .................................................................................................................... 9
4.1.1 Prerequisites ....................................................................................................................... 9

ht
4.1.2 DB Installer Running Steps .................................................................................................. 9
4.2 Oracle DB Creation .............................................................................................................. 10
4.2.1 Prerequisites ..................................................................................................................... 10

rig
4.2.2 Adding Listener Entry before DB Installation ................................................................... 10
4.2.3 DB Installer Running ......................................................................................................... 11
4.3 PostgreSQL DB Creation .................................................................................................... 13

y
4.3.1 Prerequisites ..................................................................................................................... 13
op
4.3.2 DB Installer Running Steps ................................................................................................ 14
4.4 MSSQL DB Creation ............................................................................................................ 15
4.4.1 Prerequisites ..................................................................................................................... 16
C
4.4.2 DB Installer Running Steps ................................................................................................ 16

5. Third-party Components Setup and Integration in DEH ........................................... 18


5.1 Config Server ........................................................................................................................ 18
le

5.1.1 Terminologies ................................................................................................................... 18


5.1.2 Supported Backends ......................................................................................................... 18
ac

5.1.3 Server Configuration ......................................................................................................... 18


5.1.4 Client Configuration .......................................................................................................... 21
5.2 Node.js OAuth ....................................................................................................................... 22
n

5.2.1 Prerequisites ..................................................................................................................... 22


5.2.2 Configuration .................................................................................................................... 23
Fi

5.2.3 Environment variable to start OAuth server .................................................................... 30


5.2.4 Starting Node.js OAuth Server .......................................................................................... 31
5.2.5 Server Monitoring and Clustering using PM2 ................................................................... 33
5.2.6 Issues with OAuth Server Setup........................................................................................ 34
5.3 Redis ....................................................................................................................................... 34
5.3.1 Standalone Redis Server ................................................................................................... 35
5.3.2 High Available Redis Server .............................................................................................. 37
5.3.3 Troubleshooting ................................................................................................................ 42
5.4 Graylog ................................................................................................................................... 43

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 2 of 184
Digital Engagement Hub Installation Guide
5.4.1 Integration for Logging ..................................................................................................... 43
5.4.2 Integration for Metrics...................................................................................................... 43
5.4.3 Elastic Integration for Metrics .......................................................................................... 44
5.4.4 Graphite Integration for Metrics ...................................................................................... 45
5.5 Load Balancer ....................................................................................................................... 45
5.5.1 HAProxy ............................................................................................................................ 46
5.5.2 NGINX................................................................................................................................ 47

ht
5.6 X9Ware Tool for NACHA File Validation ........................................................................... 49

6. Common Property Configurations ............................................................................ 50

ig
6.1 Preface ................................................................................................................................... 50
6.2 4.2 Configuration Separation and Externalization ........................................................... 50
6.2.1 External Configurations .................................................................................................... 50

yr
6.3 Important Configurations ........................................................................................................ 57
6.4 Host Integration Setup ............................................................................................................ 58

7.2
op
7. Common Data Configurations .................................................................................. 59
7.1 Terminologies .......................................................................................................................... 59
Configuration ........................................................................................................................... 59
C
7.3 Customization.......................................................................................................................... 59
7.3.1 data-configuration.yml ..................................................................................................... 60
7.3.2 Multi-entity ....................................................................................................................... 61
e

8. Installation Steps on IBM WAS ................................................................................ 62


cl

8.1 System Requirements .......................................................................................................... 62


8.2 Deployment ............................................................................................................................ 62
na

8.2.1 Procedure for Stopping and Starting WAS Profile: ........................................................... 62


8.2.2 Administrative Console ..................................................................................................... 63
8.2.3 Installation Packages......................................................................................................... 65
Fi

8.2.4 Installing New Application ................................................................................................ 67


8.2.5 Changes required for EMMA enabled WAR *................................................................... 75
8.3 Resource Configuration for V5 ........................................................................................... 77
8.4 Shared Library for REST APIs and Swagger Deployment ............................................. 82
8.5 Working Directory/Data Folder Changes in Standalone/OCH ....................................... 96
8.6 Database Seeds Required .................................................................................................. 97
8.7 Changes in WAR for External References ....................................................................... 98

9. Microservices Setup and Deployment.................................................................... 100


9.1 Changes in Microservices ................................................................................................. 100
9.1.1 For External references ................................................................................................... 100
9.2 Limits MS ............................................................................................................................. 101

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 3 of 184
Digital Engagement Hub Installation Guide
9.2.1 Introduction .................................................................................................................... 101
9.2.2 Pre-requisite ................................................................................................................... 101
9.2.3 DB Setup for limits MS .................................................................................................... 101
9.2.4 Running Microservice ..................................................................................................... 101
9.3 Authentication MS............................................................................................................... 104
9.3.1 Introduction .................................................................................................................... 104
9.3.2 Pre-requisite ................................................................................................................... 104

ht
9.3.3 DB Setup for authentication MS ..................................................................................... 104
9.3.4 Running Microservice ..................................................................................................... 104
9.4 Directbanking MS ............................................................................................................... 107

ig
9.4.1 Introduction .................................................................................................................... 107
9.4.2 Pre-requisite ................................................................................................................... 107

yr
9.4.3 DB Setup for directbankingMS........................................................................................ 107
9.4.4 Running Microservice ..................................................................................................... 108
9.5
9.5.1
9.5.2
op
EnterpriseConsentManagementMS ................................................................................. 110
Introduction .................................................................................................................... 110
Pre-requisite applications ............................................................................................... 111
C
9.5.3 DB Setup ......................................................................................................................... 111
9.5.4 Updating Configuration Properties in Config Server ...................................................... 111
9.5.5 Running Microservice ..................................................................................................... 116
e

9.5.6 Configuring TrustStore for Third Party SSL certificates .................................................. 117
9.5.7 Database Driver setup .................................................................................................... 117
cl

9.5.8 Running in Tomcat .......................................................................................................... 118

10.Enabling Audit for REST API’s in EB/DEH and Microservices .............................. 119
na

10.1 Sequence generator Configuration ...................................................................................119


10.2 Service level Audit Configuration ......................................................................................119

11.Enabling HTTPS for Camel Outbound Connections ............................................... 120


Fi

11.1 Camel Configurations......................................................................................................... 120


11.2 Apache Tomcat Configurations ........................................................................................ 121
11.3 Generation of Server Digital Certificates ......................................................................... 121

12. Installation Steps on JBOSS .................................................................................. 122


12.1 Deployment .......................................................................................................................... 122
12.1.1 Installation Steps............................................................................................................. 122
12.1.2 Procedure for Stopping and Starting JBOSS Server ........................................................ 122
12.1.3 Installation Packages....................................................................................................... 123
12.1.4 Porting FEBA ................................................................................................................... 123
12.1.5 Resource Configuration for V5........................................................................................ 125

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 4 of 184
Digital Engagement Hub Installation Guide
12.1.6 HIF parallelization related Configuration for V5 ............................................................. 128
12.2 Issues during Deployment ................................................................................................. 128
12.2.1 Testing FEBA URL ............................................................................................................ 129
12.3 Porting FEBA on JBoss Enterprise Web Server ............................................................ 130
12.3.1 Mapping of Application Server with Web Server ........................................................... 131
12.3.2 Starting and Stopping of Web Server ............................................................................. 132
12.3.3 Testing FEBA URL using EWS........................................................................................... 132

ht
13.FEBA Deployment on Weblogic ................................................................... 137
13.1 Creation and Configuration for New WebLogic Domain ............................................... 137

ig
13.2 FEBA Deployment on Weblogic ....................................................................................... 142
13.2.1 Managed Server Creation ............................................................................................... 144
13.2.2 Enabling Server Logs through Admin Console ................................................................ 147

yr
13.2.3 Creation of a Data Source ............................................................................................... 150
13.2.4 Installation Packages....................................................................................................... 157

op
13.2.5 Types of Deployments .................................................................................................... 157
13.2.6 WAR Modifications to Make it Compatible with Weblogic ............................................ 158
13.2.7 Data Folder Configuration .............................................................................................. 164
C
13.2.8 WAR Deployment in Weblogic Post Modification .......................................................... 168
13.2.9 Setting FEBA SysPath in Server ....................................................................................... 172
13.2.10 Starting Managed Server ................................................................................................ 173
e

13.2.11 Enabling Verbose for Class Loading Issues ..................................................................... 174


13.2.12 Common Issues Faced in Weblogic Deployment and Application ................................. 175
cl

13.3 Issues during Deployment ..................................................................................................... 179


na

14. FEBA Batch Setup ................................................................................................. 180


14.1 JVM Arguments ..................................................................................................................... 181

15. Oracle DB installation Frequently Asked Questions............................................... 182


Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 5 of 184
Digital Engagement Hub Installation Guide
1. Introduction
This document describes the steps to be followed for the deployment of Finacle DEH Application,
configuration and integration of DEH ecosystem components.
Refer to BOM to know the set of mandatory and optional components required for DEH.
From 11.5.2 onwards DEH is provided as two components DEH and Modular DEH. All the steps
mentioned in this documents are same for both the components. DEH is for Bank and Admin user
functionalities and Modular DEH is for business services.

ht
From 11.5.3 onwards only WAR is delivered instead of EAR.
Note: This document contains deployment steps for standalone application as well as federated
application. Steps are same for both unless mentioned otherwise.

ig
yr
op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 6 of 184
Digital Engagement Hub Installation Guide

2. Prerequisites

Refer BOM (Bill of Materials) for all the Mandatory and Options components list to be deployed before
starting installation.

ht
ig
yr
op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 7 of 184
Digital Engagement Hub Installation Guide

3. DEH Order of Installation

The order in which the components should be brought up, while bringing the profile using the
installation document.

Traditional

ht
1. DB installation
2. DB installer Execution

ig
3. Redis setup
4. Vault server Setup
5. Config server setup

yr
6. Data setup /Data hydration
7. Batch setup
8. Cache Refresh
9.
10.
Application - DEH/MS/OAuth setup
HAProxy / Nginx – LB
op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 8 of 184
Digital Engagement Hub Installation Guide
4. DB Installer Configuration Steps
4.1 EBD DB Creation
Please follow the below steps for creating an EDB DB:

4.1.1 Prerequisites
Following installations and configurations have to be done
1. Python 2.4

ht
2. EDB Advanced Server 9.5
3. Add python to PATH environment variable
4. All the directories mentioned under TABLESPACE_NAMES have to be created with write

ig
access, before running the installer
5. Add edbplus.bat(PostgresPlus\9.5AS\edbplus) to PATH environment variable
6. Copy etc. folder which is present under EDB(PostgresPlus\9.5AS\edbplus) to

yr
EDBDBInstaller_EB\util\CREDB
7. EDB cluster should be present and DB server must be running before executing DB installer

4.1.2 DB Installer Running Steps op


Refer https://www.postgresql.org/docs/9.5/static/app-initdb.html on how to create a cluster

1. Copy the EBD DB Installer to any Directory, for example: EDBDBInstaller_EB


C
2. The contents of DB Installer are:
EDBDBInstaller_EB\tables
EDBDBInstaller_EB\dbseed
e

EDBDBInstaller_EB\sql
cl

EDBDBInstaller_EB\util
EDBDBInstaller_EB\util\CREDB
na

3. The 'tables' directory will be having all the table creation scripts. The 'dbseed' directory will be
having all the table seed scripts. The 'sql' directory will be having the sequence creation script.
4. The 'CREDB' directory will be having the following files:
Fi

createdb.py
createdb.properties
BANKID.properties
5. Open the createdb.properties file. Values of below parameters must be given.
INSTALLER_DIR, DATABASE_NAME, DB_SU and DB_SU_PWD.
6. The other parameters in createdb.properties need not be modified but they would be useful in few
circumstances. They are given below:
a. BLANK_DB: If you want to create a blank DB without any tables, seed data and
sequences, please provide 'Y' here, else provide 'N'.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 9 of 184
Digital Engagement Hub Installation Guide
b.ONLY_MS_USER: Enter 'N' if you want to create a database with OCH user, for limit and
Auth user and to refresh the schema enter 'Y'
c. OCH_USERNAME,OCH_USERPWD:provide the OCH USERNAME and PASSWORD to
grant privileges to MS schemas
d. TABLESPACE_NAMES: Modify this only if you need to add a new tablespace. Add a new
tablespace name as others have been added.
e. The values for the parameters NEW_USER, NEW_USERPWD, DB_SU & DB_SU_PWD
need to be changed only when you would require the new value to be put.

ht
7. Change the BANKID's (more than 1 BANKID for Multientity) which are all needed to be inserted to
the corresponding DB seed inserted with bankid '0'(Example:- DBS,01) in the

ig
EDBDBInstaller_EB/util/CREDB/BANKID.properties which instead replace the $BANK_ID in
ZZcreBank.sql file present in EDBDBInstaller_EB/dbseed to the corresponding BANK ID and insert
it.

yr
8. Now open the command prompt. Go to the CREDB directory. Run this:
python createdb.py

op
9. This would create the Database. Then it would create the tables, dbseeds, etc.
10. All logs will be formed inside the folder EDBDBInstaller_EB\util\CREDB. The tool will analyse all
the logs, and the logs which have errors will be alone kept here. Look at the log files and correct
them.
C
Note: Same steps mentioned above holds good for Unix machines as well with minor changes
e

4.2 Oracle DB Creation


cl

Please follow the below steps for creating an ORACLE DB:


na

4.2.1 Prerequisites
Following installations have to be done
1. Python 3.7.7 and add python PATH environment variable
Fi

2. Oracle 19c Server


3. To create a MS User the following changes are required in dbProperties.yaml
a. Give the DB details of the Database where DEH user is created.
b. CREATE_DB parameter should be 'N'.

4.2.2 Adding Listener Entry before DB Installation


This step is for adding an listener entry if is not there and also for finding the port number of the
installed DB.
1. Go to ORACLE_HOME/network/admin
2. Open listener.ora file
3. Check your entry in the file. If entry is not present, then add your entry as

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 10 of 184
Digital Engagement Hub Installation Guide
(SID_DESC =
(GLOBAL_DBNAME = ORA112DB)
(SID_NAME = ORA112DB)
(ORACLE_HOME=/oracle/ora12c/app/ora12c/product/12.1.0/dbhome_1)
).
4. If a new entry is added in listener.ora file, then below steps need to be executed.
• lsnrctl stop
• lsnrctl start

ht
ig
5. Port number of DB will be identified with this entry in listener.ora file.
LISTENER12 =

yr
(ADDRESS_LIST =
(ADDRESS= (PROTOCOL= TCP) (Host= IP Address) (Port= Port Number))
)

4.2.3 DB Installer Running


op
C
1. Copy the Oracle DB Installer on Unix/Windows machine, which CM team has shared with
you, to any Directory, for example: DBInstaller
e

2. The contents of DBInstaller are:


cl

DBInstaller\tables
na

DBInstaller\dbseed
DBInstaller\sqlScripts
DBInstaller\util
Fi

DBInstaller\data
DBInstaller\control
DBInstaller\log

3. The 'tables/oracle' directory will be having all the table creation scripts. The 'dbseed/oracle'
directory will be having all the table seed scripts. The 'dbseed/oracle/sequence' directory will be
having the sequence creation script.

4. The util directory will be having the following files:


o logging.conf

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 11 of 184
Digital Engagement Hub Installation Guide
o common_functionality.py
o installer.py
o db_functionality.py
o dbWrapper.py
o logger.py
o prop_val_schema.py
o property_reader.py
o utilities.py

ht
o validator.py
o validator_utility.py
o dbProperties.yaml

ig
5. Open the dbProperties.yaml file. Values for properties under common section should be given

yr
and under oracle section should be given .

op
a. INSTALLER_DIR : This directory is going to be the base directory of the database which
is going to be created (means this directory will be having the data files, log files, control files of the
DB.). So give the directory path in which the data, log, control directories to be created.
C
b. ORACLE_HOME: Give the Oracle Home Directory's path.
e

c. ORACLE_SID: The ORACLE_SID will be your new DB name.


cl

d. ORACLE_VER: Enter the Oracle Version (Give supported versions).


na

e. ORACLE_INSTANCE: enter 'ONPREM' for local DB and 'CLOUD' for cloud DB


Fi

6. The values for the above 5 parameters must be given. The other parameters in
dbProperties.yaml need not be modified but they would be useful in few circumstances. They are
given below:

a. BLANK_DB: If you want to create a blank DB without any tables, seed data and
sequences, please provide 'Y' here, else provide 'N'.

b. CREATE_DB: If you want to create a fresh DB please provide 'Y' else provide 'N' for only
user creation.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 12 of 184
Digital Engagement Hub Installation Guide
c. DEH_USERNAME and DEH_USER_PWD : provide DEH username and password while
creation of MS schemas, which will be used to run ‘GRANT_SCHEMA_ACCESS.sql’ file to garnt
permission to OCH tables for MS schemas.

d. TABLESPACE_NAMES: If you want to change the size of any tablespace, you can
change it.
e. The values for the parameters NEW_USER, NEW_USERPWD, DB_SU and
DB_SU_PWD need to be changed only when you would require the new value to be put.

ht
7. Change the BANK_ID (more than 1 BANKID for Multientity) in dbProperties.yaml which are all

ig
needed to be inserted to the corresponding DB seed inserted with bankid '0' (Example:- DBS,01)
which will replace the $BANK_ID in ZZcreBank.sql and ZZcreBank_A.sql file present in dbseed
directory

yr
8. Now open the command prompt. Go to the util directory. Run this:
python installer.py
op
To refresh DB, give CREATE_DB = ‘N’ in dbProperties.yaml and execute the below command:
python installer.py
C
9. This would create the Database. Then it would create the tables, dbseeds, etc.
10. All logs will be formed inside the DBInstaller\util\logs
e

Note: Same steps mentioned above holds good for Windows machines as well with minor
changes. Also refer ReadMe.txt file for the steps
cl

For Authentication Microservice, Limits Microservice and Direct banking Microservice:


All the properties are same as above except for below:
na

DEH_USERNAME, DEH_USER_PWD should have DEH schema details.


NEW_USER and NEW_USERPWD should have the AUTHMS/LIMITSMS/DIRECTBANKINGMS
schema name and password.
Fi

4.3 PostgreSQL DB Creation


Please follow the below steps for creating an POSTGRESQL DB:

4.3.1 Prerequisites
1. Python 3.7.7
2. POSTGRESQL 10.13
3. Add python and PostgreSQL to PATH environment variable.
E.g.: For PostgreSQL (Unix): export PATH=/opt/postgresql-10.1/bin:$PATH$
For PostgreSQL (Windows): set PATH=C:\Program Files\PostgreSQL\10\bin

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 13 of 184
Digital Engagement Hub Installation Guide
For Python(Unix): export PATH=/opt/Python37/python.exe:$PATH$
For Python(Windows): set PATH=D:\Softwares\Python37\python.exe
4. All the directories mentioned under TS_DIR field of TABLESPACE_NAMES property present in
dbProperties.yaml file must be created with full access, before running the installer.
Example: D:/DBInstallerTest/POSTGRESDB/OCHDB11/dbs/MASTER should be created
and full access should be given to it. Similarly, for all tablespace’s directories should be
created before running the installer.

ht
5. POSTGRESQL should be present and DB server must be running before executing DB installer

4.3.2 DB Installer Running Steps

ig
1. Copy the POSTGRESQL DB Installer to any Directory, for example: POSTGRESQLInstaller
2. The contents of DB Installer are:

yr
POSTGRESQLInstaller\tables
POSTGRESQLInstaller\dbseed
POSTGRESQLInstaller \sqlScripts
POSTGRESQLInstaller \util
POSTGRESQLInstaller \data
op
C
POSTGRESQLInstaller \control
POSTGRESQLInstaller \log
3. The 'tables/postgresql' directory will be having all the table creation scripts. The
e

'dbseed/postgresql' directory will be having all the table seed scripts. The
'dbseed/postgresql/sequence' directory will be having the sequence creation script.
cl

4. The ‘util’ directory will be having the following files:


o logging.conf
na

o common_functionality.py
o installer.py
o db_functionality.py
o
Fi

dbWrapper.py
o logger.py
o prop_val_schema.py
o property_reader.py
o utilities.py
o validator.py
o validator_ut ility.py
o dbProperties.yaml
5. Open the dbProperties.yaml file. Values of below parameters must be given.
INSTALLER_DIR: Specify the directory where the DBInstaller folder is present. Eg: For Unix
'/EBANK1/postgres/DBInstaller/DEH/DBInstaller_Unix_POSTGRESQL'

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 14 of 184
Digital Engagement Hub Installation Guide
DATABASE_NAME: Specify the database name which needs to be created.
Eg:'DEV_DEH_DB'
DB_SU: Specify the super user of postgres database here. Eg: 'postgres'
DB_SU_PWD: Specify the super user password here. Eg: 'postgres1'
OS: Specify the OS name here. Accepted values are only WINDOWS and UNIX.
Eg: 'UNIX'
NEW_USER: Specify the new database user which you want to create here. Eg:

ht
'ECECUSER'
NEW_USERPWD: Specify the password which needs to be set for new user which will be
created

ig
CREATE_DB: Enter 'Y' if you want to create a new database for DEH. Enter 'N' and
mention the DEH database name as value for DATABASE_NAME, if you are running the db installer

yr
for microservices.
DB_HOST: Specify the host name here. Eg: localhost
DB_PORT:
TABLESPACE_NAMES: [ op
Specify the port number here. Eg: 5432

'MASTER','PARAM','TXN','HISTORY','WORKFLOW','IDX_MASTER','IDX_PARAM','IDX_TXN','IDX_
HISTORY','IDX_WORKFLOW']
C
TS_DIR: Specify tablespace directory name. Eg:
'/EBANK1/postgres/pg_dev_testing/OCHDB/dbs/'
e

BLANK_DB: If you want to create a blank DB without any tables, seed data and sequences,
please provide 'Y' here, else provide 'N'.
cl

DEH_USERNAME and DEH_USERPWD: Provide the DEH USERNAME and PASSWORD


to grant privileges to MS schemas. This should be same as existing DEH username and password.
na

7. Change the BANK_ID (more than 1 BANKID for Multientity) in dbProperties.yaml which are all
needed to be inserted to the corresponding DB seed inserted with bankid '0' (Example:- DBS,01)
which will replace the $BANK_ID in ZZcreBank.sql and ZZcreBank_A.sql file present in dbseed
directory
Fi

8. Now open the command prompt. Go to the util directory. Run this:
python installer.py
To refresh DB, give CREATE_DB = ‘N’ in dbProperties.yaml and execute the below command:
python installer.py
9. This would create the Database. Then it would create the tables, dbseeds, etc.
10. All logs will be formed inside the folder POSTGRESQLInstaller\util\logs

4.4 MSSQL DB Creation


Please follow the below steps for creating an MSSQL DB:

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 15 of 184
Digital Engagement Hub Installation Guide
4.4.1 Prerequisites
1. Python 3.7.7
2. MSSQL
3. Add python and MSSQL to PATH environment variable.
4 Parent directories mentioned under FILENAME field of property DB_FILES present in
dbProperties.yaml file must be created with full access, before running the installer.
Example D:/DBInstaller/SQL/TEST/data/ should be created and full access should be given to it.

ht
5. SQLServer should be present and DB server must be running before executing DB installer

4.4.2 DB Installer Running Steps

ig
1. Copy the MSSQL DB Installer to any Directory, for example: SQLServerInstaller
2. The contents of DB Installer are:

yr
SQLServerInstaller \tables
SQLServerInstaller \dbseed
SQLServerInstaller \sqlScripts
SQLServerInstaller \util
SQLServerInstaller \data
op
C
SQLServerInstaller \control
SQLServerInstaller \log
e

3. The 'tables/sqlserver directory will be having all the table creation scripts. The 'dbseed/sqlserver
directory will be having all the table seed scripts. The 'dbseed/sqlserver/sequence' directory will be
cl

having the sequence creation script.


4. The ‘util’ directory will be having the following files:
na

o logging.conf
o common_functionality.py
o installer.py
o db_functionality.py
Fi

o dbWrapper.py
o logger.py
o prop_val_schema.py
o property_reader.py
o utilities.py
o validator.py
o validator_utility.py
o dbProperties.yaml
5. Open the dbProperties.yaml file. Values of below parameters must be given.
INSTALLER_DIR: Specify the directory where the DBInstaller folder is present.
Example: For Unix '/EBANK1/sqlserver/DBInstaller/DEH/SQLServerInstaller

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 16 of 184
Digital Engagement Hub Installation Guide
DATABASE_NAME: Specify the database name which needs to be created. Example:
'DEV_DEH_DB'
DB_SU: Specify the super user of sqlserver database here. Example: ‘master’
DB_SU_PWD: Specify the super user password here. Example: 'postgres1'
OS: Specify the OS name here. Accepted values are only WINDOWS and UNIX.
Eg: 'UNIX'
NEW_USER: Specify the new database user which you want to create here. Eg:

ht
'ECECUSER'
NEW_USERPWD: Specify the password which needs to be set for new user which will be
created

ig
CREATE_DB: Enter 'Y' if you want to create a new database for DEH. Enter 'N' and
mention the DEH database name as value for DATABASE_NAME, if you are running the db installer

yr
for microservices.
DB_HOST: Specify the host name here. Eg: localhost
DB_PORT:

op
Specify the port number here. Eg: 5432
DATABASE_DIRNAME : Specify the directory where database will be created here.
DATABASE_LOGDIR: Specify the directory where log will be created.
C
DB_FILEGROUPS: [
'MASTER','PARAM','TXN','HISTORY','WORKFLOW','IDX_MASTER','IDX_PARAM','IDX_TXN','IDX_
HISTORY','IDX_WORKFLOW']
e

SQL_DRIVER: Specify your driver name here to connect to SQLServer DB


DB_FILES: Specify filegroup details under this section
cl

BLANK_DB: If you want to create a blank DB without any tables, seed data and sequences,
please provide 'Y' here, else provide 'N'.
na

DEH_USERNAME and DEH_USERPWD: Provide the DEH USERNAME and PASSWORD


to grant privileges to MS schemas. This should be same as existing DEH username and password.
7. Change the BANK_ID (more than 1 BANKID for Multientity) in dbProperties.yaml which are all
Fi

needed to be inserted to the corresponding DB seed inserted with bankid '0' (Example:- DBS,01)
which will replace the $BANK_ID in ZZcreBank.sql and ZZcreBank_A.sql file present in dbseed
directory
8. Now open the command prompt. Go to the util directory. Run this:
python installer.py
To refresh DB, give CREATE_DB = ‘N’ in dbProperties.yaml and execute the below command:
python installer.py
9. This would create the Database. Then it would create the tables, dbseeds, etc.
10. All logs will be formed inside the folder POSTGRESQLInstaller\util\logs

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 17 of 184
Digital Engagement Hub Installation Guide
5. Third-party Components Setup and Integration in DEH
This section covers the steps to be followed to install various third-party components used, and
configure DEH to integrate with these components.

5.1 Config Server


Config Server is developed on Spring Cloud Config.

5.1.1 Terminologies

ht
• Backend – is the location where configurations are stored
• Profile – is an environment, Example – at, uat

ig
5.1.2 Supported Backends
• Git – for Production

yr
Filesystem – for Development
• Vault—for Production(Optional)

5.1.3 Server Configuration

spring.config.location
• Git – application-git.yaml
op
Based on the backend chosen, configure the corresponding yaml file from externalconfig into JVM argument
C
• Filesystem – application-filesystem.yaml
• Vault – application-vault.yaml
Example:
e

-Dspring.config.location=file:///D:/Workspace/Experimental/WS/och-
configserver/application-git.yaml
cl

• Server.xml in the deployment needs to be configured with the required port number like below:
<Connector port="2020" protocol="HTTP/1.1"
na

connectionTimeout="20000"
redirectPort="8443" />
Note:
if file protocol is being used, it should contain three forward slash (‘/’), example
Fi

file:///D:/Workspace/application.yaml

5.1.3.1 Property Description


The following table describes properties under application-{backend}.yaml file

Property Default Value Description

config.server.username configuser Config server


username

config.server.password B8SBe/GIaIOYWrVVkMXkxw== Config server


encrypted password

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 18 of 184
Digital Engagement Hub Installation Guide
(unencypted value =
password)
Follow section
4.1.3.2 for
encryption related
information

spring.cloud.config.server.git.uri Git URI (Applicable -


only if using

ht
application-
git.yaml)

spring.cloud.config.server.git.searchPaths Config Search Paths

ig
(Applicable - only if
using application-
git.yaml)

yr
Spring.cloud.config.server.native.searchLocations Config Search Paths
(Applicable - only if

spring.cloud.config.server.vault.host
op using filesystem-
git.yaml)

Vault server
C
hostname
(Applicable -only if
using application-
vault.yaml)
e

spring.cloud.config.server.vault.port Vault server port


(Applicable -only if
cl

using application-
vault.yaml)
na

* for more configurations refer - https://cloud.spring.io/spring-cloud-config/reference/html/#_git_backend


*for more vault related configurations refer- $/EBanking Release 11.2/Master Documents/Release
Notes/11.12/Technical Docs/DEH11.12_Integrating_Vault_for_Config_Server.docx
Fi

5.1.3.2 Config Server Password Encryption


Use the following command to encrypt desired password
java -classpath %CLASSPATH% com.infosys.feba.framework.config.security.ConfigServerPasswordEncryptor
{password_to_encrypt}

5.1.3.3 Backend Setup


• Extract the contents of och-configserver.zip
• Create git repository or a directory based on type of backend using
• Create one or more profile directories (directory name should not contain any spaces)
• Copy the contents of och-configserver.zip into each of these profile directories.
• Modify the property values of each of the property under {profile}/{application}/application.json file

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 19 of 184
Digital Engagement Hub Installation Guide
Final Backend Directory Structure:
/{profile} (dev, prod, at)
/{service} (deh, authentication, limits, consentmanagement)
/application.json (service specific properties)
/application.json (common properties)

ht
ig
yr
op
C
5.1.3.3.1 Multi-entity Setup
• Each application.json can be configured with multiple entities.
e

• By default, there will be single entity named ‘default’ (properties.default in application.json)



cl

To add an entity add a child to properties object in application.json with enitity name.
• Multiple entities can be configured
• Entity specific can override any property from default properties.
na

Example:
{
“properties”:{
Fi

“default”: {}, # default entity


“PR1”: {} # new entitiy
}
}

application.json

5.1.3.4 Backend Setup (Vault)


• Download stable version of Vault binary from
https://www.vaultproject.io/downloads

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 20 of 184
Digital Engagement Hub Installation Guide
• Run nohup vault server -config=configLinux.hcl -address=”http://<hostname>:<port number>” &
command
• If vault haven’t been initialized yet, Initialize Vault server with vault with operator init -key-
shares=1 -key-threshold=1 command
• Run following command to unseal the vault operator unseal <your unseal key>
• Run following command to login the vault vault login <your root-token>

For more detailed Vault setup details please refer to:-

ht
$/EBanking Release 11.2/Master Documents/Release Notes/11.12/Technical
Docs/DEH11.12_Integrating_Vault_for_Config_Server.docx

ig
5.1.4 Client Configuration
5.1.4.1 Terminologies

yr
• Bootstrap property – properties required at bootstrap stage of the application, which required to
load and start the application. Loaded from system, environment and bootstrap.properties as
configured by bootstrap.properties.filepath bootstrap config with precedence System, Environment,


bootstrap.properties.
op
Application property – properties required for application.

5.1.4.2 Client Configuration for Config Server


C
Configure following bootstrap properties

Property Default Value Description


e

config.server.url Config
server url
cl

config.server.service Client
na

Application
Name (Refer
to table
4.1.4.3 for
application
Fi

names)

config.server.profile Environmen
t name to
which the
application
should be
configured
(Example at,
uat, scrum)

config.server.credential.type basic Credential


Type (Do
not modify)

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 21 of 184
Digital Engagement Hub Installation Guide

config.server.credential.basic.usernam configuser Config


e Server
username

config.server.credential.basic.password B8SBe/GIaIOYWrVVkMXkxw== Config


Server
Encrypted
password

config.server.credential.vault.token qXYDnbXFSKc/iBZwANvGRY7W1EiPqmvRqyjAC3xlbUk

ht
Vault server
= Encrypted
token
(Necessary

ig
Only when
Vault profile
is selected)

yr
5.1.4.3 Service Names for Application
Application Name

DEH
op Service Name

deh
C
Authentication authentication

Limits limits
e

Direct Banking directbanking


cl

Consent Management consentmanagement


na

Batch batch

5.2 Node.js OAuth


Fi

5.2.1 Prerequisites
Node.js v 12.19.1 LTS
• node-gyp module installed
• Below are required if the database to be configured with OAuth server is Oracle
1. Oracle instant client v19.3
http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html
2. Python 2.7 / 3.7.7
3. Visual Studio on Windows, GCC on Linux or Xcode on OS X.
4. Microsoft C++ v11 (at least)
• oAuth package (deliverable as a product deliverable)

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 22 of 184
Digital Engagement Hub Installation Guide
Product deliverable i.e. OAuth folder contains only node_modules which are product deliverables.
Other Third party modules which are required for the oAuth to work are mentioned in package.json.
During setup for the first time, these modules need to be downloaded from node registry using npm
command. For this process below is mandatory
During installation Internet connection is required by npm
OAuth Server supports both MONGO-DB and ORACLE-DB. But either one has to be configured
during installation.
To remove the build of other DB package, navigate to oAuth package->package.json->remove either

ht
mongodb or oracle (whichever is not required).
OAuth can be installed in both Linux as well as in Windows Server

ig
Once the above environment is available, please follow the remaining steps.
Copy the OAUTH Server folder (product deliverable) to the location where the OAUTH Server needs

yr
to be setup.

5.2.2 Configuration

op
OAuth application can be started in development mode or production mode. Default is development
mode. For Production setup OAuth application needs to be started in Production mode. How to start
the oAuth application in production mode is detailed here
C
***From 119, separate configuration files need to be configured based on the environment in which
node is started i.e. development and production mode. Based on the environment, application will
load the respective json file.
e

development mode → development.json


cl

production mode → production.json


*** Before starting configuration, developer should copy the contents from development.json and
na

paste in production.json. This step is to ensure the configuration file structure is same. Post that,
configurations can be done separately based on the environment.
Developer needs to configure the properties in the respective configuration file based on the mode
(development or production)
Fi

5.2.2.1 Configure Server


Value Significance
Property
XX.XX.XX.XX OAuth server ip
”ip”
Bank Identifier OAuth will replace
“LIST_OF_BANKID”
all occurrences of
BANK_ID_PLACE_
HOLDER with Bank
Identifier in
development.json
or production.json
on server startup.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 23 of 184
Digital Engagement Hub Installation Guide
true/false To enable /disable
“logger.enabled”
logging in OAuth
server

“database.name” oracle/mongodb/mssql/postgresql Configure either of


the DB supported
by OAuth Server

“server.http.serverPort” Example :8082 port on which


OAUTH server will

ht
be running in http
mode

“server.https.serverPort” Example :8083 port on which

ig
OAUTH server will
be running in https
mode

yr
“server.https.key” tls certificate key if new pem has to
be configured

op ,please mention the


path against
property key where
the pem file is
present e.g., for
C
PEM_FILE path
D:/OAuth/key.pem

“server.https.certificate” tls certificate tls certificate in pe


e

format

“server.https.passphrase” tls certificate passphrase Password with


cl

which key is
encrypted
na

“server.keys.key[…n]” “Key0”: random keys, This needs to be


configured at the
“key1”:””,
Client Side. This
“key2”:”” has to be a
Fi

cryptographically
random number
having enough
entropy. These
keys are required to
sign the data during
Authorization code
grant type.

“multipleTokensAllowed” Y(default)/N If we want to


disallow multiple
tokens for a user-
client combination,
then value should
be N. which means

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 24 of 184
Digital Engagement Hub Installation Guide
If an end-user tries
to login with the
same client in then
all the previous
tokens will be
deleted and are no
longer valid.

“agents.Xservice” / “agents.rest” PEM file and Https connection OAuth server has
pooling configuration to connect to

ht
different hosts. If
these hosts are on
https, then the
hosts tls certificate

ig
needs to be
configured in
OAuth server to

yr
have a successful
https connection.
Agent property

op here is meant to
configure
connection pooling
properties.
varied hosts, we
the

For
C
can have different
properties and
certificates. Hence
the agent
e

properties should
be configured in
cl

view of the server to


which OAuth has to
connect.
na

“cronJobForClearingUpExpiredData.enabled” ”N”/”Y”(default) This is required to


clean the expired
entries from OAuth
database. When
Fi

enabled, it will
periodically scan
the configured
tables and delete
the stale/expired
entries

“cronJobForClearingUpExpiredData.interval” "00 00 * * *" It is required to


configure the
interval at which
cron-job will scan
the oAuth tables.
The pattern can be
decided as per
requirement

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 25 of 184
Digital Engagement Hub Installation Guide

5.2.2.2 Configure DB
Depending on the DB selected please follow below steps.

Database Property

database.mongodb "db": "localhost/oauth-example"

Database.oracle "props" : {

ht
"user" : "ECECUSER",
"password" : "PASSWORD",

ig
"connectString" : "localhost/FEBADB",
"poolMin" : 1,

yr
"poolMax" : 5,
"poolTimeout": 300}

database.mssql “props": {

op "user": "ECECUSER",
"password": "PASSWORD",
C
"server": "LOCALHOST",
"database": "OCHDEVDB",
"port": 1443,
e

"pool": {
"min": 1,
cl

"max": 5,
"idleTimeoutMillis": 30000
na

}
}
Fi

database.postgresql "props": {
"user": "OAUTH_ADMIN",
"password": PASSWORD",
"connectString": "localhost:5432/OAUTHDB",
"poolMin": 1,
"poolMax": 5,
"poolTimeout": 300
}

The localhost name has to be changed to host name where database is installed.
IF ORACLE DB is selected, then following setup is required to compile the node oracle db.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 26 of 184
Digital Engagement Hub Installation Guide
Configure environment variables:

Environment Variable Value

OCI_VERSION 19 (depends of the oracle client lib)

PYTHON /usr/bin/python/Python27/python.exe

ht
System variable Value

Path oracle/instantclient; {downloaded as a part of prerequisite}

ig
*** if oracle is already installed then this has to be the first
variable in the path

yr
VS120COMNTOOLS …./Microsoft Visual Studio 12.0/Common7/Tools/
*** this will be already configured when visual studio is installed

Same system variables for UNIX and LINUX system.


op
C
For Installing Oracle Module on different OS please refer to below link
https://github.com/oracle/node-oracledb/blob/master/INSTALL.md
e

To add node-oracledb has generated modules for oracle db for respective OS, which can be referred
from here https://github.com/oracle/node-oracledb/releases
cl
na

MSSQL SERVER, Node module used in oAuth project for sql server integration is mssql : ^6.0.0 .
For more details: https://www.npmjs.com/package/mssql, https://github.com/tediousjs/node-
mssql#tedious
Fi

PostgreSQL database, node module used in oAuth is pg: ^7.10.0. Visit https://node-postgres.com/
, https://github.com/brianc/node-postgres-docs/blob/master/content/welcome.mdx for more information
and documentation.

Scripts required to created new database or migration scripts are made available as part of
release artifacts.

Delivered artifacts includes scripts for creating some clients for sanity purpose. It is advised to add to
new clients once installation is completed and delete the created clients Out of the Box. Refer to OAuth
functional document on how to add new clients.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 27 of 184
Digital Engagement Hub Installation Guide
5.2.2.3 Configuring DEH Requests in OAuth
OAuth Server does not store the End-User credentials. It communicates with third party system over
rest/http route to verify the End-User. Here third-party system can be any server which manages users
and exposes apis to validate them.
By default, OAuth server is integrated with DEH login apis to validate the End-User.
Following configurations are required to be done.
***hif here stands for Host Integration Framework.

ht
Navigate to OAuth folder→config folder →development.json or production.json
Example:

ig
Property value Explanation

“hif.ocf.common.host” $och_host$ DEH ip

yr
“hif.ocf.common.port” $och_port$ DEH port

“hif.ocf.common.path”

“hif.ocf.common.protocol”
op
$Och context path $
/Xservice

http/https
Context path of och should be
changed if required
C
“hif.ocf.common.agent” https agent name If https is configured, then agent
example XService needs to be configured. The agent
name is mapped to the agents
object in the same
e

development.json file. In the agents


object.respective client certificate
cl

and other credentials needs to be


mapped.

“hif.ocf.rest.common.host”
na

$och_host$ DEH ip

“hif.ocf.rest.common.port” $och_port$ DEH port

“hif.ocf.rest.common.basepath” $och context path $


Fi

/rest

“hif.ocf.rest.common.protocol” http/https If https is configured, then agent


needs to be configured

“hif.ocf.rest.common.agent” https agent name If https is configured, then agent


example rest needs to be configured. The agent
name is mapped to the agents
object in the same
development.json file. In the agents
object.respective client certificate
and other credentials needs to be
mapped.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 28 of 184
Digital Engagement Hub Installation Guide

och_encryption /$och context path $ This field is mandatory for


/ochencrypt encrypting sensitive fields
dauthorization code flow

Properties like hif.ocf.usecase.login.B Please configure the same


hif.ocf.usecase.login, ANK_ID=” properties in other tags like
hif.ocf.usecase.sign , BANK_ID_PLACE_HO login,sign,seclogin,getModes,utcml,
hif.ocf.usecase.secLogin, LDER” generateOtp,validateOtp
hif.ocf.usecase.getModes,

ht
hif.ocf.usecase.utcml, hif.ocf.usecase.login.U
SER_PRINCIPAL
hif.ocf.usecase.generateOtp,
=”$virtual user id$”

ig
hif.ocf.usecase.validateOtp

hif.ocf.usecase.login.
Have common params like CORP_PRINCIPAL

yr
BANK_ID, USER_PRINCIPAL, =”$corp principal of
CORP_PRINCIPAL, virtual user$”
ACCESS_CODE. Please follow
the same rule for all the above
properties
op
hif.ocf.usecase.login.
ACCESS_CODE
=”$password of virtual
user$”
C
“hif.consentMS.common.protocol” http/https
e

“hif.consentMS.common.host” $CONSENTAPPHOST Host at which Consent Management


$ microservice is running
cl

“hif.consentMS.common.port” $CONSENTAPPPORT PORT at which Consent


$ Management microservice is
na

running

“OAuth.virtualUserTokenGenerati $client_id$ A trusted OAuth client has to be


on.client_id” created by the implementation
Fi

team. By default, a value is already


“OAuth.virtualUserTokenGenerati $client_secret$ configured in the setup. This value
on.client_secret” should be used to generate a new
client (details later in the doc). Once
a new client is generated,
implementation team should
reconfigure the value with the latest
value.

“OAuth.virtualUserTokenGenerati BANK_ID_PLACE_HO Bank Identifier of the Virtual user


on.BANK_ID” LDER

“OAuth.virtualUserTokenGenerati $virtual user id$


on.USER_PRINCIPAL”

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 29 of 184
Digital Engagement Hub Installation Guide

“OAuth.virtualUserTokenGenerati $corp principal of virtual


on.CORP_PRINCIPAL” user$”

“OAuth.virtualUserTokenGenerati $password of virtual


on. user$”

5.2.2.4 Securing configuration files


Some fields in configuration file contain important data like database password etc. These have to be
encrypted in-order to protect them from misuse. OAuth setup has the capability to encrypt these

ht
properties when configured properly.
Let’s say we have configured database as oracle and need to secure, database password and

ig
connection URL. The path to these properties in development.json or production.json is
“database.oracle.props.password”, “database.oracle.props.connectString”.

yr
In order to secure these, Navigate to OAuth Folder →config folder → configManager.js. In this file, we
can see an array called as sensitiveFields. We need to add the “database.oracle.props.password”,
“database.oracle.props.connectString” in the array and then restart the application (to be covered
next). After restart the property will be encrypted
For example:
op
database.oracle.props.password = "###encbb1e255fe6ce4e0b1851ad4890ce9067”.
C
Now if we want to change the value, replace this encrypted value with the actual value and restart the
OAuth Server.
Please note:
e

The configuration in configManager.js has to be a proper mapping to the JSON structure in


development.json file.
cl

***In 119 release, changes were made to provide Bank an option to fetch sensitive credentials from a
different system, if required. So with every property definition is configmanager.js file, an adaptor name
na

is configured. By default all sensitive properties are configured with the default product adaptor with
default implementation. The adaptor implementation details are configured in a separate file called as
SecurityAdaptor.json(config folder).
With this enhancement, if the Bank thinks that the property value should not be picked from the
Fi

configuration file but from other system, then implementation team can introduce a new adaptor ,write
the implementation and configure against the property in configManager.

5.2.3 Environment variable to start OAuth server


For OAuth Implementation, we have used EXPRESS server. Express server can be started in both
development environment / production environments. Default is development environment.

For Production Setup, Oauth server has to be started in production Mode.


Steps to configure specific environment.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 30 of 184
Digital Engagement Hub Installation Guide

Environment Configuration

Windows Server Configure NODE_ENV=production


In environment variables

Linux Server Export NODE_ENV=production

ht
5.2.4 Starting Node.js OAuth Server
After the above setup is completed open the command prompt and configure npm variables in the
prompt. Please note access to internet is required in the below steps

ig
SET NODE_PATH=”d:/EBANK1/Node.js {Configure the installation path of node}
SET NPM_PATH=d:/EBANKDB1/node/lib/node_modules/npm/bin {Configure the NPM PATH based

yr
on USER}

SET PATH=%NODE_PATH%;%NPM_PATH%;%PATH%;

op
For installation on OS other than windows use relevant command instead for SET. Example
C
export NODE_PATH=/EBANK1/Node.js

Proxy details needs to be updated in servers running behind a proxy, below proxy configurations have
e

to be done for downloading node modules (valid working proxy has to be provided)
cl

>npm config set proxy <<http-proxy-address>>


na

>npm config set https-proxy <<https-proxy-address>>

>npm install node-gyp -g


Fi

Suggestion: If bank has OAuth already configured in UAT or SIT, same setup can be copied to
production server, instead of repeating these steps.

Post setting navigate to folder in which oAuthServer is kept and run


>npm install
Example: /EBANK1/oauth/oauthserver/oauth2Server npm install

If any package is not installed and error occurs install the individual packages using below command
Example: (if cookie-parser package is not available)

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 31 of 184
Digital Engagement Hub Installation Guide
>npm install cookie-parser

Once all the packages are installed without any error on the screen, copy the oauth2-server module
delivered by product inside the node_modules folder inside the Oauth setup path (eg:
D:\OAuth\DEV\AT\server\node_modules) and then oauth server can be started using following
command
>node oAuthServer.js

ht
With 11.11 release the oAuth server will have a root context /openauth for all the APIs. Please refer
to attached release document for more details:

ig
DEH11.11_317359_C
ontextBasedAPI_ReleaseNotes.docx

yr
With 11.10, the Multi-Entity changes have been incorporated in the DEH application, to do the configuration
for oAuth setup, refer to the document in the below path:

op
$/EBanking Release 11.2/Master Documents/Release Notes/11.10
Document Name: 11.10_DEH_MultiEntity_ReleaseNotes&Setup_document.docx
C
*** In 119, when the oAuth application is started for the first time, system will initialize itself as shown
below
e
cl
na
Fi

During initialization, Asymmetric Key pair of size 4096 bits is generated.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 32 of 184
Digital Engagement Hub Installation Guide
The private RSA key will be generated in
oAuth folder → keys → priv.key
This priv.key is very confidential file and sensitive file. This file needs to be copied to a secure path
and the path reference of this file, needs to be configured in
Oauth folder → config folder → SecurityAdaptor.json → SECRETS → FETCH_DEK →
configurationMap →path→ $Master_Private_key_path$
Replace $Master_Private_key_path$ with the actual key location. This path should be a

ht
complete path to key file.
Path of the private key needs to be configured because default product implementation is to fetch the
key from the configured path. Implementation team can change the implementation of

ig
(FetchKeyAdaptor.js) to fetch this key file from a different system if required.
Once the system initialization is completed and Private key file is configured properly. Launch the

yr
oAuth server again in command prompt
>node oAuthServer.js
The above step is required for developer instance. But in Production setups, it is strictly suggested to
use PM2 module. Details below

5.2.5 Server Monitoring and Clustering using PM2


op
C
For server monitoring and clustering PM2 module can be used.
To install pm2,
• Open command prompt
e

• navigate to folder where oAuth server is kept.


• Execute following command
cl

• npm install pm2


• Pm2 will be installed.
na

To start node server using PM2 use following command


• navigate to folder where oAuth server is kept
• pm2 start oAuthServer.js.
Fi

IF PM2 is used start and manage the Server, then we need to use the below command to export the
path of PM2 installation.

e.g., export PATH=/data/NodeJS-v12/lib/node_modules/pm2/bin:$PATH

Attached the complete startup script for OAuth using PM2

nodestart.txt

For further read on using PM2 refer to PM2 documentation below


http://pm2.keymetrics.io/docs/usage/quick-start/

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 33 of 184
Digital Engagement Hub Installation Guide
5.2.6 Issues with OAuth Server Setup
1. node-gyp rebuild error:

(Run the following commands in Command Prompt)


@call npm install -g express
@call npm install -g express-generator
@call npm install -g node-gyp

ht
2. Oracle DB issue (issue with tar for node-gyp rebuild)

ig
Copy the node-gyp from global (users) path to into your Node.js installed path node-modules.
1) Install the Microsoft Visual Studio Express and Python 2.7 or more.

yr
2) Install the node-gyp module using command (Note: Node.js is in /EBANK1 Partition run the
below command from command prompt from the path /EBANK1/Node.js/node_modules/npm)
Npm install node-gyp
op
3) Set the visual studio version that is installed for Node.js to use it for generating oracledb using
the below command.
C
@call npm config set msvs_version 2013 (if Microsoft Visual Studio 2013 is installed else give your
visual studio path)
4) Now npm install oracledb
e

Note: Check instantclient-basic-windows.x64-19.3.0.0.0 location in correct path as mentioned in


cl

PATH variable.
na

Note: All required configurations in development.json or production.json has to be done. Also, Linux
follows the same steps with changes in oracle installable as rpm instead of zip (for windows). PFB doc
that has installation steps in RHEL at high level.
Fi

Installation_rhel.do
cx

5.3 Redis
Redis is written in ANSI C and works in most POSIX systems like Linux, *BSD, OS X without external
dependencies. Linux and OS X are the two operating systems where Redis is developed and more
tested, and we recommend using Linux for deploying. There is no official support for Windows builds,
but Microsoft develops and maintains a Win-64 port of Redis.

For Linux and OS X, redis releases can be downloaded from following site.

https://redis.io/download
For Windows, redis binaries and MSI installer can be downloaded from following site.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 34 of 184
Digital Engagement Hub Installation Guide
https://github.com/MicrosoftArchive/redis
Redis 3.2.100 or higher should be used to ensure availability of all necessary features.

Developers can go through the below URLs to get more idea about Redis.

https://redis.io/
https://redis.io/commands

5.3.1 Standalone Redis Server

ht
5.3.1.1 Redis Configuration
Configuration Changes:

ig
1. Extracting redis tar and executing make command.

tar xvzf redis-5.0.5.tar.gz

yr
cd redis-5.0.5
make

is an optional step

2. Modify below param as required


op
Note: At this point you can test if your build has worked correctly by typing make test, but this
C
#bind 127.0.0.1 [ remove # if only to allow localhost access of this server]
or
e

bind 10.66.119.159 [ To allow access from external servers]


cl

3. Modify following line.


na

Original line: notify-keyspace-events ""


New line: notify-keyspace-events "KEA"
Fi

4. Note that you must specify a directory here, not a file name.

dir ./ --- Change it as per the installation path of Redis

dir "/EBPROF1/Redis_New/redis-5.0.5/src"

5. Following line contains the password for accessing this redis server from any client. Here
password is “foobared”. It should be long enough to prevent brute force attacks.

requirepass foobared -- Change the password

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 35 of 184
Digital Engagement Hub Installation Guide
6. And similarly uncomment masterauth and add password to protect master .

masterauth "foobared" -- Change the password

7. Commands like CONFIG, FLUSHALL should be renamed into an unguessable name, so that
normal clients are limited to a specified set of commands. This feature is available as a
statement that can be used inside the redis configuration file. For example:
rename-command FLUSHDB FLUSHDB123 ***here FLUSHDB123 is just the sample. This

ht
needs to be changed to a random value with enough entropy. Same for all the below
commands

ig
rename-command FLUSHALL FLUSHALL123
rename-command KEYS KEYS123

yr
rename-command CONFIG CONFIG123
rename-command SHUTDOWN SHUTDOWN123
rename-command BGREWRITEAOF BGREWRITEAOF123
rename-command BGSAVE BGSAVE123
rename-command SAVE SAVE123
op
C
rename-command SPOP SPOP123
rename-command SREM SREM123
e

rename-command DEBUG DEBUG123


rename-command EVAL EVAL123
cl

rename-command RENAME RENAME123


na

rename-command MEMORY MEMORY123

Start Redis Server


Fi

On Linux, following command can be used to start REDIS server. The redis.conf file contains port
number on which this server instance is running and the password required for connecting to server.

pathToRedis : /home/projadmin/redis5.0.5/redis-5.0.5/redis.conf

< pathToRedis>/redis-server <pathToRedisConfigFile>/redis.conf

5.3.1.2 DEH/Microservices Configuration


Following parameters should be set for both Application and Cache Refresh Batch Setup in Config
Server.

Property Value Description

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 36 of 184
Digital Engagement Hub Installation Guide

IS_DISTRIBUTED_CACHE_ENABLED Y To enable/disable Redis Distributed


Cache. It needs to be Y always.

DISTRIBUTED_CACHE_LOAD_AT_STA N to enable/disable cache load at


RTUP server/application startup

DISTRIBUTED_HOST Host address where redis server is running

DISTRIBUTED_PORT Port on redis host where redis server can


listen to requests

ht
DISTRIBUTED_PASSWORD Password that is configured on redis server

ig
DISTRIBUTED_CACHE REDIS indicates the cache type. For redis cache
the value will be REDIS

yr
DISTRIBUTED_TIMEOUT 0 value is set to 0 which means, any
connection that has been initialized to redis
will be kept by redis even if the connection
initialized by the client is down

5.3.2 High Available Redis Server


op
C
e
cl
na
Fi

1. Master, slaves and sentinels are started individually.


2. Sentinels (sentinel 1, sentinel 2 and sentinel 3) runs and monitors the redis master/slaves
(master, slave-1 and slave-2). There is no mandate that all the Sentinel Instances and Redis
Instances to be on the same machine.
3. DEH/Microservice (Jedis client) interacts with the sentinels to get the connection for master
from the sentinel pool which maintains pool of connections for connecting the master instance.
4. When the DEH/MS client performs some CRUD operations on the redis data set of master
instance, in parallel same will be performed on the slave instances.
5. Replication of data in slaves from master will happen continuously.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 37 of 184
Digital Engagement Hub Installation Guide
6. In case of some failure if master instance goes down, sentinels takes the responsibility of
bringing up one of the slaves as new master and sentinel pool which is holding the pool of
connections for master will be updated accordingly.

5.3.2.1 Redis HA Configuration


In addition to configurations mentioned for standalone redis, following additional configurations needs
to be done for high availability for Redis.

The below mentioned configurations needs to be done in redis.conf which comes with redis
installable.

ht
ig
Redis Configurations:

1. protected-mode yes

yr
By default, protected mode is enabled. You can disable it only if you are sure you want clients from
other hosts to connect to Redis even if no authentication is configured.

2. requirepass <<master-password>>

op
Require clients to issue AUTH <<master-password>> before processing any other commands.

3. masterauth <<master-password>>
C
If the master is password protected (using the "requirepass" configuration directive) it is possible
to tell the slave to authenticate before starting the replication synchronization process, otherwise
the master will refuse the slave request.
e

Note: This is required only for slave and not for master instance.

4. dbfilename “dump.rdb”
cl

The default filename of the DB dump, it can be changed accordingly if required.


na

5. dir ./

The DB will be written inside this directory, with the filename specified above using the 'dbfilename’
configuration directive. This can be changed if the DB dump needs to be saved in some other
directory.
Fi

6. replicaof<masterip> <masterport>

Use replicaofto make a Redis instance a copy of another Redis server.

Note: This is required only for slave and not for master instance.

7. maxclients 10000

By default, this limit is set to 10000 clients, however if the Redis server is not able to configure the
process file limit to allow for the specified limit the max number of allowed clients is set to the
current file limit minus 32. Once the limit is reached Redis will close all the new connections
sending an error 'max number of clients reached'.

8. maxmemory <bytes>

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 38 of 184
Digital Engagement Hub Installation Guide
Set a memory usage limit to the specified amount of bytes. When the memory limit is reached
Redis will try to remove keys according to the eviction policy selected (see maxmemory-policy).

9. maxmemory-policy noeviction

By default, max memory policy is set to noeviction if it was not configured to some other max
memory policy. It doesn’t evict anything, just return an error on write operations.

10. Modify following line.

Original line: notify-keyspace-events ""

ht
New line: notify-keyspace-events "AKE"

Note: configuration rename-command should be commented in redis.conf to support High Availability

ig
for Redis for version 3.2. But for version 5.0.5 even sentinel support rename commands. So
configuring the same renamed commands in sentinel.conf will make the rename command work in
HA mode.

yr
Sample configurations to be made in sentinel.conf below

op
sentinel rename-command mymaster CONFIG CONFIG123 ***here CONFIG123 is just the sample.This needs
to be of same value as the value configured against rename-command config command in redis.conf file. The same
instructions stands for below commands as well
C
sentinel rename-command mymaster SPOP SPOP123

sentinel rename-command mymaster DEBUG DEBUG123


e

sentinel rename-command mymaster RENAME RENAME123

sentinel rename-command mymaster SAVE SAVE123


cl

sentinel rename-command mymaster FLUSHDB FLUSHDB123


na

sentinel rename-command mymaster EVAL EVAL123

sentinel rename-command mymaster SHUTDOWN SHUTDOWN123

sentinel rename-command mymaster BGREWRITEAOF BGREWRITEAOF123


Fi

sentinel rename-command mymaster KEYS KEYS123

sentinel rename-command mymaster BGSAVE BGSAVE123

sentinel rename-command mymaster FLUSHALL FLUSHALL123

sentinel rename-command mymaster MEMORY MEMORY123

Command to start the Redis server instance is as follows:

< pathToRedis>/redis-server <pathToRedisConfigFile>/redis.conf

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 39 of 184
Digital Engagement Hub Installation Guide
Note: In a Redis high availability we need to start multiple instances of redis like (master and slaves)
and all needs to be started individually with the above command.

For Example, If a master is running on port number 6381 and the same needs to be configured in
redis.conf of the master redis instance.

Command for Starting Master Redis Instance: nohup ./redis-server ./redis-master/redis.conf &

Similarly, if the slaves are running on port numbers 6382,6383 and the same needs to be configured
in redis.conf of the slave redis instances.

ht
Commands for Starting Slave Redis Instances:

Slave 1 running on port number 6382: nohup ./redis-server ./redis-slave1/redis.conf &

ig
Slave 2 running on port number 6383: nohup ./redis-server ./redis-slave2/redis.conf &

yr
Sentinel Configurations:

All the below mentioned configurations needs to be done in sentinel.conf file of Redis installable and
which will be passed while starting sentinel.

1. protected-mode no op
Uncomment following sentinel configuration file by removing “#” at the start of the line.
C
2. sentinel monitor < master-name > <ip> <port> <quorum>

The quorum is the number of Sentinels that need to agree about the fact the master is not
e

reachable, in order for really mark the slave as failing, and eventually start a fail over procedure if
possible.
cl

However, the quorum is only used to detect the failure. In order to actually perform a failover, one
of the Sentinels need to be elected leader for the failover and be authorized to proceed. This only
happens with the vote of the majority of the Sentinel processes.
na

ip is the IP Address of the Redis Master instance and port is the port number on which Redis
Master instance is running.

master-name is the name given to Master instance and tells sentinel to monitor this master.
Fi

1. sentinel auth-pass < master-name > <master-password>

master-password: Password of the Redis Master instance.

authpass: Used to authenticate with the master and slaves and useful if there is a password set in
the Redis instances to monitor.

Note: Master password is also used for slaves, so it is not possible to set a different password in
masters and slaves instances if you want to be able to monitor these instances with Sentinel.

1. sentinel parallel-syncs <master-name> <numslaves>

parallel-syncs: Sets the number of slaves that can be reconfigured to use the new master after a
failover at the same time. The lower the number, the more time it will take for the failover process
to complete, however if the slaves are configured to serve old data, you may not want all the slaves

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 40 of 184
Digital Engagement Hub Installation Guide
to re-synchronize with the master at the same time. While the replication process is mostly non-
blocking for a slave, there is a moment when it stops to load the bulk data from the master. You
may want to make sure only one slave at a time is not reachable by setting this option to the value
of 1.

1. sentinel failover-timeout <master-name> <milliseconds>

The maximum time a failover in progress waits for all the slaves to be reconfigured as slaves of
the new master. However even after this time the slaves will be reconfigured by the Sentinels
anyway.

ht
1. sentinel down-after-milliseconds <master-name> <milliseconds>

No of milliseconds the master should be unreachable in order to consider it down.

ig
Command to start a redis-sentinel instance is as follows:

yr
< pathToRedis>/redis-server <pathToRedisConfigFile>/sentinel.conf –-sentinel.conf

For Example, suppose there are 3 sentinels running and commands for starting the 3 sentinels is
shown below:
op
Sentinel 1: nohup ./redis-server ./sentinel1/sentinel.conf --sentinel&

Sentinel 2: nohup ./redis-server ./sentinel2/sentinel.conf --sentinel&


C
Sentinel 3: nohup ./redis-server ./sentinel3/sentinel.conf --sentinel&

5.3.2.2 DEH/Microservices Configuration


e

Following parameters should be set accordingly in Config Server


for both Application and Cache Refresh Batch Setup.
cl

Property Value Description


na

IS_DISTRIBUTED_CACHE_ENABLED Y To enable/disable Redis Distributed


Cache. It needs to be Y always.

DISTRIBUTED_CACHE_LOAD_AT_STA N to enable/disable cache load at


Fi

RTUP server/application startup

DISTRIBUTED_PASSWORD Password that is configured on redis server

DISTRIBUTED_CACHE REDIS indicates the cache type. For redis cache


the value will be REDIS

DISTRIBUTED_TIMEOUT 0 value is set to 0 which means, any


connection that has been initialized to redis
will be kept by redis even if the connection
initialized by the client is down

IS_DISTRIBUTED_CACHE_CLUSTERED Y enable/disable Redis Distributed Cache in


high availability mode

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 41 of 184
Digital Engagement Hub Installation Guide

DISTRIBUTED_CACHE_SERVICE_REGI List of sentinel address (Sentinel IP


STRY Addresses along with Port No’s on which
sentinels are running) with each separated
by Pipe separator
<Sentinel1IPAddr>:<Sentinel1PortNo>|<S
entinel2IPAddr>:<Sentinel2PortNo>|<Sent
inel3IPAddr>:<Sentinel3PortNo>|

DISTRIBUTED_CACHE_SERVICE_REGI is the master name given to the Redis

ht
STRY_MASTER_NAME Master instance in the sentinel
configurations. The same master-name
has to be provided in the EB/OCH

ig
configurations as well and configuration of
master-name is mentioned below in the
Sentinel Configurations section

yr
5.3.3 Troubleshooting

1. How to access Redis server using Redis client for debugging purpose?

op
The following command is used to connect to redis-server using redis-client. The same setup
which is used to start the server instance is used to start a client.

<pathToRedis>/redis-cli -h <hostname> -a <password> -p <hostport>


C
For Example, On Linux machine, following command can be used to connect to REDIS server
using redis-client.
e

./redis-cli -h localhost -a foobared -p 5657

Following are some basic client side commands:


cl

Command Description
na

KEYS * It returns all the keys stored in REDIS.

DBSIZE It returns count of all keys stored in REDIS.


Fi

It returns all keys stored in REDIS which start with


KEYS DBS:*
prefix "DBS".

GET It returns binary/string value for


DBS:COMMONCODECACHE:DBS001FEV key=DBS:COMMONCODECACHE:DBS001FEV.

For more information regarding installation and various commands refer https://redis.io.

2. How to access sentinel using Redis client for debugging purpose?

The following command is used to connect to sentinel using redis-client. The same setup which is
used to start the server instance is used to start a client.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 42 of 184
Digital Engagement Hub Installation Guide
<pathToSentinel>./redis-cli -h <hostname> -a <password> -p <hostport>

For Example, on Linux machine, following command can be used to start REDIS client and
connect to Sentinel.

./redis-cli -h localhost -a foobared -p 16381

5.4 Graylog
5.4.1 Integration for Logging

ht
log4j.xml file is configured with Graylog appender which is provided by log4j-gelf-1.3.2 library.
Graylog provides attributes attributes in the appender configuration to specify the protocol, as
GelfAppender supports TCP and UDP, queue-size, buffer-size, filters which needs to be configured in

ig
EB/OCH for integrating with graylog server hosted.

yr
<Gelf name="gelf" graylogHost="udp:192.168.99.100" graylogPort="12203"
ignoreExceptions="false" extractStackTrace="true">

<Field name="level" pattern="%level" />


op
<Field name="timestamp" pattern="%d{dd MMM yyyy HH:mm:ss,SSS}" />

<Field name="simpleClassName" pattern="%C{1}" />


C
<Field name="className" pattern="%C" />
<Field name="server" pattern="%host" />
<Field name="server.simple" pattern="%host{simple}" />
e

<Field name="server.fqdn" pattern="%host{fqdn}" />


cl

<Field name="server.addr" pattern="%host{address}" />


<Field name="source" literal="OCH" />
na

<Field name="loggerName" pattern="%c" />


<Field name="mdcField1" mdc="mdcField1" />
<Field name="mdcField2" mdc="mdcField2" />
Fi

</Gelf>
In the above configuration graylogHost will be the host on which graylog server is running and also
the protocol on which the graylog Port where logs need to be sent to, graylogPort is the port where
logs need to be sent. These configurations need to be changed as per how we expose the ports at
graylog server end for reporting.
As per above example configuration graylog server is hosted on 192.168.99.100 and the port for which
we want the logs to be sent on graylog server is 12203 which is a UDP protocol port.

5.4.2 Integration for Metrics


GraylogReporter is enabled in DEH and Microservice application to send application metrics data to
Graylog. Metrics-gelf library is used for reporting. MetricConfig.xml contains required configuration to
enable or disable graylog reporter.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 43 of 184
Digital Engagement Hub Installation Guide
<Param name="ENABLE_METRICS" value="Y" />
.
.
<Param name="DW_METRIC_GRAYLOG_REPORTER"
value="com.infosys.feba.framework.common.metrics.reporters.FebaDropWizardGrayLogRep
orter"
enable="Y" />

ht
.
.

ig
<Params name="DW_METRIC_GRAYLOG_REPORTER">
<Param name="GRAYLOG_METRICS_PERSIST_DB_HOST" value="<graylog-host>" />

yr
<Param name="GRAYLOG_METRICS_PERSIST_DB_PORT" value="<graylog-port>" />
<Param name="SOURCE" value="<source-of-metric-data>" />
</Params>

5.4.3 Elastic Integration for Metrics op


ElasticReporter is enabled in OCH and Microservice application to send application metrics data to
C
Elastic. MetricConfig.xml contains required configuration to enable or disable elastic reporter.

<Param name="ENABLE_METRICS" value="Y" />


e

.
cl

.
<Param name="DW_METRIC_ELASTIC_REPORTER"
na

value="com.infosys.feba.framework.common.metrics.reporters.FebaDropWizardElasticRepor
ter"
enable="Y" />
Fi

.
.
<Params name="DW_METRIC_ELASTIC_REPORTER_CONFIG">
<Param name="ELASTIC_METRICS_REPORT_FREQ" value="10" />
<Param name="ELASTIC_METRICS_PERSIST_DB_HOST" value="elastic-host" />
<Param name="ELASTIC_METRICS_PERSIST_DB_PORT" value="9200" />
</Params>

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 44 of 184
Digital Engagement Hub Installation Guide
5.4.4 Graphite Integration for Metrics
GraphiteReporter is enabled in OCH and Microservice application to send application metrics data to
Graphite. MetricConfig.xml contains required configuration to enable or disable graphite reporter.
<Param name="ENABLE_METRICS" value="Y" />
.
.
<Param name="DW_METRIC_GRAPHITE_REPORTER"

ht
value="com.infosys.feba.framework.common.metrics.reporters.FebaDropWizardGraphiteRep
orter"

ig
enable="Y" />
.

yr
.
<Params name="DW_METRIC_GRAPHITE_REPORTER_CONFIG">

op
<Param name="DISABLE_DISPLAY_SPL_CHARS_IN_URL" value="Y"/>
<Param name="GRAPHITE_METRICS_REPORT_FREQ" value="5" />
<Param name="GRAPHITE_HOST" value="fmbzorro" />
C
<Param name="GRAPHITE_PORT" value="2003" />
<Param name="PREFIX_IN_GRAPHITE" value="och.microservices" />
</Params>
e

• DISABLE_DISPLAY_SPL_CHARS_IN_URL is for enabling/disabling the special characters in


cl

graphite UI. By default, it is suggested to have the value as ‘Y’ so that special characters are
disabled so that graphite can resolve the rendering properly.
na

• GRAPHITE_METRICS_REPORT_FREQ indicates the frequency at which the metrics needs to


be reported (in seconds). In the above example after every 5 seconds metrics needs to be
reported.
Fi

5.5 Load Balancer


This section covers the configurations to be done and steps to be followed to start load balancer. DEH
has been tested with below Software Load Balancers.
• HAProxy
• Apache
• NGINX
All these load balancers require backend service information to be provided as configurations which
is used for serving requests and load balancing purpose.
Below sections covers setup and configuration for the same.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 45 of 184
Digital Engagement Hub Installation Guide

5.5.1 HAProxy
HAProxy can be downloaded from http://www.haproxy.org/#down. For 2.0.17 version of HAProxy, we
need to compile the executable, from the sources provided in the same link under version 2.0.17.
Once the download or build is completed, the admin can create a user group as ha-proxy and
configure a user in this group. The same user can be used to start ha-proxy. The main template file
where configuration has to be done for ha-proxy ends with .cfg for example haproxy.cfg file.

ht
HAProxy runs only in Unix environment.
The steps to install it from the source is explained below:
Steps to make and install

ig
$ tar xzvf ~/haproxy-2.0.17.tar.gz -C ~/
$ cd ~/haproxy-2.0.14
$ make clean

yr
$ sudo make -j $(nproc) TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1
$ sudo make install

Setting up HAProxy for your server


op
Next, add the following directories and the statistics file for HAProxy records.
C
$ sudo mkdir -p /etc/haproxy
$ sudo mkdir -p /var/lib/haproxy
$ sudo touch /var/lib/haproxy/stats
e

Create a symbolic link for the binary to allow you to run HAProxy commands as a normal user.
$ sudo ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
cl

If you want to add the proxy as a service to the system, copy the haproxy.init file from the examples
na

to your /etc/init.d directory. Change the file permissions to make the script executable and then
reload the systemd daemon.
$ sudo cp ~/haproxy-2.0.17/examples/haproxy.init /etc/init.d/haproxy
$ sudo chmod 755 /etc/init.d/haproxy
Fi

$ sudo systemctl daemon-reload

For general usage, it is also recommended to add a new user for HAProxy to be run
under.

$ sudo useradd -r haproxy

Setting up the haproxy.cfg file:

Please refer to the deliverable loadbalancerConfig.zip from Deliverables for the HAProxy
sample configuration file.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 46 of 184
Digital Engagement Hub Installation Guide

Copy the content from the deliverable for HAProxy loadbalancer config file and make the
necessary changes of the IP and port for corresponding service in the file and create a file
on the haproxy server with the command below and paste the content:

$ sudo vi /etc/haproxy/haproxy.cfg

Start the HAProxy service:

ht
$ sudo systemctl restart haproxy

ig
5.5.2 NGINX
NGINX (1.18.0) can be downloaded from following website http://nginx.org/en/download.html

yr
Installation steps below for Linux server:
The method described below is based on compiling Nginx from source. Alternatively Admin can help
to install via package manager also.

Installing dependencies using yum:


op
C
# yum install -y zlib zlib-devel pcre prce-devel openssl openssl-devel

Download the nginx tar file and extract the tar file:
e

# tar xfvz nginx-1.18.0.tar.gz


cl

Add a user nginx:

# useradd nginx
na

Configure:

# ./configure --help ( You will get help regarding configure such as modules to be
Fi

installed )

–prefix= for specifing the directory which we want to install nginx. Here we used /opt/nginx/

Here in we configure following configuration with some necessary modules.

# ./configure --user=nginx --group=nginx --prefix=/opt/nginx --with-http_gzip_static_modu


le --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-file-aio --wi
th-http_realip_module --without-http_scgi_module --without-http_uwsgi_module --with-http_
realip_module

Install the configured:

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 47 of 184
Digital Engagement Hub Installation Guide

# make
# make install

Configuring Nginx for accessing the applications:

Please refer to the deliverable loadbalancerConfig.zip from Deliverables for the HAProxy
sample configuration file. We can remove the /opt/nginx/conf/nginx.conf and use the one from

ht
the deliverable with changing the IP and Port as per the installation.

ig
Start Nginx server:

Nginx executable is located under /opt/nginx/sbin directory. Just call this executable to

yr
start the nginx server.

cd /opt/nginx/sbin

./nginx
op
C
Once you start this, you’ll see the nginx “master process” and “worker process” if you do ps.
e

# ps -ef | grep -i nginx


cl

To stop the Nginx server, do the following.


na

cd /opt/nginx/sbin
Fi

./nginx -s stop

To view the current version of nginx, do the following:

# ./nginx -v

nginx: nginx version: nginx/1.8.0

To debug issues, view the error.log and access.log files located under /usr/local/nginx/logs

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 48 of 184
Digital Engagement Hub Installation Guide

# ls /opt/nginx/logs/

access.log

error.log

nginx.pid

ht
5.6 X9Ware Tool for NACHA File Validation
X9WareSDK tool APIs are integrated in product to validate NACHA rules.

ig
This feature will enable system to validate a ACH NACHA file at upload time and
display file content to user in readable format.
This jar is a licensed jar and separate license needs to be bought for this.

yr
Please visit https://x9ware.com/ for purchasing license for x9ware tool.
Jar Name: X9WareSDK-R4.02-2019.10.04.jar

op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 49 of 184
Digital Engagement Hub Installation Guide
6. Common Property Configurations
6.1 Preface
Bundling release artifacts with properties files prevents us from varying configuration across
environments while still maintaining immutable release artifact. It is considered to be anti-patterns for
the cloud.

6.2 4.2 Configuration Separation and Externalization

ht
6.2.1 External Configurations
6.2.1.1 Configuring Basic Properties in Product
The configuration for basic properties needs to be done by taking the properties from the “profileconfig”

ig
folder in the “automation” project in GIT repository.
We will be maintaining profile specific properties for the same in this project. Such as at, scrum, idi
etc.,

yr
6.2.1.2 Configuring Sensitive Properties in Product
From 119, it is not mandatory to configure the required properties in DEH. Suppose bank wants to

op
configure Sensitive properties like Database Password, API key etc. in other key management
system then this is made achievable in DEH. Detailed steps to understand this feature is mentioned
in feature document FNEB11.9_CredentialConfigurationFramework.docs. Old utility to generate
encrypted data for secure property values has been made obsolete. For properties to be configured
C
securely out-of-box, product is providing a new utility.

1. Now we will use a new utility (SecurePropertyGenerationUtility) to generate encrypted values


e

.
cl

The utility details are as below:


Main class: com.infosys.feba.framework.security.util.SecurePropertyGenerationUtility
Program argument: -KEY_BASE_LOCATION; public, private and symmetric keys will be
na

generated in this location


VM Argument: -DFEBA_SYS_PATH, location of data folder.

Find below attached demo batch/shell file (copied to text format) for reference.
Fi

SecurePropertyGen SecurePropertyGen
erationUtility.sh.txt erationUtility.bat.txt

6.2.1.2.1 Generating Keys


By-default product recommends generating RSA key-pair of size 4096 and AES key-pair of size 256 bits. But
the Java version 8, supports only 128 bits by default, that is the sole reason the default value of AES key size
is 128 in
AdapterConfig.xml → AdapterConfig → Secrets → Secret → symmetric-keysize → 128

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 50 of 184
Digital Engagement Hub Installation Guide
We strongly recommend that during implementation the default key size should be changed
to 256 after consulting with Bank and downloading the required JCE unlimited poicy jars
for the respective java.

Recommendation
AdapterConfig.xml → AdapterConfig → Secrets → Secret → symmetric-keysize → 256
Run.bat/.sh File and follow the below instructions

6.2.1.2.1.1 Generate Master Asymmetric Keys

ht
ig
yr
op
C
e
cl
na

The above process will generate two keys in the configured path
-DKEY_BASE_LOCATION=$Path where key should be generated$\keys (this is specified in the arguments
before running the tool)
Fi

6.2.1.2.1.2 Configure Generated Public Key


Public key will be used for encryption and can be configured in the same setup. This is only used by the
encryption setup and not during decrypting the encypted values
Generated Public key should be configured in
extension → security → KeysConfig → Keys → Key → value →$MASTER_PUBLIC_KEY_VALUE$

KeysConfig.xml

Replace $MASTER_PUBLIC_KEY_VALUE$ with the value of generated Public key.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 51 of 184
Digital Engagement Hub Installation Guide
<Key id="masterPublicKey">
<value>{value of master rsa key}</value>
</Key>

6.2.1.2.1.3 Configure Generated Private Key


Private key are very confidential keys. These needs to be protected by the Bank. They can be kept in a
separate system which is configured safe by the bank. Also required access control needs to be implemented
by the bank to ensure its security.

ht
By-default in Product, this file is placed in the file-system and the path of this key needs to be configured as
below

ig
extension →security →AdapterConfig.xml→Secrets→ Secret
name="FETCH_ASYMMETRIC_KEY_ENCRYPTION_KEY"> → configuration name="path"
value="$MASTER_PRIVATE_KEY_PATH$"/> Replace $MASTER_PRIVATE_KEY_PATH$ with the path where

yr
generated Private key is placed.

AdapterConfig.xml

<Secrets>
op
C
<Secret name="FETCH_ASYMMETRIC_KEY_ENCRYPTION_KEY">
<configurations>
<configuration name="path" value="$path$\\RsaPrivateKey.key " />
e

</configurations>
</Secret>
cl

</Secrets>
*** It is very important to understand that the default implementation in adaptor
na

FETCH_ASYMMETRIC_KEY_ENCRYPTION_KEY is to fetch the key from the configured path.


Therefore if this private key is kept in a different system, then the implementation in
the FETCH_ASYMMETRIC_KEY_ENCRYPTION_KEY needs to be changed to read the value from the
desired system. This is the only implementation Bank may have to do if they want to go
Fi

with product default behavior.


We are done!!!.

6.2.1.2.2 Generating Symmetric keys


Like Asymmetric keys. product also supports generating symmetric keys and encryption-decryption of keys
with Symmetric keys.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 52 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
6.2.1.2.3 Encrypting Property values

Run.bat/.sh File and follow the below instructions


e

1. Select Option Encrypt data


cl

2. Select encrypt using Asymmetric key.


3. Enter the desired property value to be encrypted
4. The tool will display the encrypted value. This encrypted value needs to be configured against the
na

property value for the respective property.


Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 53 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
*** This is a manual process and needs to be done by the implementation team for each sensitive property
which is configured with an adaptor.
C
Key generation and configuration needs to be mandatorily done freshly during every stage i.e. Development
→ UAT → Production. It is strongly suggested that keys generated for Development area should be different
than the keys generated for Production.
e

6.2.1.2.4 Decrypting Values


cl

For encryption to happen, Application needs RSA public key. For decryption process, RSA private key needs to
be available.
na

Run.bat/.sh File and follow the below instructions


1. Select Option Decrypt data
2. Select Decrypt using Asymmetric key.
Fi

3. Enter the encrypted property value


4. The tool will display the decrypted value.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 54 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
6.2.1.3 HIF Files Changes
we have locked all the HIF files other than Host and Request Resolver files. If the
e

customization team has to updated any HIF file, they will create a new Custom file
corresponding to the HIF file. The new Custom file entry has to be added in
cl

extension/hif/config/EB_HIF.xml file as part of fileNames attribute in the end. The custom file
entry will override the existing file entry. In host file, they are allowed to update the value as
these will be changed always. If customization team needs to add any new Host, they have
na

to add in custom Host files.


As request resolver files will be used mainly for customization so these files are also not
locked.
Fi

***From 119, changes are made how Sensitive fields be configured in HIF files. Refer to
data/security/SecureConfig.xml → <Config type="hif"> for all the configuration whose value
must be encrypted.

The value must be configured in extension/hif/EB_HIF.xml and


extension/hif/config/HIF_{version}_Host.xml. Refer to following example

EB_HIF.xml HIF_10219_Host.xml

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 55 of 184
Digital Engagement Hub Installation Guide
6.2.1.4 Points to Remember
1. Customization Teams:
a. Introduce new custom property file:
i. File Name must start with Custom.
ii. File should be added to CustomPropertyFileList.xml under data folder.
b. Introduce new custom property:
i. Internal:
1. Property Name must start with Custom_
2. Property must be added to custom property file only.
3. Some property might not be externalized but its allowed for

ht
customization. These properties should be overridden in Custom
file.
ii. External:
1. Property Name must start with Custom_

ig
2. Property must be added to external configuration JSON file.

c. Modify product property:

yr
i. Properties which are not in encrypted file can be modified.
ii. Properties which are in external configuration JSON files can be modified.
iii. The Property Which are not in external Configuration JSON file, but entry is

op
present in ExternalConfig.xml, then those properties can be modified
through any of the two new files. 1) CustomExternalProp.properties 2)
CustomExternalXmlProp.xml
C
2. Development team:
a. Introduce new property file:
i. Internal: Property file name should be added in
e

build/resource/data/encryptedFileList.txt
ii. External: Property file should be not encrypted (If all the property can be
cl

customized).
iii. If some of the property is related to product and some can be
externalized/customized, then the property file should be encrypted and the
na

property which needs to externalized/Customized should be added to


External Allowed list in ExternalConfig.xml file.
b. Introduce new property:
i. Internal: Property should be maintained in internal property file.
ii. External:
Fi

1. Property should be maintained in corresponding configserver


application.json file
2. Property name should be added in ExternalConfig.xml under
ALLOWED_PARAMS section.

Note: If during customization, if any property needs to be customized which is not in allowed
List. Then the implementation team has to come back to product to make the property allowed
to be customized.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 56 of 184
Digital Engagement Hub Installation Guide

6.2.1.5 Error Scenarios


Scenario Error Message
"IO Exception while reading folder : <External Config
If any error happens while accessing the external files. Folder Path>"
If any of the External Json file is missing "File Not Found : <Path of the Json file>"
If any property added in json file which is not allowed "<Property Name> - is not added in external
and it’s not a custom attribute configuration file or is not custom property"

ht
"<Property Name> is a Mandatory Property, Value
If any Mandatory Property is Blank cannot be empty"
If Any Mandatory Property is not updated and it has "<Property Name> is a Mandatory Property, Must be a

ig
still its default value $<Value>$ proper value"
If New Property is added and it does not start with <Property Name> - not Allowed to modify or not starting
Custom_ . with custom_"

yr
If a New file is added which does not starts with
Custom prefix. <File Name> - should start with custom

6.3 Important Configurations


a. Data Folder:
op
i. In SequenceGenerator.properties and FBASequenceGenerator.properties,
C
Key should end with the given $BANK_ID$. Do not replace with Bank_id.

ii. License configurations are as per Bank ID. As per the Current License, it will
work for Bank ID 'DBS'. If the Bankid is other than 'DBS', LicenseGenerator
e

needs to be executed corresponding to new BankId to generate the license file


and it is to be kept in data/lic folder.
cl

In Data Folder, the below files are available in lic Folder.


LicenseBackup.dat
na

b. Config Server:
Fi

i. DB_PWD_ENCRYPTION_ALGO_REQUIRED - If the database password is


using single encryption mechanism, then the change the below parameter to N.
(Ex: if password is vkgadm i.e. plain password without encryption, this
parameter should be changed to N).

c. extension/EB_HIF.xml:
i. HIF_FILENAMES - Change the entry fileNames to use correct host configuration
ii. Depending upon the host configured for HIF_FILENAMES, please make host
changes in the same file.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 57 of 184
Digital Engagement Hub Installation Guide
6.4 Host Integration Setup
OTB product provides transformers required to integrate with various versions of Finacle Core as
backend system. Since all versions are not required for any given implementation, follow the below
steps to copy required transformers (only for DEHdata.zip/DEHAdmindata.zip)
Under hif of data directory, there are multiple versions of transformers available. Which are now
generated as part of different deliverable called. DEHHostTransformers.zip containing multiple
directories.
1. DEHhostTransformers.zip contains the list of directories for each message file. You can

ht
copy only required transformers based on the Message files configured for HIF_FILENAMES
folder. This is a one-time activity. Need to be automated for daily deployment.

ig
2. Transformers directory in data.zip for DEH and DEHAdmin contains only utils by default.
As highlighted in the below screen shot

yr
Note: Old path is data\hif\product\transformer - New path is data\hif\host\default\transformer.

op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 58 of 184
Digital Engagement Hub Installation Guide
7. Common Data Configurations
7.1 Terminologies
• data directory – directory which consists of product files and properties
• extension directory – directory where custom files should be maintained. All the new files created by
the customization teams should be placed here and can be accessed with api
DataFileResolver.getCustom({context}, {filePath})
• merge directory – directory used by the application for intermediate file generation, Used to merge

ht
files from data and extension directory to create final file which application loads.

7.2 Configuration

ig
All the following configurations are JVM arguments whose value is directory path

• data directory – FEBA_SYS_PATH

yr
• extension Directory - FEBA_EXTENSION_DIRECTORY
• merge Directory - FEBA_MERGE_DIRECTORY
Ex: -DFEBA_SYS_PATH=D:/deh/WorkingDirectory/data

op
-DFEBA_EXTENSION_DIRECTORY=D:/deh/WorkingDirectory/extension
-DFEBA_MERGE_DIRECTORY=D:/deh/WorkingDirectory/merge
C
7.3 Customization
e
cl
na
Fi

Refer to data/data-configuration.yml file for customization details.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 59 of 184
Digital Engagement Hub Installation Guide
7.3.1 data-configuration.yml
• This file is only for product team and should be modified by the customization teams. It is read-only
reference to customization teams.
• data-configuration.yml file is product file used to generate
com.infosys.feba.framework.common.data.DataFileResolver converting each resource into a method
method. DataFileResolver should be used to access any file.
• Under resource section of data-configuration.yml file listed all the files used by the application.
• Each resource contains multiple fields against them, refer to below table for more information

ht
Name Possible Values Description

ig
file {File or directory Path} file or directory path relative to
data directory
(Ex: BatchConfig.xml)

yr
include {File name Pattern} If the value for field file is
directory, then this field is

op mandatory which indicates the


pattern of file to be included from
that directory
(Ex: *.*, *.xml, *Transformer.hif)
C
type product, customizable Product – indicates it is product
file and is not allowed to
customize
e

Customizable - indicates this file


can be customized.
cl

loadStrategy merge, override If the file is marked customizable,


then this field indicates whether
na

the file should be customized as


whole or part of the file.
Fi

merge – indicates part of the file


can be customized. When
application try to access this file,
DataAccessFramework checks
whether file with same name is
present in extension directory. If
present it tries to merge both
product file and file in extension
directory and creates final file
under merge directory and this
file is served.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 60 of 184
Digital Engagement Hub Installation Guide
override – indicates entire file to
be customized. When application
try to access this file,
DataAccessFramework checks
whether file with same name is
present in extension directory. If
present then file present In
extension directory is served.

profileBased true, false Indicates whether the file is

ht
enabled for multi entity.

7.3.2 Multi-entity

ig
• profileDetails.xml should be created under extension directory.
• Profile/Entity directories should be created under extension directory.

yr
• Refer to previous section on how to check whether file is allowed for multi-entity or not.

op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 61 of 184
Digital Engagement Hub Installation Guide
8. Installation Steps on IBM WAS
8.1 System Requirements
Software: IBM WAS 9.0.0.10 with JDK 1.8
WAS by-default does not allow, RSA key size of 4096. For configuring properties, Product defaults RSA keysize
to 4096. Thereby below step is required to be done

In WAS JRE we need to update the security policy jars (local_policy.jar, US_export_policy.jar) to unrestricted
jars. Example WAS location for security jars: /WAS/WAS9/WebSphere/AppServer/java/8.0/jre/lib/security

ht
Above mentioned jars need to be replaced with unrestricted jars. The jar can be downloaded from IBM site.

ig
By-default product recommends generating RSA key-pair of size 4096 and AES key-pair of size 256 bits. But
the Java version 8, supports only 128 bits by default for AES, that is the sole reason the default value of AES
key size is 128 in

yr
Data folder → externalconfig folder → SecurityAdaptor.json →ENCRYPTDECRYPT
→ProductKeyGenerationAdapter →symmetric-keysize → 128

op
We strongly recommend the implementation to change this to 256 after consulting with Bank
and downloading the required java security unrestricted policy jars for the respective
java.

Recommendation
C
SecurityAdaptor.json →ENCRYPTDECRYPT →ProductKeyGenerationAdapter →symmetric-keysize →
256
e

8.2 Deployment
In case of windows server, ensure that profile is unshared before proceeding with deployment.
cl

Generally, profile folder on the windows server machine might be shared with a specific user group or
everyone. If anybody has opened and using the files present in the profile folder structure it will cause
na

deployment to fail or result in error. Therefore, the profile folder should be unshared before starting
deployment process.

8.2.1 Procedure for Stopping and Starting WAS Profile:


Fi

8.2.1.1 Stopping Server


Go to the profile bin, and give stopServer.bat server1
(For unix, this would be stopServer.sh server1)

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 62 of 184
Digital Engagement Hub Installation Guide

ht
ig
8.2.1.2 Starting the server

yr
op
C
e

8.2.2 Administrative Console


Once the server has successfully started, the profile admin console can be accessed from remote, or
cl

from the server itself (for windows). The profile admin console URL is:
http://<server>:<admin console port>/admin (remote)
na

http://localhost:<admin console port>/admin (from server itself)


Example: http://Serv03:9187/admin
The admin console port details can be taken from <ProfileHome>/logs/AboutThisProfile.txt
Fi

On hitting the URL, the below screen will come up. You can proceed with login by clicking on Log In.
User ID is not required in case of insecure logon. In case of secure logon, key in the user name and
password that was configured in security settings, during the creation of the profile.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 63 of 184
Digital Engagement Hub Installation Guide

ht
ig
The following screen will come up on logging into the console.

yr
op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 64 of 184
Digital Engagement Hub Installation Guide
8.2.3 Installation Packages
The name of OCH WAR will be FEBWeb.war. Please make sure that you take the correct WAR for
deployment based on your requirement.
From 11.5.3, FEBWeb.war present under two locations DEH and ModularDEH directories.
DEH → contains RM screens and api’s for consumer and corporate
ModularDEH → Contains only api’s for consumer and corporate.
Service Registry is to be disabled for DEH instance. If it is intented for RM application alone,un-install

ht
the old application from WAS console.
In case you already have a FEBAApp EAR or FEBAWeb WAR installed, you need to uninstall it before
proceeding with the new deployment.

ig
1. Click on Applications-> Web Sphere enterprise applications
2. Check on the already deployed application and click uninstall

yr
op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 65 of 184
Digital Engagement Hub Installation Guide
3. On checking uninstall, you will be asked for confirmation- Give Ok.

ht
ig
yr
op
C
4. Last step in uninstall is to save your change. Click on Save.
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 66 of 184
Digital Engagement Hub Installation Guide
8.2.4 Installing New Application
Place the latest FEBAWeb WAR and data folder inside the profile working directory. Ensure that the
naming conventions of the data folder are in sync with what was mentioned in the profile admin
console during profile configuration.
1. Enable annotation scan of selected packages (This section is applicable only to Standalone full
WAR and OCH WAR)

Add the following custom property to enable annotation scanning only for selected packages in order

ht
to speed up server startup under the following path.

Go to Servers → WebSphere Application Servers → server1 → Process Definitions → Java Virtual

ig
Machine → Custom Properties.

yr
Add the following custom property:
com.ibm.ws.amm.scan.context.include.packages = com.infosys.ebanking.interceptor.xservice.soap

op
The value should be a comma separated list of packages to be scanned for annotations. The sub
packages are automatically scanned when a package is given.
When this custom property is added, WAS only scans the specified packages for annotations instead
C
of scanning all the libraries. Currently, only packages containing SOAP web services need to be
scanned for annotations in the application.
For REST services, the annotation processing is done by Jersey.
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 67 of 184
Digital Engagement Hub Installation Guide
Note:
Before proceeding with the deployment, it is necessary for the profile to be restarted for the above
property to take effect.

2. Matching the behavior of SSLContext.getInstance("TLS") to Oracle (This section is applicable only


to Standalone full WAR and OCH WAR)

Add the below custom property to match the behavior of SSLContext.getInstance(“TLS”) in the IBM

ht
SDK with the Oracle implementation. This is needed for OCH to successfully establish handshake
with micro services through https.

ig
Go to Servers → WebSphere Application Servers → server1 → Process Definitions → Java Virtual
Machine → Custom Properties.

yr
Add the following custom property:
com.ibm.jsse2.overrideDefaultTLS = true

op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 68 of 184
Digital Engagement Hub Installation Guide
3. Under Web Sphere enterprise applications click on Install

ht
ig
yr
op
4. Select the WAR from where it is present, either in your local or in the remote machine, and click
next
C
/
e
cl
na
Fi

5. Select Fast Path in the next screen

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 69 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
6. Uncheck Create MBeans for Resources in the next screen, and click on next
C
e
cl
na
Fi

7. Select all in the next screen, and hit on next

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 70 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
8. Modify the context root if needed

op
C
e
cl
na
Fi

9. Leave the metadata-complete attribute checkbox unchecked.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 71 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
10. Click finish in next screen. On clicking finish, installation of the application will commence.

op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 72 of 184
Digital Engagement Hub Installation Guide
11. Once the WAR is deployed successfully, the following screen will come up. Click on save.

ht
ig
yr
op
12. Once the configuration has been saved, the installed application will be listed out. The application
will be in the stopped state. Click on the installed application.
C
e
cl
na
Fi

13. Click on Class Loading and Update detection

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 73 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
14. Select “Single class loader for application”, and click apply. Save the configuration when prompted.
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 74 of 184
Digital Engagement Hub Installation Guide
15. Click on Session Management under Web module

ht
ig
yr
op
16. In the page that follows, by default all fields except “Override Session Management” will be
disabled. Check “Override Session Management”. On checking this field, all fields in Session
Management will get enabled. Uncheck “Enable Cookies” and check “Enable URL Rewriting”.
C
Apply and save the configuration.
e
cl
na
Fi

8.2.5 Changes required for EMMA enabled WAR *


In case the WAR is EMMA enabled, and the java version of the EMMA enabled build is JDK1.8, the
WAR will not start up with the normal configuration. This is a defect, and a solution for this is not
available till date. As a work around, two settings have to be changed for the application to start up.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 75 of 184
Digital Engagement Hub Installation Guide

1. Click on Server->Server Types->Web Sphere Application Servers->server1. In the page


displayed, under Server Infrastructure->Java Process Management, click on Process definition.

ht
ig
yr
op
C
e

*Note: This is merely a workaround and not the final solution. This defect will be fixed by the Archie
team in near future by raising it with the EMMA team. Since the solution is not available as on date of
cl

preparation of the document, this work around has been included. The final solution will be added in
future revisions of the doc. Furthermore, it is the sole responsibility of the reader to ensure they are
na

using the latest document revision.


2. In the screen that follows, click on Java Virtual Machine under Additional Properties. In the next
screen, under Generic JVM Arguments an additional parameter “-Xverify:none” has to be added
Fi

along with the usual list.

Example: -Xverify:none -DFI_APP_NAME=FIONLINE -DFI_IS_CONFIGSER=N -


DFICLIENT_APP_PATH=%PROFILE_PATH%\workdir -DFI_BASE_INSTANCE_ID=1 -
DFEBA_SYS_PATH=%PROFILE_PATH%\workdir\data -
DAPPLICATION_CONFIGURATION_FILE=BankAway.properties -Xnoclassgc -
Xgcpolicy:gencon -Xmns256m -Xmnx768m -Xdisableexplicitgc -
DPRODUCT_BOOTSTRAP_FILE= %PROFILE_PATH%\workdir\data\BootstrapFile.properties -
DEXTERNAL_CONFIG_FOLDER=%PROFILE_PATH%\workdir\ExternalConfig
WHERE =%PROFILE_PATH% is the WAS profile path.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 76 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
Apply and save the configuration.

8.3 Resource Configuration for V5


op
C
To run FEBA application in application mode, V5 resource configuration is required.
Following are the steps for configuring the resource.
1. Select Resources->JDBC->Data Sources then select
e

Node=<node name>, Server=<server_name> (Ex: Node=Blrkecfinserv03Node38,


Server=server1)
cl

Following page will be displayed,


na
Fi

Select New.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 77 of 184
Digital Engagement Hub Installation Guide
2. In the next screen, give Data source name and JNDI name as FEBAV5, and give next.

ht
ig
yr
op
3. In the following screen, choose “Select existing JDBC Provider” and choose Oracle JDBC Driver
and click next.
C
e
cl
na
Fi

4. In the next screen, give the database url:

Example: jdbc:oracle:thin:@SERVER_NAME:LISTENER_PORT:DBSID

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 78 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
5. In the next screen, click on Global J2C Authentication Alias
C
e
cl
na
Fi

6. In the next screen choose new, in the screen that follows the clicking on new, enter the DB write
user name and password, click apply and save the configuration.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 79 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
7.

op
8. Go back to Setup security aliases setup screen and click next. In the screen that follows click
finish, and save the configuration when prompted.
C
e
cl
na
Fi

9. On clicking save, the newly created data source will be displayed. Click on the newly created
FEBAV5 data source.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 80 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
10. In the screen that follows: scroll down to security settings, and choose the alias you had entered
C
for your DB. Click Apply and save the configuration.
e
cl
na
Fi

11. Finally, the settings need to be tested to ensure proper connectivity. Check the FEBAV5 data
source and click on test connection. The connection should be successful.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 81 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
12. System and Application Logs
op
System logs can be referred from the <ProfileHome>/logs/server1 folder.
C
Application logs can be referred from the <ProfileHome>/Workdir/log folder

8.4 Shared Library for REST APIs and Swagger Deployment


e

1. Shared Library for REST APIs (This section is applicable only to Standalone full EAR and
cl

OCH EAR)
na

We need to make below changes from WAS admin console post deployment to support REST
services.
a. Custom JVM Argument
Fi

Go to Servers → WebSphere Application Servers → server1 → Process Definitions → Java Virtual


Machine → Custom Properties.

Add the below custom property:


com.ibm.websphere.jaxrs.server.DisableIBMJAXRSEngine=true

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 82 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
b. Shared library

A.Create a shared library for REST dependent jars.


op
C
Steps to be followed in WAS Admin Console-
➢ Go to Environment → Shared Libraries →Create New
➢ Name->RESTLibrary (Any Name can be given.)
e

➢ In the ClassPath add all the required libraries:


cl

➢ Below are the libraries on which the rest services are dependent on. This might change
when new REST functionalities are to be added. Please check the versions of the
na

corresponding jars in WAR and provide the correct jar name in following paths. All these
jars are present in the deployed WAR. So accordingly the path prefix should also be
changed as per the location of the deployed WAR. In below example, all libraries are
Fi

present at

%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib

List of jars to be added:


%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/cdi-api-1.2.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/commons-lang3-3.4.jar

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 83 of 184
Digital Engagement Hub Installation Guide
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/guava-19.0.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/hk2-api-2.4.0-b12.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/hk2-locator-2.4.0-b12.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/hk2-utils-2.4.0-b12.jar

ht
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jackson-annotations-2.9.6.jar

ig
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jackson-core-2.9.6.jar

yr
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jackson-databind-2.9.6.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jackson-jaxrs-base-2.9.6.jar
op
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jackson-jaxrs-json-provider-2.9.6.jar
C
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/javassist-3.18.2-GA.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
e

INF/lib/javax.annotation-api-1.2.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
cl

INF/lib/javax.inject-2.4.0-b12.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
na

INF/lib/javax.ws.rs-api-2.0.1.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-client-2.18.jar
Fi

%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-common-2.18.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-container-servlet-core-2.18.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-container-servlet-2.18.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-declarative-linking-2.18.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-entity-filtering-2.18.jar

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 84 of 184
Digital Engagement Hub Installation Guide
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-guava-2.18.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-media-jaxb-2.18.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-media-multipart-2.18.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-server-2.18.jar

ht
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/slf4j-api-1.7.25.jar

ig
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/swagger-annotations-1.5.8.jar

yr
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/swagger-core-1.5.8.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/swagger-hibernate-validations-1.5.8.jar
op
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/swagger-jaxrs-1.5.8.jar
C
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/swagger-jersey2-jaxrs-1.5.8.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
e

INF/lib/swagger-models-1.5.8.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
cl

INF/lib/swagger-parser-1.0.19.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
na

INF/lib/validation-api-1.1.0.Final.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/mimepull-1.9.6.jar
Fi

%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/log4j-1.2.17.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/log4j-api-2.11.0.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/log4j-core-2.11.0.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/logstash-gelf-1.11.1.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/slf4j-ext-1.6.3.jar

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 85 of 184
Digital Engagement Hub Installation Guide
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/javax.json-1.0.4.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-gf-cdi-2.14.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/org.eclipse.persistence.antlr-2.6.2.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/org.eclipse.persistence.asm-2.6.2.jar

ht
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/org.eclipse.persistence.core-2.6.2.jar

ig
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/org.eclipse.persistence.moxy-2.6.2.jar

yr
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/swagger-codegen-2.1.6.jar
%PROFILE_PATH%/workdir/data/log4j.properties

INF/classes/
B. Check the checkbox under class loading
op
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
C
e
cl
na
Fi

C. Click OK and SAVE the configuration.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 86 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
D. Shared Library References can be attached to the WAR in any of the two ways:



Manual Configuration
op
Automatic Configuration using the Deployment Script

Manual Configuration:
C
i)Go to Applications → WebSphere Enterprise applications → Click on FEBAWeb_war → References
→ Shared library References
e
cl
na
Fi

ii) Check the checkbox for FEBAWeb_war and click on button “Reference shared library”.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 87 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
iii) Move above created RESTLibrary to right and click on OK. SAVE
C
e
cl
na
Fi

iv)Again click on OK and save changes when asked.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 88 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
v) Restart the profile.

Auto Deployment Configuration: op


i) Create a python file with below configuration (Ex: SharedLinkLib.py) by specifying the EAR name
C
and the Shared Library Name,

AdminApp.edit('FEBAApp.ear', '[ -MapSharedLibForMod [[ FEBAApp.ear META-INF/application.xml


e

RESTLibrary ]]]' );
cl

AdminConfig.save();
exit;
na

SharedLinkLib.py
Fi

ii) PFA .bat file for invoking the python file.

Sharedlibrary_linkage.bat

Kindly replace the profile path for variable %PROFILE_PATH%


Ex: D:\WAS8.5\AppSrv05\bin\wsadmin.bat

iii)Add the below lines in the Execute.bat to call the .bat file in FULLBUILD and PARTIAL BUILD

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 89 of 184
Digital Engagement Hub Installation Guide
Rem to link REST Library
@call Sharedlibrary_linkage.bat >Linkage.log 2>&1

Execute.bat

E. Swagger War Deployment:

ht
Swagger provides the documentation for the API’s exposed through REST.
Swagger war need to be deployed manually. It will be provided along with the main EAR.

ig
i) Go to Applications → Application Types → WebSphere Enterprise Applications → Click

yr
on Install

op
C
e
cl
na

ii) Choose the war file from the location and click on next.
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 90 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
iii) Select the Fast Path and click Next
op
C
e
cl
na
Fi

iv) Uncheck the “Create MBeans for resources” and click Next

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 91 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
v) Click Next and Proceed for the below screen. Select swagger API module and click next.
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 92 of 184
Digital Engagement Hub Installation Guide

ht
vi) Add the context root as “/document portal” and click next

ig
yr
op
C
e
cl

viii) Click Next and Proceed for the below screens


na
Fi

ix) Click on Finish

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 93 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
x) Click on save. op
C
e
cl
na

xi) Check the SwaggerWar_war and click on start.


Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 94 of 184
Digital Engagement Hub Installation Guide
xii) After Successful Deployment following Screen will appear.

ht
ig
yr
Xii) After Successful Deployment following Screen will appear.

op
C
e
cl
na

xiii) Testing of Swagger UI can be done by using following URL:


Fi

http://SERVERNAME:PORTNUM/documentportal/swagger.html

Here, SERVERNAME and PORTNUM should be changed to host and port of profile where we
have deployed Swagger War.

On this page, there is an input textbox where URL for REST should be provided.
http:// SERVERNAME:PORTNUM/corp/rest
Here the host and port should be changed to host and port of Standalone/OCH application.
And, then click on the Explore button to get details of REST APIs.
If you want to load the REST APIs details on load of this html without having to enter the url in
input textbox, then you can do following change in the swagger.html in deployed Swagger War.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 95 of 184
Digital Engagement Hub Installation Guide
One string value should be changed in swagger.html.
Html location:
%PROFILE_PATH%/installedApps/%NODE_CELL%/SwaggerWar_war.ear/SwaggerWar
.war/swagger.html
Please note the above path will change as per your profile location and node and cell name
for profile.
String:

ht
url = "http://SERVER_NAME:PORTNUM/corp/rest";
Here, the SERVER_NAME and PORTNUM should be changed to host and port of
Standalone/OCH application.

ig
xiv) How to download the swagger documentation for OCH Rest API’s for offline reference.

yr
URL: swagger.io
Tools -> swagger-codegen
Click on download
op
Click on download button next to Codegen - > will take you to github.
C
From Prerequisites
You can get jar from http://central.maven.org/maven2/io/swagger/swagger-codegen-
cli/2.3.1/swagger-codegen-cli-2.3.1.jar
e

Below command will generate the documentation in spec folder.


cl

java -jar swagger-codegen-cli-2.3.1.jar generate -i


http://SERVER_NAME:PORTNUM/corp/rest -l html -o ./spec
na

Example: java -jar swagger-codegen-cli-2.3.1.jar generate -i http://127.0.0.1:11500/corp/rest -


l html -o ./spec
Fi

8.5 Working Directory/Data Folder Changes in Standalone/OCH

Now Refer to the section “Common Data Folder Configuration” in the document for the
further steps.

With this, all steps required for installing the WAR have been completed. The server requires
a restart for the data folder changes to take effect. On restart, under ideal conditions, the
FEBAWeb_war should start up.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 96 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
8.6 Database Seeds Required op
C
For OAuth setup following query is to be run on database. This is not present in database by default.

INSERT INTO OATC (CLIENT_ID, CLIENT_SECRET, REDIRECT_URI, LOGIN_TYPE,


e

AUTHORIZED_MODES, TRUST_TYPE, IMAGE_URI, TOKEN_TYPE,


ACCESS_TOKEN_TIMEOUT, REFRESH_TOKEN_TIMEOUT, DEL_FLG, DB_TS, R_CRE_ID,
cl

R_MOD_ID, R_CRE_TIME, R_MOD_TIME, DISPLAY_NAME, REFRESH_TOKEN_ALLOWED,


MAX_REFRESH_COUNT) VALUES ('FINACLE', 'tHeAKtSCN//MZW2prILlfQ',
na

'http://www.finaclechannelindex.com', 'PROFILE_BASED', 'password', 'trusted', NULL, 'bearer', 90,


10, 'N', NULL, 'setup', 'setup', SYSDATE, SYSDATE, NULL, 'Y', 3);
The encrypted client_secret highlighted in green above should be generated from plain secret using
a util provided here.
Fi

ClientSecretGenerationUtil.java

Jar to be used – feba_security.jar


Arguments to be set –
VM Arguments

-DFEBA_SYS_PATH="<<Workspace_path>>\WorkingDirectory\data"
-DPRODUCT_BOOTSTRAP_FILE=<<WorkingDirectory>>\data\BootstrapFile.properties
-DAPPLICATION_CONFIGURATION_FILE="BankAway.properties"
-DFICLIENT_APP_PATH="<<Workspace_path>>\WorkingDirectory"

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 97 of 184
Digital Engagement Hub Installation Guide
Program Arguments (Passed a command line arguments in the below format)

<<client_secret to be encrypted>> <<client_id>>

8.7 Changes in WAR for External References


Some jars and JS files mentioned below have been externalized. After WAR is extracted and copied
before starting the application below mentioned components have to be downloaded from the URL
mentioned in below table, and they have to be placed in appropriate location by refreshing the WAR
as mentioned in table.

ht
Component Versi URL Home Page from where the file can be downloaded

ig
on

jQuery BlockUI Plugin 2.66. http://www.malsup.com/jquery/block/

yr
(jquery.blockUI.js) 0

FEBAWeb.war\scripts\ria\ajaxfeatures\j
query.blockUI.js

jquery-dynatable (JQuery.dynatable.js) op 0.3.1 http://github.com/alfajango/jquery-dynatable/


C
FEBAWeb.war\scripts\analytics\lib\jquer
y\jquery.dynatable.js

Microsoft JDBC Driver 4.0 for SQL 6.0 https://www.microsoft.com/en-


e

Server (sqljdbc*.jar) in/download/details.aspx?id=11774


cl

FEBAWeb.war\WEB-INF\lib

Oracle Database 19cJDBC Drivers 8.0


na

(ojdbc8.jar)
https://www.oracle.com/database/technologies/appde
v/jdbc-ucp-19c-downloads.html
FEBAWeb.war\WEB-INF\lib
Fi

JigSaw.jar 2.2.6 https://mvnrepository.com/artifact/org.w3c.jigsaw/jig


saw/2.2.6
FEBAWeb.war\WEB-INF\lib

edb-jdbc17-*.jar Take the jar from EDB installation, as it is packaged


as part of EDB installation.

itextpdf-5.5.13.jar 5.5.13 https://search.maven.org/remotecontent?filepath=com/it


extpdf/itextpdf/5.5.13/itextpdf-5.5.13.jar
postgresql-42.2.8.jar 42.2.8 https://jdbc.postgresql.org/download.html

Note:

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 98 of 184
Digital Engagement Hub Installation Guide
Jars files to be patched in the lib folder.
jquery.dynatable.js – to be patched in the path FEBAWeb.war\scripts\analytics\lib\jquery\
jquery.blockUI.js – to be patched in the path FEBAWeb.war\scripts\ria\ajaxfeatures\

ht
ig
yr
op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 99 of 184
Digital Engagement Hub Installation Guide
9. Microservices Setup and Deployment
9.1 Changes in Microservices
***By-default product recommends generating RSA key-pair of size 4096 and AES key-pair of size 256 bits.
But the Java version 8, supports only 128 bits by default for AES, that is the sole reason the default value of
AES key size is 128 in
extension → security → AdapterConfig.xml → EncryptDecrypt → <Secret
name="ProductKeyGenerationAdapter"> →symmetric-keysize → 128

ht
We strongly recommend the implementation to change this to 256 after consulting with Bank
and downloading the required java security unrestricted policy jars for the respective
java.

ig
Recommendation
extension → security → AdapterConfig.xml → EncryptDecrypt → <Secret

yr
name="ProductKeyGenerationAdapter"> →symmetric-keysize → 256

op
The above guideline is applicable to all the microservices

9.1.1 For External references


C
Some jars mentioned below have been externalized. Before starting the microservice below
mentioned components have to be downloaded from the URL mentioned in below table, and they
have to be placed in tomcat_installation/lib direcory.
e
cl

Component Version URL Home Page from where the file can be downloaded
na

Ojdbc8.jar 8
https://www.oracle.com/database/technologies/appdev/jdbc-ucp-19c-
downloads.html

Dropwizard- 1.0.5 https://github.com/mtakaki/dropwizard-circuitbreaker


Fi

circuitbreaker.jar

itextpdf-5.5.13.jar 5.5.13 https://search.maven.org/remotecontent?filepath=com/itextpdf/itextpdf/5.5


.13/itextpdf-5.5.13.jar

PostgreSQL JDBC 42.2.8 https://jdbc.postgresql.org/ - PostgreSQL JDBC Driver


Driver https://jdbc.postgresql.org/download.html - For downloading PostgreSQL
JDBC Driver.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 100 of 184
Digital Engagement Hub Installation Guide
9.2 Limits MS
9.2.1 Introduction
This section has steps to run the limits microservice.

9.2.2 Pre-requisite
OCH application and db should be deployed and up.

9.2.3 DB Setup for limits MS

ht
Tables in limits microservice need to be created in a separate schema in OCH application database.
Limits microservice will connect only to this schema.

ig
Run the sql scripts provided with limits microservice for creation on required tables and sequences in
new schema. Replace ‘$BANK_ID$’ with required bank id in the sql file.

yr
This script creates a new schema ‘limits_admin’ in db.

op Limits_Admin.sql
C
Note: All appropriate configuration changes has to be done in EnvConfig.properties file. Any additions
in future also should be added in this file. PFA file that has the properties listed.
e
cl

Limits_env_props.xl
s
na

Note – if service registry is used, host and port of the load balancer should be configured instead of
host and port of machine on which microservice is running in all configurations.

9.2.4 Running Microservice


Fi

1. Download tomcat binary and Copy och-limits-119.war into tomcat’s catalinabase/webapps folder
on host machine on which limits microservice needs to be run. Rename the war to limits.war
2. Copy data folder specific to limits ms to any path on host machine on which limits microservice
needs to be run.
3. Update below JNDI configuration inside tomcat\config\context.xml
<Context>

<Resource
name="FEBAV5"
auth="Container"
type="javax.sql.DataSource"
testWhileIdle="true"

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 101 of 184
Digital Engagement Hub Installation Guide
testWhileIdle="true"
testOnBorrow="false"
testOnReturn="false"
validationQuery="SELECT 1 FROM DUAL"
validationInterval="30000"
timeBetweenEvictionRunsMillis="30000"
maxActive="100"
minIdle="10"
initialSize="10"
removeAbandonedTimeout="3000"
removeAbandoned="true"
logAbandoned="false"
minEvictableIdleTimeMillis="30000"

ht
jmxEnabled="true"
username="<DB User Name>"
password="<DB Encrypted Password>"
maxTotal="-1"

ig
maxIdle="20"
maxWaitMillis="10000"
driverClassName="oracle.jdbc.driver.OracleDriver"
url="jdbc:oracle:thin:@XX.73.15.X:15XX:EYDBXXXX"

yr
factory="com.infosys.feba.framework.commontran.TomcatDataSourceFactory"
/>
</Context>
auth - Specify whether the web Application code signs on to the corresponding resource manager programmatically,

op
or whether the Container will sign on to the resource manager on behalf of the application. The value of this attribute
must be Application or Container
name - The name of the resource to be created, relative to the java:comp/env context.
type - The fully qualified Java class name expected by the web application when it performs a lookup for this resource.
maxTotal – maximum number of required db connections, set it to -1 to have infinite connections
C
initialSize – initial set of active connections
maxWaitMillis - Maximum time to wait for a database connection to become available in ms, in this example 10
seconds. An Exception is thrown if this timeout is exceeded. Set to -1 to wait indefinitely
factory – the class required to initialize connection pool configuration in Datasource
e

testWhileIdle: (boolean) The indication of whether objects will be validated by the idle object evictor (if any). If an
object fails to validate, it will be dropped from the pool.
cl

testOnBorrow: (boolean) The indication of whether objects will be validated before being borrowed from the pool. If
the object fails to validate, it will be dropped from the pool, and we will attempt to borrow another. Default value
is false
na

testOnReturn: (boolean) The indication of whether objects will be validated before being returned to the pool. The
default value is false.

validationQuery: (String) The SQL query that will be used to validate connections from this pool before returning them
to the caller. If specified, this query does not have to return any data, it just can't throw a SQLException. The default
Fi

value is null. If not specified, connections will be validation by the isValid() method. Example values are SELECT
1(mysql), select 1 from dual(oracle), SELECT 1(MS Sql Server)

validationInterval: (long) avoid excess validation, only run validation at most at this frequency - time in milliseconds. If
a connection is due for validation, but has been validated previously within this interval, it will not be validated again.
The default value is 3000 (3 seconds).

timeBetweenEvictionRunsMillis: (int) The number of milliseconds to sleep between runs of the idle connection
validation/cleaner thread. This value should not be set under 1 second. It dictates how often we check for idle,
abandoned connections, and how often we validate idle connections. This value will be overridden by maxAge if the
latter is non-zero and lower. The default value is 5000 (5 seconds).

minIdle: (int) The minimum number of established connections that should be kept in the pool at all times. The
connection pool can shrink below this number if validation queries fail. Default value is derived from initialSize:10

maxWait: (int) The maximum number of milliseconds that the pool will wait (when there are no available connections)
for a connection to be returned before throwing an exception. Default value is 30000 (30 seconds)

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 102 of 184
Digital Engagement Hub Installation Guide
removeAbandonedTimeout: (int) Timeout in seconds before an abandoned (in use) connection can be removed. The
default value is 60 (60 seconds). The value should be set to the longest running query your applications might have.

removeAbandoned: (boolean) Flag to remove abandoned connections if they exceed the removeAbandonedTimeout.
If set to true a connection is considered abandoned and eligible for removal if it has been in use longer than
the removeAbandonedTimeout Setting this to true can recover db connections from applications that fail to close a
connection. The default value is false.

logAbandoned: (boolean) Flag to log stack traces for application code which abandoned a Connection. Logging of
abandoned Connections adds overhead for every Connection borrow because a stack trace has to be generated. The
default value is false.

ht
minEvictableIdleTimeMillis: (int) The minimum amount of time an object may sit idle in the pool before it is eligible for
eviction. The default value is 60000 (60 seconds).

jmxEnabled: (boolean) Register the pool with JMX or not. The default value is true.

ig
username: (String) The connection username to be passed to our JDBC driver to establish a connection.

password: (String) The connection password to be passed to our JDBC driver to establish a connection. The Password

yr
should be an encrypted password.

driverClassName: (String) The fully qualified Java class name of the JDBC driver to be used.

url: URL for Database.

op
4. By default, tomcat uses 3 ports for its services 8080, 8443, 8009. If you are hosting multiple
microservices on same host machine, unqiue port for each microservice is mandatory. If you plan
C
to host each microservice in a different host then you can use the same port. Based on your
requirement you need to update the host/port in tomcat\config\server.xml. HTTP port &
Shutdown port is required to be exposed, this document will have instructions to enable http
port,shutdown port and disable ajp port.
e

Shutdown port configuration


cl

<Server port="8005" shutdown="SHUTDOWN">

HTTP port configuration


na

<Connector port="8080" protocol="HTTP/1.1"


connectionTimeout="20000"
redirectPort="8443" />
Fi

AJP port configuration


Ajp port is not required. You have to comment it
<!--
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-->

5. Notable changes required in Config Server


DATA_SOURCE value should contain java:/comp/env/ concatenated with the value of
Resource name property set in context.xml for example java:/comp/env/FEBAV5
DRIVER_CLASS value should contain the database driver chosen to use for example if oracle
database is planned to use then value should be oracle.jdbc.driver.OracleDriver
DB_PWD_SEED value should contain encrypted password
DB_USER_ID value should contain userid dedicated for using with a particular microservice
6. Execute below script to start microservice

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 103 of 184
Digital Engagement Hub Installation Guide

To view swagger documentation of apis exposed in microservice-

Deploy the swagger war provided with OCH application (additional deployment for microservice)
on any profile and change the url inside swagger.html
In index_swagger.html url to be replaced as shown below

ht
$(function () {
var url = window.location.search.match(/url=([^&]+)/);
if (url && url.length > 1) {

ig
url = decodeURIComponent(url[1]);
} else {

yr
url = " http://SERVER_NAME:PORTNUM/corp/rest/swagger.json";
}
Here, SERVER_NAME: host server name on which microservice is running

given in tomcat/conf/server.xml

9.3 Authentication MS
op
PORTNUM: port on which microservice is available i.e. same as application connectors port
C
9.3.1 Introduction
This section has steps to run the authentication micro-service.
e

9.3.2 Pre-requisite
OCH application and db should be deployed and up
cl

9.3.3 DB Setup for authentication MS


na

Tables in authentication microservice need to be created in a separate schema in OCH application


database.
Authentication microservice will connect only to this schema.
Fi

Run the sql scripts provided with authentication microservice for creation on required tables and
sequences in new schema. Replace ‘$BANK_ID$’ with required bank id in the sql file.
This script creates a new schema ‘AUTH_USER’ in db.

authuser.sql

9.3.4 Running Microservice


1. Download tomcat binary and Copy och-authentication-119.war into tomcat’s catalina/webapps folder on
host machine on which authentication microservice needs to be run. Rename the war to authentication.war

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 104 of 184
Digital Engagement Hub Installation Guide
2. Copy data folder specific to authentication ms to any path on host machine on which authentication
microservice needs to be run.
3. Update below JNDI configuration inside tomcat\config\context.xml
<Context>

<Resource
name="FEBAV5"
auth="Container"
type="javax.sql.DataSource"
testWhileIdle="true"

ht
testWhileIdle="true"
testOnBorrow="false"
testOnReturn="false"
validationQuery="SELECT 1 FROM DUAL"
validationInterval="30000"

ig
timeBetweenEvictionRunsMillis="30000"
maxActive="100"
minIdle="10"

yr
initialSize="10"
removeAbandonedTimeout="3000"
removeAbandoned="true"
logAbandoned="false"
minEvictableIdleTimeMillis="30000"
jmxEnabled="true"
username="<DB User Name>"
password="<DB Encrypted Password>"
maxTotal="-1"
maxIdle="20"
op
C
maxWaitMillis="10000"
driverClassName="oracle.jdbc.driver.OracleDriver"
url="jdbc:oracle:thin:@XX.73.15.X:15XX:EYDBXXXX"
factory="com.infosys.feba.framework.commontran.TomcatDataSourceFactory"
/>
e

</Context>
auth - Specify whether the web Application code signs on to the corresponding resource manager programmatically,
or whether the Container will sign on to the resource manager on behalf of the application. The value of this attribute
cl

must be Application or Container


name - The name of the resource to be created, relative to the java:comp/env context.
type - The fully qualified Java class name expected by the web application when it performs a lookup for this resource.
maxTotal – maximum number of required db connections, set it to -1 to have infinite connections
na

initialSize – initial set of active connections


maxWaitMillis - Maximum time to wait for a database connection to become available in ms, in this example 10
seconds. An Exception is thrown if this timeout is exceeded. Set to -1 to wait indefinitely
factory – the class required to initialize connection pool configuration in Datasource
Fi

testWhileIdle: (boolean) The indication of whether objects will be validated by the idle object evictor (if any). If an
object fails to validate, it will be dropped from the pool.

testOnBorrow: (boolean) The indication of whether objects will be validated before being borrowed from the pool. If
the object fails to validate, it will be dropped from the pool, and we will attempt to borrow another. Default value
is false

testOnReturn: (boolean) The indication of whether objects will be validated before being returned to the pool. The
default value is false.

validationQuery: (String) The SQL query that will be used to validate connections from this pool before returning them
to the caller. If specified, this query does not have to return any data, it just can't throw a SQLException. The default
value is null. If not specified, connections will be validation by the isValid() method. Example values are SELECT
1(mysql), select 1 from dual(oracle), SELECT 1(MS Sql Server)

validationInterval: (long) avoid excess validation, only run validation at most at this frequency - time in milliseconds. If
a connection is due for validation, but has been validated previously within this interval, it will not be validated again.
The default value is 3000 (3 seconds).

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 105 of 184
Digital Engagement Hub Installation Guide
timeBetweenEvictionRunsMillis: (int) The number of milliseconds to sleep between runs of the idle connection
validation/cleaner thread. This value should not be set under 1 second. It dictates how often we check for idle,
abandoned connections, and how often we validate idle connections. This value will be overridden by maxAge if the
latter is non-zero and lower. The default value is 5000 (5 seconds).

minIdle: (int) The minimum number of established connections that should be kept in the pool at all times. The
connection pool can shrink below this number if validation queries fail. Default value is derived from initialSize:10

maxWait: (int) The maximum number of milliseconds that the pool will wait (when there are no available connections)
for a connection to be returned before throwing an exception. Default value is 30000 (30 seconds)

removeAbandonedTimeout: (int) Timeout in seconds before an abandoned (in use) connection can be removed. The

ht
default value is 60 (60 seconds). The value should be set to the longest running query your applications might have.

removeAbandoned: (boolean) Flag to remove abandoned connections if they exceed the removeAbandonedTimeout.
If set to true a connection is considered abandoned and eligible for removal if it has been in use longer than

ig
the removeAbandonedTimeout Setting this to true can recover db connections from applications that fail to close a
connection. The default value is false.

logAbandoned: (boolean) Flag to log stack traces for application code which abandoned a Connection. Logging of

yr
abandoned Connections adds overhead for every Connection borrow because a stack trace has to be generated. The
default value is false.

minEvictableIdleTimeMillis: (int) The minimum amount of time an object may sit idle in the pool before it is eligible for

op
eviction. The default value is 60000 (60 seconds).

jmxEnabled: (boolean) Register the pool with JMX or not. The default value is true.

username: (String) The connection username to be passed to our JDBC driver to establish a connection.
C
password: (String) The connection password to be passed to our JDBC driver to establish a connection. The Password
should be an encrypted password.

driverClassName: (String) The fully qualified Java class name of the JDBC driver to be used.
e

url: URL for Database.


cl

4. By default, tomcat uses 3 ports for its services 8080, 8443, 8009. If you are hosting multiple microservices
on same host machine, unqiue port for each microservice is mandatory. If you plan to host each
na

microservice in a different host then you can use the same port. Based on your requirement you need to
update the host/port in tomcat\config\server.xml. HTTP port & Shutdown port is required to be exposed,
this document will have instructions to enable http port,shutdown port and disable ajp port.
Shutdown port configuration
Fi

<Server port="8005" shutdown="SHUTDOWN">

HTTP port configuration


<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />

AJP port configuration


Ajp port is not required. You have to comment it
<!--
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-->

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 106 of 184
Digital Engagement Hub Installation Guide
5. Notable changes required in Config Server
DATA_SOURCE value should contain java:/comp/env/ concatenated with the value of Resource
name property set in context.xml for example java:/comp/env/FEBAV5
DRIVER_CLASS value should contain the database driver chosen to use for example if oracle
database is planned to use then value should be oracle.jdbc.driver.OracleDriver
DB_PWD_SEED value should contain encrypted password
DB_USER_ID value should contain userid dedicated for using with a particular microservice
6. Execute below script to start microservice

ht
ig
7. To view swagger documentation of apis exposed in microservice

Deploy the swagger war provided with OCH application (additional deployment for microservice)

yr
on any profile and change the url inside swagger.html

$(function () { op
In index_swagger.html url to be replaced as shown below

var url = window.location.search.match(/url=([^&]+)/);


C
if (url && url.length > 1) {
url = decodeURIComponent(url[1]);
} else {
url = " http://SERVERNAME:PORTNUM/corp/rest/swagger.json";
e

}
cl

Here, SERVERNAME: host server name on which microservice is running


PORTNUM: port on which microservice is available i.e. same as application connectors port
given in tomcat/conf/server.xml
na

9.4 Directbanking MS
9.4.1 Introduction
Fi

This section has steps to run the directbanking micro-service.

9.4.2 Pre-requisite
OCH, OAuth and AUTHMS applications and database should be deployed and up.

9.4.3 DB Setup for directbankingMS


Tables in directbanking microservice need to be created in a separate schema in OCH application
database.
Directbanking microservice will connect only to this schema.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 107 of 184
Digital Engagement Hub Installation Guide
Use the DBInstaller to create the required tables and sequences in the new schema.

9.4.4 Running Microservice

1. Download tomcat binary and Copy och-directbanking-119.war into tomcat’s


catalinabase/webapps folder on host machine on which directbanking microservice needs
to be run. Rename the war to directbanking.war.
2. Copy data folder specific to directbanking ms to any path on host machine on which

ht
directbanking microservice needs to be run.
3. Update below JNDI configuration inside tomcat\context.xml
<Context>

ig

<Resource
name="FEBAV5"
auth="Container"

yr
type="javax.sql.DataSource"
testWhileIdle="true"
testWhileIdle="true"
testOnBorrow="false"
testOnReturn="false"
validationQuery="SELECT 1 FROM DUAL"
validationInterval="30000"
timeBetweenEvictionRunsMillis="30000"
maxActive="100"
op
C
minIdle="10"
initialSize="10"
removeAbandonedTimeout="3000"
removeAbandoned="true"
logAbandoned="false"
minEvictableIdleTimeMillis="30000"
e

jmxEnabled="true"
username="<DB User Name>"
cl

password="<DB Encrypted Password>"


maxTotal="-1"
maxIdle="20"
maxWaitMillis="10000"
na

driverClassName="oracle.jdbc.driver.OracleDriver"
url="jdbc:oracle:thin:@XX.73.15.X:15XX:EYDBXXXX"
factory="com.infosys.feba.framework.commontran.TomcatDataSourceFactory"
/>
</Context>
auth - Specify whether the web Application code signs on to the corresponding resource manager programmatically,
Fi

or whether the Container will sign on to the resource manager on behalf of the application. The value of this attribute
must be Application or Container
name - The name of the resource to be created, relative to the java:comp/env context.
type - The fully qualified Java class name expected by the web application when it performs a lookup for this resource.
maxTotal – maximum number of required db connections, set it to -1 to have infinite connections
initialSize – initial set of active connections
maxWaitMillis - Maximum time to wait for a database connection to become available in ms, in this example 10
seconds. An Exception is thrown if this timeout is exceeded. Set to -1 to wait indefinitely
factory – the class required to initialize connection pool configuration in Datasource
testWhileIdle: (boolean) The indication of whether objects will be validated by the idle object evictor (if any). If an
object fails to validate, it will be dropped from the pool.

testOnBorrow: (boolean) The indication of whether objects will be validated before being borrowed from the pool. If
the object fails to validate, it will be dropped from the pool, and we will attempt to borrow another. Default value
is false

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 108 of 184
Digital Engagement Hub Installation Guide
testOnReturn: (boolean) The indication of whether objects will be validated before being returned to the pool. The
default value is false.

validationQuery: (String) The SQL query that will be used to validate connections from this pool before returning them
to the caller. If specified, this query does not have to return any data, it just can't throw a SQLException. The default
value is null. If not specified, connections will be validation by the isValid() method. Example values are SELECT
1(mysql), select 1 from dual(oracle), SELECT 1(MS Sql Server)

validationInterval: (long) avoid excess validation, only run validation at most at this frequency - time in milliseconds. If
a connection is due for validation, but has been validated previously within this interval, it will not be validated again.
The default value is 3000 (3 seconds).

ht
timeBetweenEvictionRunsMillis: (int) The number of milliseconds to sleep between runs of the idle connection
validation/cleaner thread. This value should not be set under 1 second. It dictates how often we check for idle,
abandoned connections, and how often we validate idle connections. This value will be overridden by maxAge if the

ig
latter is non-zero and lower. The default value is 5000 (5 seconds).

minIdle: (int) The minimum number of established connections that should be kept in the pool at all times. The
connection pool can shrink below this number if validation queries fail. Default value is derived from initialSize:10

yr
maxWait: (int) The maximum number of milliseconds that the pool will wait (when there are no available connections)
for a connection to be returned before throwing an exception. Default value is 30000 (30 seconds)

removeAbandonedTimeout: (int) Timeout in seconds before an abandoned (in use) connection can be removed. The

op
default value is 60 (60 seconds). The value should be set to the longest running query your applications might have.

removeAbandoned: (boolean) Flag to remove abandoned connections if they exceed the removeAbandonedTimeout.
If set to true a connection is considered abandoned and eligible for removal if it has been in use longer than
the removeAbandonedTimeout Setting this to true can recover db connections from applications that fail to close a
C
connection. The default value is false.

logAbandoned: (boolean) Flag to log stack traces for application code which abandoned a Connection. Logging of
abandoned Connections adds overhead for every Connection borrow because a stack trace has to be generated. The
e

default value is false.

minEvictableIdleTimeMillis: (int) The minimum amount of time an object may sit idle in the pool before it is eligible for
cl

eviction. The default value is 60000 (60 seconds).

jmxEnabled: (boolean) Register the pool with JMX or not. The default value is true.
na

username: (String) The connection username to be passed to our JDBC driver to establish a connection.

password: (String) The connection password to be passed to our JDBC driver to establish a connection. The Password
should be an encrypted password.

driverClassName: (String) The fully qualified Java class name of the JDBC driver to be used.
Fi

url: URL for Database.

4. By default, tomcat uses 3 ports for its services 8080, 8443, 8009. If you are hosting
multiple microservices on same host machine, unqiue port for each microservice is
mandatory. If you plan to host each microservice in a different host then you can use the
same port. Based on your requirement you need to update the host/port in
tomcat\config\server.xml. HTTP port & Shutdown port is required to be exposed, this
document will have instructions to enable http port,shutdown port and disable ajp port.
Shutdown port configuration

<Server port="8005" shutdown="SHUTDOWN">

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 109 of 184
Digital Engagement Hub Installation Guide
HTTP port configuration
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
AJP port configuration
Ajp port is not required. You have to comment it
<!--
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-->

5. Notable changes required in Config Server


DATA_SOURCE value should contain java:/comp/env/ concatenated with the value

ht
of Resource name property set in context.xml for example java:/comp/env/FEBAV5
DRIVER_CLASS value should contain the database driver chosen to use for example
if oracle database is planned to use then value should be oracle.jdbc.driver.OracleDriver

ig
DB_PWD_SEED value should contain encrypted password
DB_USER_ID value should contain userid dedicated for using with a particular

yr
microservice
6. Execute below script to start microservice

op
7. To view swagger documentation of apis exposed in microservice
C
Deploy the swagger war provided with OCH application (additional deployment for
microservice) on any profile and change the url inside swagger.html
In index_swagger.html url to be replaced as shown below
e

$(function () {
cl

var url = window.location.search.match(/url=([^&]+)/);


if (url && url.length > 1) {
na

url = decodeURIComponent(url[1]);
} else {
url = " http://SERVERNAME:PORTNUM/corp/rest/swagger.json";
Fi

}
Here, SERVERNAME: host server name on which microservice is running
PORTNUM: port on which microservice is available i.e. same as application connectors
port given in tomcat/conf/server.xml

9.5 EnterpriseConsentManagementMS
9.5.1 Introduction
This section has steps to run the Enterprise Consent Management micro-service.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 110 of 184
Digital Engagement Hub Installation Guide
9.5.2 Pre-requisite applications
FS-Gateway (for JWT Token Validation)
Config Server (for serving Configuration Properties)
Consent Management Encrypt Tool (for Secure Properties generation)

9.5.3 DB Setup
Run DB installer for Enterprise Consent Management to setup a separate Database with all
necessary tables

ht
Please refer to Unified DB Installer Documentation for details on configurations and execution

9.5.4 Updating Configuration Properties in Config Server

ig
External Configuration properties can be configured via Config Server.
1. Copy the contents enterprise-consent-externalconfig.zip (available as part of deliverables) to

yr
each of the profile folders present in the Config Server’s Backend directory (refer to Config Server’s
Backend Setup) .
Final Config Server’s Backend Directory Structure
/{profile}
/{service}
/application.json
/application.json
op
(dev, prod, at)
(deh, authentication, limits, consentmanagement)
(service specific properties)
(common properties)
C
/enterprise-consent-management-ms
/application.properties
2. Modify the application.properties for each profile to update the properties (refer the table below)
e
cl

Featu Property Value Sample Values Commen


re ts
na

DB spring.datasource.url <JDBC_URL> jdbc:oracle:thin:@10.73.14


Detail .255:1570:MVOLT
s
Fi

spring.datasource.username <DB_USERNAME> CONSENT

spring.datasource.password <DB_PASSWORD> password123 Plaintext


passord
(Not
recomme
nded)

{cipher}AQAw9wV8TAT9kY Encrypte
lxjnR….. d
password
. Prefix
with
{cipher}.
Generate

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 111 of 184
Digital Engagement Hub Installation Guide
with
encrypt
tool

spring.datasource.driver-class <DRIVER_CLASS_N oracle.jdbc.driver.OracleDri Database


AME> ver driver.
Ensure
that the
Driver is
available

ht
in
classpath

ig
Enabli cache.enable Y To
ng disable
Applic Caching

yr
ation make
Cache this N

Redis
Mode
cache.redis.mode

op standalone (OR)
sentinel
Possible
Values -
standalo
ne ,
sentinel
C
Redis spring.redis.host <REDIS_HOST> 10.73.15.45 Configur
Stand e this set
alone for Redis
e

standalo
ne mode
cl

spring.redis.port <REDIS_PORT> 3080


na

spring.redis.password <REDIS_PASSWOR {cipher}AQAQij8qrzwZYCFB For


D> JtQ1kjof29tLK29nrvn Encrypte
d
password
Fi

Prefix
with
{cipher}.
Generate
with
encrypt
tool

Redis spring.redis.sentinel.master <REDIS_SENTINEL_ sentinel-master Sentinel


HA MASTER_NAME> Master
name
(for Redis
HA)

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 112 of 184
Digital Engagement Hub Installation Guide

spring.redis.sentinel.nodes <REDIS_SENTINEL_ 10.73.14.154:8001,10.73.1 Sentinel


NODES> 4.171:8001 host:port
values in
CSV
format

spring.redis.password <REDIS_PASSWOR {cipher}AQAQij8qrzwZYCFB For


D> JtQ1kjof29tLK29nrvn Encrypte
d

ht
password
Prefix
with
{cipher}.

ig
Generate
with
encrypt

yr
tool

Cache cache.ttl-duration- <Application Cache 150 Cache


TTL mins.application
op TTL duration> TTL in
minutes
(Applicab
le if
C
Cache is
enabled)

cache.ttl-duration-mins.data- <Data cluster Optional.


e

cluster Cache TTL Defaults


duration> to
cl

Applicati
on cache
TTL
na

cache.ttl-duration-mins.common- <Common Config Optional.


config Cache TTL Defaults
duration> to
Applicati
Fi

on cache
TTL

cache.ttl-duration-mins.cocd <COCD cache TTL 150 Cache


duration> TTL in
minutes
(Applicab
le if
Cache is
enabled)

Functi consent-validity-legacy-in-days <consent validity 15 Consent


onal days> validity
for

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 113 of 184
Digital Engagement Hub Installation Guide
Legacy
(in days)

enable-concurrent-consent <concurrentconsen true (or) false Possible


t> Values -
true ,
false

consent-validity-cdr-in-secs <maximumConsent 31556952 Consent


Duration> validity

ht
for CDR (
in
seconds )

ig
Token service.framework.security.token <token-type> jwt,opaque Type of
Valid -type token

yr
ation validatio
n
(Comma

op seperate
d).
Atleast
one
needs to
C
be
provided.

JWT spring.security.oauth2.resources <JWKS Keyset URI> http://10.73.14.255:9001/j JWKS


e

URL erver.jwt.jwk-set-uri wt/.well-known/jwks.json endpoint


(for JWT
cl

token
validatio
n)
na

OAut service.framework.security.oauth <OAuth Token http://10.73.15.45:4080/o OAuth


h .access-token.introspection.url Validation URL> penauth/validate/token Token
Token validatio
Fi

Valid n URL
ation
URL

Conse consent-expiry.cron.expression 0 0/1 * * * *


nt
Expiry
Cron
Sched
ule

CORS service.framework.security.head <allowed-domains> localhost,10.20.34.123,fina Optional.


ers.accessControlAllowOrigin cle.com Defaults
to *

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 114 of 184
Digital Engagement Hub Installation Guide

Client clients.externalstore.uri <get_clients_exter https://localhost:8243/fin/


Detail nal_api> v1/all-clients
s API

SSL ssl.certificate.validate true (or) false Optional.


Certifi Defaults
cate to true.
valida Indicates
tion if SSL

ht
certificat
es of
External
Servers

ig
need to
be
validated

yr
JCE consent.security.jce.provider default (or) Use
Provi bouncycastle “bouncyc
der
op astle” ito
support
PS256
algorith
C
m in JDK
versions
that do
not
e

support
it.
cl

OpenJDK
8u265 do
not need
na

this

Generating Encrypted Properties


Fi

It is recommended to store sensitive properties like passwords in encrypted format.


PlatformMS_SecurePropertyTool (PlatformMS_SecurePropertyTool.zip is shared as part of
deliverable) can be used to generate encrypted properties
Steps:
1. Generate a Keypair/JKS.
Generate a Keypair with RSA as key algorithm
Ensure that the generate Key is stored in a secure location
Example:

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 115 of 184
Digital Engagement Hub Installation Guide
keytool -genkeypair -alias consentkey -keyalg RSA -dname "CN=Web
Server,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass changeme -keystore
consentkey.jks -storepass changeme
2. Run the Encryptor Tool
PlatformMS_SecurePropertyTool uses the JKS (generated in Step1) to encrypt values.
Run Encryptor Tool like below: (Refer/update Encrypt.bat/sh) like below
java -jar -Dkeystore.password=<keystore_password> -Dkey.password=<key_password> -

ht
Dkey.alias=<key_alias> -Dkeystore.location=<key_location> ConsentMS_SecurePropertyTool.jar
encrypt
Example

ig
java -jar -Dkeystore.password=changeme -Dkey.password=changeme -Dkey.alias=consentkey -
Dkeystore.location=D:\\Workspace\\TestWS\\encryptor-tool\\src\\main\\resources\\server.jks

yr
PlatformMS_SecurePropertyTool.jar encrypt

op
C
e
cl
na
Fi

Enter the value to be encrypt (Text entered will not be displayed on screen). The encrypted value
will be displayed.
For updating Config Server property values, prefix the encrypted value with {cipher}
Multiple values can be encrypted with the Tool.
(Press q to quit the tool)

9.5.5 Running Microservice


The following VM arguments need to be provided while running the microservice

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 116 of 184
Digital Engagement Hub Installation Guide
Feature Property Value Sample Values Comments

Enable spring.cloud.config.uri <CONFIG_SERVER_URI> http://localhost:808


Config 0
Server

spring.cloud.config.user <CONFIG_SERVER_USER configuser


name NAME>

spring.cloud.config.pas <CONFIG_SERVER_PASS password


sword WORD>

ht
spring.profiles.active <CONFIG_PROFILE> prod Ensure that the profile is
also present in config
server

ig
spring.cloud.config.labe <BANK_ID> DBS Optional. For Multientity
l support in Consent MS.
Ensure that folder with

yr
same bankid is available in
the repo

To encrypt.key- <JKS_PATH> file:/keys/consentk Ensure that values are


Decrypt
encrypt
ed
values
store.location

op ey.jks encrypted with this JKS


(using encrypt tool)
C
encrypt.key- <JKS_PASSWORD> changeme Key Store password
store.password

encrypt.key-store.alias <JKS_ALIAS> consentkeyalias


e

encrypt.key- <JKS_SECRET> changeme Key password


store.secret
cl

Data data.folder.path <DATA_FOLDER_PATH> file:/deh-enterprise- Data folder that contains


Folder consent- log42.yml and other static
Path management- configurations
na

ms/data

Loggin logging.config <LOG4J _FILE_PATH> file:/deh-enterprise-


g consent-
Config management-
ms/data/log4j2.yml
Fi

9.5.6 Configuring TrustStore for Third Party SSL certificates


To be updated

9.5.7 Database Driver setup


Database driver JAR needs to copied to the Server library.
Example: In order to use Oracle Database, copy the ojdbc.jar to Tomcat’s lib folder

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 117 of 184
Digital Engagement Hub Installation Guide
9.5.8 Running in Tomcat
1. Download tomcat binary and copy deh-enterprise-consent-management-ms-1111.war into
tomcat’s catalinabase/webapps folder on host machine on which the microservice needs to be run.
Rename the war name to enterprise-consent.war
2. Extract the contents of enterprise-consent-data.zip. Copy the data folder specific to ms to
any path on host machine on which the microservice needs to be run. This folder path needs to be
provided as input to data.folder.path VM argument while starting tomcat
3. By default, tomcat uses 3 ports for its services 8080, 8443, 8009. If you are hosting multiple

ht
microservices on same host machine, unqiue port for each microservice is mandatory. If you
plan to host each microservice in a different host then you can use the same port. Based on your
requirement you need to update the host/port in tomcat\config\server.xml. HTTP port &

ig
Shutdown port is required to be exposed, this document will have instructions to enable http
port,shutdown port and disable ajp port.

yr
Shutdown port configuration

<Server port="8005" shutdown="SHUTDOWN">

HTTP port configuration


<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
op
C
AJP port configuration
Ajp port is not required. You have to comment it
<!--
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
e

-->

Sample Tomcat Start script:


cl
na

enterprise-consent-st
art.sh

The VM arguments can be provided in CATALINA_OPTS


Example:
Fi

set CATALINA_OPTS="-Ddata.folder.path=file:/deh-enterprise-consent-management/data" "-


Dlogging.config=file: /deh-enterprise-consent-management-ms/data/log4j2.yml" "-
Dspring.profiles.active=prod" "-Dspring.cloud.config.uri=http://10.73.15.45:2020/corp" "-
Dspring.cloud.config.username=configuser" "-Dspring.cloud.config.password=password" “-
Dspring.cloud.config.profile=prod” “-Dspring.cloud.config.label=DBS”

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 118 of 184
Digital Engagement Hub Installation Guide
10. Enabling Audit for REST API’s in EB/DEH and Microservices
10.1 Sequence generator configuration
If the operating mode is configured as “Microservices”, condition has been written to look for the
sequence with the OCH_SCHEMA name appended to it. So the Audit related sequences are
appended with ‘$OCH_SCHEMA_NAME’ in the sequence generator property file.
PFB the sample entry,

ht
$OCH_SCHEMA_NAME$.NXT_ADTT_SRL_NO$BANK_ID$ =
com.infosys.feba.framework.sql.sequence.oracle.SequenceGeneratorImplForOracle, SEQT

ig
10.2 Service level Audit configuration

yr
In few cases, same service name has been used at both OCH and microservice level. Hence during
audit, entries will be made in the table twice one at OCH layer and one at microservice layer.
To handle this scenario, a new configuration property has been introduced to support service level

microservice areas.
PFB the sample entry,
op
audit in “microServicesConfig.properties”. This property will be present in both OCH and all
C
IS_DISABLE_SERVICE_AUDIT=RMAUTHENTICATIONSERVICE.AUTHENTICATEANDSIGNO
N|AUTHSCHEMEMAINTENANCESERVICE.CREATE
e

Service name along with method name should be added pipe separated.
cl

Sample Scenarios:
1. Same service is present at both OCH and microservice side
na

a. Making an entry in the OCH property file alone – audit will not happen for those services
at OCH side, but audit will happen at microservice level.
b. Making an entry in the microservice property file alone – audit will not happen for those
services at microservice side, but will happen at OCH level.
Fi

c. Making an entry for same service at both property files – audit will not happen at both sides.

2. Service is present only at OCH side alone


a. Making an entry in OCH property file – audit will not happen at OCH level.

3. Service is present only at microservice side alone


a. Making an entry in microservice property file – audit will not happen at microservice
level.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 119 of 184
Digital Engagement Hub Installation Guide
11. Enabling HTTPS for Camel Outbound Connections
11.1 Camel Configurations
<sslContextParameters id="mySslContextParameters"
xmlns="http://camel.apache.org/schema/spring">
<trustManagers>
<keyStore resource="D:/Certificates/truststore/cacerts.jks"

ht
password="changeit" />
</trustManagers>
</sslContextParameters>

ig
<bean id="authmsssl" class="org.apache.camel.component.http.HttpComponent">
<property name="camelContext" ref="camelContext"/>

yr
<property name="sslContextParameters" ref="mySslContextParameters"/>
<property name="connectionsPerRoute" value="10"/>
</bean>

op
<bean id="http" class="org.apache.camel.component.http.HttpComponent">
<property name="camelContext" ref="camelContext"/>
</bean>
C
Note:
1. The above changes need to be done in DEH/MS applications wherever it is required in order to
e

support for TLS/SSL.


2. authmsssl reference can be used in the urls used for SSL/TLS support.
cl

a. TLS/SSL configure the URL as autmssssl://<ServerAddress>:<ServerSSLPort>


Example: authmsssl://bl4ul26k:8443/ where bl4ul26k is the server name where some
na

microservice say Auth/Limits is deployed and 8443 is application SSL port on which
microservice is running.
b. Normal http support as http://<ServerAddress>:<ServerPort>
Fi

Example: http://bl4ul26k:8096/ where bl4ul26k is the server name where some microservice
say Auth/Limits is deployed and 8096 is application http port.
3. D:/Certificates/truststore/cacerts.jks is the jks path where it is generated. If we need to connect
to some application using camel generate the trustore for that server where the application is
deployed.
4. The trustore path can be modified accordingly with the jks certificate for the generated trustore.
5. The password needs to be provided with the one which is used during generation of trustore
jks.

Note: Generation of trustore jks for TLS/SSL support is provided in the Generation of server
digital certificates.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 120 of 184
Digital Engagement Hub Installation Guide
11.2 Apache Tomcat Configurations
<Connector port="8445" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" keystoreFile="D:/Certificates/keystore.jks" keystoreType="JKS"
keystorePass="changeit" keyPass="changeit"/>

1. Provide the path where keystore for that server is generated.


2. Mention the passwords mentioned during generation of keystore jks.

ht
11.3 Generation of Server Digital Certificates
Generate keystore:

ig
keytool -genkey -alias localhost -keyalg RSA -keypass changeit -storepass changeit -
keystore keystore.jks

yr
Note:
1. Give the server name instead of localhost where drop wizard application is deployed.

op
2. Keypass password and storepass password was given as changeit.

Exporting jks fie generated to server certificate:


C
keytool -export -alias localhost -storepass changeit -file server.cer -keystore keystore.jks
Note:
1. Give the server name instead of localhost where drop wizard application is deployed.
e
cl

Generating trust store:


keytool -import -v -trustcacerts -alias localhost -file server.cer -keystore cacerts.jks -keypass
na

changeit -storepass changeit


Note:
1. Give the server name instead of localhost where drop wizard application is deployed.
Fi

2. Keypass password and storepass password was given as changeit.

Reference for above steps : https://docs.oracle.com/cd/E19798-01/821-1841/bnbyb/index.html

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 121 of 184
Digital Engagement Hub Installation Guide
12. Installation Steps on JBOSS
***Configurations below stand good for both 6.x and 7.1.0, but for some cases it is explicitly
mentioned that the particular step in only required in specific version. So the configuration
stands good in respective version only.

12.1 Deployment
Deployment steps are listed below

ht
12.1.1 Installation Steps

To install Jboss server, download JBOSS EAP from official JBOSS site and unzip the jboss-

ig
eap zip file.

yr
op
C
e
cl
na
Fi

12.1.2 Procedure for Stopping and Starting JBOSS Server


12.1.2.1 Starting JBOSS Server
Go to the <JBOSS_ROOT>/bin and type standalone.bat –b 0.0.0.0
–b 0.0.0.0 argument is used to remotely access the Jboss server.

12.1.2.2 Stopping JBOSS Server


Use ctrl+c on the JBoss console to stop the server.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 122 of 184
Digital Engagement Hub Installation Guide
12.1.3 Installation Packages
The name of OCH WAR will be FEBWeb.war. Please make sure that you take the correct WAR for
deployment based on your requirement.
From 11.5.3, FEBWeb.war present under two locations DEH and ModularDEH directories.
DEH → contains RM screens and api’s for consumer and corporate
ModularDEH → Contains only api’s for consumer and corporate.
Service registry is to be disabled for DEH Instance.

ht
12.1.4 Porting FEBA
12.1.4.1 FEBA WAR extraction and deployment

ig
Deploy the ear in exploded format.

Extract the FEBAWeb.war. All the components will be extracted to FEBAWeb folder and rename the

yr
FEBAWeb folder as FEBAWeb.war.

o jar –xvf FEBAWeb.war (before this copy the WAR in to the current

o
o
folder)
op
The folder FEBAWeb.war is the exploded format.
Place FEBAWeb.war folder and file in
<JBOSS_HOME>/standalone/deployments
C
https://access.redhat.com/site/solutions/170313
e
cl
na
Fi

a) Create the data source configuration as mentioned in this section 11.1.5 Resource Configuration
for V5.
b) In <%JBOSS_HOME%>\bin\standalone.conf make the following changes. Also add configurations
from Client Configuration.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 123 of 184
Digital Engagement Hub Installation Guide
1) Specify the JAVA_HOME path
Eg: JAVA_HOME="E:\jboss-eap-6.1.0\jdk1.7.0_45"
JAVA="E:\jboss-eap-6.1.0\jdk1.7.0_45\bin\java"
***Java version stated above is just an example. Respective version needs to be
configured accordingly.

2) Specify the data folder path

ht
if [ "x$JAVA_OPTS" = "x" ]; then

ig
JAVA_OPTS="-Xms512m -Xmx1400m -XX:MaxPermSize=256m -XX:-UseGCOverheadLimit -
Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -
Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -

yr
Dsun.lang.ClassLoader.allowArraySyntax=true -
DFEBA_SYS_PATH=%PROFILE_PATH%/workdir/data -DPRODUCT_BOOTSTRAP_FILE=
%PROFILE_PATH%/workdir/data/BootstrapFile.properties -

-DFEBA_MERGE_DIRECTORY=%PROFILE_PATH%/workdir/merge op
DFEBA_EXTENSION_DIRECTORY=%PROFILE_PATH%/workdir/extension

-DAPPLICATION_CONFIGURATION_FILE=BankAway.properties DARMLOG_LEVEL=SEVERE -
C
XX:-UseSplitVerifier "
JAVA_OPTS="$JAVA_OPTS -Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS
-Djava.awt.headless=true" JAVA_OPTS="$JAVA_OPTS -
e

Djboss.server.default.config=standalone.xml"
cl

c) In <%JBOSS_HOME%>\bin\standalone.conf. Also add configurations from Client Configuration.


na

rem Setup JBoss specific properties


set JAVA_OPTS=-Dprogram.name=%PROGNAME% %JAVA_OPTS% -Xms512m -Xmx1400m -
XX:MaxPermSize=256m -XX:-UseGCOverheadLimit -noverify -XX:-UseSplitVerifier -
Fi

DAPPLICATION_CONFIGURATION_FILE=BankAway.properties -
DFEBA_SYS_PATH=%PROFILE_PATH%/workdir/data -
DFEBA_EXTENSION_DIRECTORY=%PROFILE_PATH%/workdir/extension
-DFEBA_MERGE_DIRECTORY=%PROFILE_PATH%/workdir/merge -
DPRODUCT_BOOTSTRAP_FILE=%PROFILE_PATH%/workdir/data/BootstrapFile.properties
-Dconfig.server.url=$CONFIGSERVER_URL"
-Dconfig.server.service=$MS_PROFILE_NAME"
-Dconfig.server.profile=$MS_MODULE"
-Dconfig.server.credential.type=basic"
-Dconfig.server.credential.basic.username=configuser"

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 124 of 184
Digital Engagement Hub Installation Guide
-Dconfig.server.credential.vault.token=$VAULT_TOKEN"
-Dconfig.server.credential.basic.password=$PASSWORD"

-XX:-UseSplitVerifier is used for EMMA enabled build.

Note: For JDK 11, do not use -XX:-UseSplitVerifier as its not supported.

ht
d) Modify the context root in jboss-web.xml under WEB-INF folder if needed
<?xml version="1.0"?>

ig
<jboss-web>
<context-root>/deh</context-root>
</jboss-web>

yr
12.1.4.2 Deployment Along with Starting Jboss Server

op
Create a text file and name it as FEBAWeb.war.dodeploy and place FEBAWeb.war.dodeploy file
in <JBOSS_HOME>/standalone/deployments
C
Note: While deploying the ear, jboss will automatically create the FEBAWeb.war.deploying file.
Once the ear successfully deployed, it will override the FEBAWeb.war.dodeploy file into
FEBAWeb.war.deployed. If ear got failed, it will override this file as FEBAWeb.war.failed.
e

FEBAApp.ear.deployed will be created if the application is deployed successfully.


cl

Start the Jboss Server


na

Go to the <JBOSS_ROOT>/bin and type standalone.bat –b 0.0.0.0


–b 0.0.0.0 argument is used to remotely access the Jboss server.

FEBAWeb.war.deployed will be created if the application is deployed successfully.


Fi

12.1.5 Resource Configuration for V5

Following changes are required in JBoss EAP 6.x/7.1.0 for database connection.

Go to the path: %JBOSS_HOME%/modules. Create a directory structure


com/oracle/main.

a) Place the ojdbc8.jar ) inside modules/com/oracle/main directory. Create the


corresponding module.xml in that folder.
b) module.xml should contain the text as below.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 125 of 184
Digital Engagement Hub Installation Guide
Ex:
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="com.oracle">
<resources>
<resource-root path="ojdbc8.jar"/>
</resources>
<dependencies>

ht
<module name="javax.api"/>
<module name="javax.transaction.api"/>

ig
<module name="javax.servlet.api" optional="true"/>
</dependencies>

yr
</module>

%JBOSS_HOME%modules/com/sqlserver/main. op
Note: If we are using the SQL DB, we would have to place the sql jar(sqljdbc4.jar) inside

If we are using the EDB DB, we would have to place the sql jar(sqljdbc4.jar) inside
C
%JBOSS_HOME%modules/com/edb/main.

edb-jdbc17.jar
e

And we need to mention the same jar name inside module.xml in resource-root-path tag.
cl

c) In standalone.xml file(<%JBOSS_HOME%>\standalone\configuration), add the


na

datasource configurations.

It should be under <subsystem xmlns="urn:jboss:domain:datasources:1.1">


Fi

<datasources>
<datasource jndi-name="java:jboss/FEBAV5" pool-name="FEBAV5"
enabled="true">
<connection-url>
jdbc:oracle:thin:@%DBSERVER%: %LISTRENERPORT%:%DBSID%
</connection-url>
<driver>oracle</driver>
<security>
<user-name>ECECUSER</user-name>
<password>actual password</password>
</security>
</datasource>

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 126 of 184
Digital Engagement Hub Installation Guide
<drivers>
<driver name="oracle" module="com.oracle"/>
</drivers>
</datasources>

For Jboss 7.1.0 in above config version of datasource will be having version 5.0 instead
of 1.1 as <subsystem xmlns="urn:jboss:domain:datasources:5.0">

Note: If we are using the SQL DB/EDB changes have to be done to have the appropriate

ht
driver.

ig
d) To make the service available from all remote clients make the following changes in
standalone.xml file

yr
<interface name="public">
<any-ipv4-address/>
</interface>

<socket-binding
op
name="management-http"
port="${jboss.management.http.port:9990}"/>
interface="public"
C
The driver name under drivers and driver tag should be same and jndi name should be
prefixed with java:jboss/.
e

e) Connection pool configuration can be made in the standalone.xml


Eg:
cl

<datasource jndi-name=" java:jboss/FEBAV5" pool-name="FEBAV5" enabled="true" >


na

<pool>
<min-pool-size>60</min-pool-size>
<max-pool-size>200</max-pool-size>
</pool> </datasource>
Fi

f) Non-compliant JDBC 4.0 drivers(ojdbc14 and ojdbc5) require additional changes in


deployments folder.
h) The log4j.xml inside data folder will be referred for logging purpose.

Change the log path in log4j.xml to absolute path.

Eg:

<param name="File"
value=" %PROFILE_PATH%\workdir\log\DBS_FEBA_fatal.log"/>

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 127 of 184
Digital Engagement Hub Installation Guide
Application logs will be generated parallel to data folder.

12.1.6 HIF parallelization related Configuration for V5


• Few properties are externalized for more control over configuration. These properties are
added in Config Server for the purpose of HIF Parallelization.
<Param name="DEFAULT_HIF_PARALLELIZER"/>
<Param name="WORK_MANAGER"/>
<Param name="MIN_RECORDS_PER_THREAD"/>

ht
<Param name="MAX_THREADS_PER_USER"/>
<Param name="PARALLELIZATION_WAIT_TIME"/>
• These properties can be externalized in Config Server application.json file

ig
• Example :
{
"WORK_MANAGER": "java:jboss/ee/concurrency/executor/default",

yr
"DEFAULT_HIF_PARALLELIZER":
"com.infosys.feba.framework.hif.parallelization.ManagedHIFParallelizer",




}

The values can be changed if required.


op
Make sure to keep the given properties values as above example for default values.

JNDI bean configuration can be done in standalone.xml file.


C
12.2 Issues during Deployment
a) Modify
e

<JBOSS_HOME>\standalone\deployments\FEBAWeb.war\WEB-INF\wsdl\Servicerequest.wsdl
cl

Comment all references to:


1) FMFProcessFormMTR_INITIATERequest
na

2) FMFProcessFormMTR_INITIATEResponse

PFA file for ref:


Fi

Servicerequest.wsdl

If this change is not done in code, then during deployment, you will get error.

ERROR
Caused by: org.apache.ws.commons.schema.XmlSchemaException: An imported schema was
announced to have the namespace

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 128 of 184
Digital Engagement Hub Installation Guide
http://www.infosys.com/request/FMFProcessFormMTR_INITIATE, but has the namespace
http://www.infosys.com/response/FMFProcessFormMTR_INITIATE

c) Application flow: Not able to restrict account access for following combination - Inquiry
NO, Transact ALL, Authorize ALL

ht
Error:
java.lang.IllegalStateException: JBWEB002004: More than the maximum number of request
parameters (GET plus POST) for a single request (512) were detected. Any parameters beyond this

ig
limit have been ignored. To change this limit, set the maxParameterCount attribute on the Connector.
At org.apache.tomcat.util.http.Parameters.addParameter(Parameters.java:184)

yr
at org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:360)
Add the following in standalone.xml to resolve this error.
<server xmlns="urn:jboss:domain:1.3">
...
<system-properties>
op
C
<property name="org.apache.tomcat.util.http.Parameters.MAX_COUNT" value="1000"/>
</system-properties>
...
e

<profile>
cl

12.2.1 Testing FEBA URL


na

Login through the port specified in <%JBOSS_HOME%>/


standalone/configuration/standalone.xml.
Fi

<socket-binding-group name="standard-sockets" default-interface="public" port-


offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="http" port="9990"/>
Note: This is the place where you can change the port number.
For retail and corporate, login through
http://vchnsefallcm-
21:8080/corp/AuthenticationController?FORMSGROUP_ID__=AuthenticationFG&__START_TRAN_
FLAG__=Y&FG_BUTTONS__=LOAD&ACTION.LOAD=Y&AuthenticationFG.LOGIN_FLAG=1&BAN
K_ID=DBS
For Admin/RM, login through

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 129 of 184
Digital Engagement Hub Installation Guide
http://vchnsefallcm-
21:8080/corp/AuthenticationController?FORMSGROUP_ID__=AuthenticationFG&__START_TRAN_
FLAG__=Y&FG_BUTTONS__=LOAD&ACTION.LOAD=Y&AuthenticationFG.LOGIN_FLAG=2&BAN
K_ID=DBS

12.3 Porting FEBA on JBoss Enterprise Web Server

ht
Download JBoss EWS 2.0.1 for windows from RedHat site.

ig
For installation, just extract the zip file

yr
op
C
e
cl

➢ Create three folders under etc\httpd


na

run, modules and logs


Fi

➢ Copy all the .so modules from lib\httpd\modules to etc\httpd\modules

➢ Edit the httpd.conf file present in etc\httpd\conf

Uncomment these 4 modules in httpd.conf

LoadModule slotmem_module modules/mod_slotmem.so


LoadModule manager_module modules/mod_manager.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 130 of 184
Digital Engagement Hub Installation Guide
LoadModule advertise_module modules/mod_advertise.so

And add this virtual host entry at the end of httpd.conf

<VirtualHost 10.10.10.10:6666>
<Directory />
Order deny,allow

ht
Allow from all
</Directory>

ig
<Location /mod_cluster-manager>
SetHandler mod_cluster-manager

yr
Order deny,allow
Allow from all
</Location>
KeepAliveTimeout 60
ManagerBalancerName mycluster
op
C
ServerAdvertise On
EnableMCPMReceive On
e

</VirtualHost>
cl
na

10.10.10.10 is the web server ip address and 6666 should be some unique port number.
Fi

Change the same in Listen address.

Listen 10.10.10.10:6666

➢ Disable mod_proxy_balancer by commenting out the LoadModule directive for


mod_proxy_balancer.so

12.3.1 Mapping of Application Server with Web Server


Configuration on Jboss EAP 6.x/7.1.0

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 131 of 184
Digital Engagement Hub Installation Guide
➢ Use standalone-ha.xml configuration file

Add the proxy-list attribute in the standalone-ha.xml to include httpd's mod_cluster listen
ip set above
<mod-cluster-config advertise-socket="modcluster" connector="ajp" proxy-
list="10.10.10.10:6666">

➢ While starting server, use -server-config=standalone_ha.xml

ht
Eg: standalone.bat –b 0.0.0.0 -server-config=standalone_ha.xml

ig
➢ Since we are using standalone_ha.xml configuration file, all the configuration related to
FEBA application mentioned above (like DB, port etc) needs to be applied in this

yr
standalone_ha.xml file.

op
https://access.redhat.com/site/solutions/283263

12.3.2 Starting and Stopping of Web Server


C
To start the web server, go to <EWS_HOME>/etc/httpd and give
e

net start Apache2.2


cl

To stop the server


na

net stop Apache2.2


Fi

12.3.3 Testing FEBA URL using EWS

Login through the port specified in httpd.conf

http://10.10.10.10:6666/corp/AuthenticationController?FORMSGROUP_ID__=AuthenticationFG&__
START_TRAN_FLAG__=Y&FG_BUTTONS__=LOAD&ACTION.LOAD=Y&AuthenticationFG.LOGIN
_FLAG=1&BANK_ID=DBS

JBOSS with SQL Server

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 132 of 184
Digital Engagement Hub Installation Guide
Open the below file and made following Changes.

JBOSS_HOME\standalone\configuration\ standalone.xml

Changes:
▪ Change Connection Url, Driver Class, Security tags to SQL
• <connection-url>jdbc:sqlserver://fintestvm-

ht
06;DatabaseName=DB11010;instanceName=SQL2012</connection-
url>

ig
• <driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-
class>

yr
• <security>
<user-name>ECECUSER</user-name>
<Password>%ACTUAL_Password%</password>
</security>
op
Note: Need to provide Normal Password (not encrypted) for SQL / Oracle
C
File Upload
Open the below file and made following Changes.
e

JBOSS_HOME\standalone\configuration\ standalone.xml
cl

Add below attribute for http and https listener params.


max-post-size=”104857600”
na

This is required for file uploads of huge MBs. max-post-size attribute should be configured with byte
range which is equal to or greater than the PRPM FU_MAX_UPLOAD_SIZE configured value.
<http-listener name=”default” socket-binding=”http” redirect-socket=”https” enable-http2=”true” max-post-
Fi

size=”104857600”/>
Same to be added for https listener also.

Go to the below path and do the following changes.

JBOSS_HOME\modules\com\oracle\main
• Place the sqljdbc4.jar in the path
• Open module.xml and give the same jar name ex:

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 133 of 184
Digital Engagement Hub Installation Guide
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="com.oracle">
<resources>
<resource-root path="sqljdbc4.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>

ht
<module name="javax.transaction.api"/>
<module name="javax.servlet.api" optional="true"/>

ig
</dependencies>
</module>

yr
Notes:


file. op
We need to give complete path instead of relative path in the <<Bank_ID>>_log4j.xml

Attached File will show the sample Log for Successful deployment.
C
COMMON DATA FOLDER CONFIGURATIONS:
e

1.In BankAway.properties:
cl

The Landing page entries should be changed accordingly for the bank id to be used. For example,
LANDING_PAGE_DBS_001 entries are for bank id DBS and language id 001.
na

So if bank id is different then, this entry should be updated accordingly. There are multiple entries like
this for every language id.

3.License configurations are as per Bank ID. As per the Current License, it will work for Bank
Fi

ID 'DBS'. If the BankId is other than 'DBS', LicenseGenerator needs to be executed corresponding to
new BankId to generate the license file and it is to be kept in data/lic folder.
In Data Folder, the below files are available in lic Folder.
LicenseBackup.dat
4. extension\hif\config\EB_HIF.xml (only applicable to Standalone and OCH profile):
Change the entry fileNames to use correct host configuration.

For example, if we are using 10219 Host, then make changes in


\extension\hif\config\HIF_10219_Host.xml.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 134 of 184
Digital Engagement Hub Installation Guide
a. EBANKING_EXPOSED_SERVICES_OAUTH and b.
EBANKING_EXPOSED_SERVICES

<hostConfig hostName="EBANKING_EXPOSED_SERVICES_OAUTH">
<routeConfigList>
<routeConfig routeName="XML/HTTP">
<routerClassName>com.infosys.feba.framework.hif.protocol.XServiceHandler</routerClassN
ame>

ht
<responseConverter>com.infosys.feba.framework.hif.processor.XMLHostResponseConverte
r</responseConverter>
<propertyConfig>

ig
<properties>
<property name="MessageFormat" value="XML"/>
<property name="URL" value="http://SERVER_NAME:PORTNUM/corp/XService"/> --

yr
Mention the URL of the profile in which configuration is done
<property name="State" value="N"/>
<property name="USERNAME" value="DBS.VIRUSR"/> -- Working virtual for the profile
<property name="ACCESSCODE" value="c"/>

op -- Encrypted password for the virtual user


<property name="APP_SERVER_JSESSION_VARIABLE" value=";jsessionid="/>
</properties>
C
<hostConfig hostName="EBANKING_EXPOSED_SERVICES">
<routeConfigList>
<routeConfig routeName="XML/HTTP">
e

<routerClassName>com.infosys.feba.framework.hif.protocol.XServiceHandler</routerClassN
ame>
cl

<responseConverter>com.infosys.feba.framework.hif.processor.XMLHostResponseConverte
r</responseConverter>
na

<propertyConfig>
<properties>
<property name="MessageFormat" value="XML"/>
<property name="URL" value="http://SERVERNAME:PORTNUM/corp/XService"/> --
Fi

Mention the URL of the profile in which configuration is done


<property name="State" value="N"/>
<property name="USERNAME" value="DBS.VIRUSR"/> -- Working virtual for the profile
<property name="ACCESSCODE" value="c"/> -- Encrypted password for the virtual user
<property name="APP_SERVER_JSESSION_VARIABLE" value=";jsessionid="/>
</properties>

12.data/client-beans.xml (OCH Application)


User Has to Update below two values in ConfigServer
1) REMOTE_SERVICE_URL
2) AUTH_REMOTE_SERVICE_URL

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 135 of 184
Digital Engagement Hub Installation Guide
This is used for calling remote services in the EB/OCH application to authentication micro-
services use case. We have implemented RM use case of Authentication microservice.
Service Event mapping of use cases of authentication microservice is mentioned in
Spring_Remote_Configuration.xml like as below

<Service><ServiceName>InqFWService</ServiceName> <Framework>Inquiry</Framework>
<EventId>AMPINQ</EventId><BeanId>authenticationRemoteServiceBean</BeanId></Servi
ce>

ht
Note:
Some jars and JS files mentioned below have been externalized. After WAR is extracted and copied

ig
before staring they have to be placed in appropriate location by refreshing the WAR. The download
URL is also mentioned below:

yr
1. Sqljdbc4.jar: https://www.microsoft.com/en-in/download/details.aspx?id=11774
2. Ojdbc8.jar: https://www.oracle.com/database/technologies/appdev/jdbc-ucp-19c-downloads.html

op
3. jquery.dynatable.js: http://github.com/alfajango/jquery-dynatable/
4. jquery.blockUI.js: http://www.malsup.com/jquery/block/
C
Jars files to be patched in the lib folder.
e

jquery.dynatable.js – to be patched in the path FEBAWeb.war\scripts\analytics\lib\jquery\


jquery.blockUI.js – to be patched in the path FEBAWeb.war\scripts\ria\ajaxfeatures\
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 136 of 184
Digital Engagement Hub Installation Guide
13. FEBA Deployment on Weblogic
13.1 Creation and Configuration for New WebLogic Domain
Step1: Start the QuickStart through Start → All Programs →Oracle WebLogic→QuickStart

ht
ig
yr
op
Step2: Click on Getting Started with WebLogic Server 10.3.4 (Server version may change
depending on the installed WebLogic Server)
C
e
cl
na
Fi

Step3: Select the Create a new WebLogic domain radio button and click on Next button.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 137 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
Step4: Select the Generate domain configured automatically to support. Select Radio button and
e

click on Next button.


cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 138 of 184
Digital Engagement Hub Installation Guide

Step5: Change the Domain Name and click on Next button.

ht
ig
yr
op
C
Step6: Configure the Administrator UserName and Password and click On Next button
e
cl
na
Fi

Step7: Configure the server start mode and JDK and click on Next button.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 139 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
Step8: Check the Administration Server and click on Next to change the Administration settings.
e
cl
na
Fi

Step9: Change the port Number and Name of the server if required and click on [Next] button.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 140 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
Step 10: Click on [create] button to create the new domain.
C
e
cl
na
Fi

Step 11: Click on [Done] button for the new domain configuration.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 141 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
e

13.2 FEBA Deployment on Weblogic


cl

Step 1: Starting Admin Console


Go to bin folder inside your domain and run startWebLogic.cmd for starting the Admin server for
na

WebLogic Domain
For UNIX: ./startweblogic.sh for getting the admin console for the very first time
You can also start the Admin server for Weblogic Domain though below Navigation
Fi

Start Menu→ All Programs →Oracle Weblogic→User Projects→First_Domain (your Domain


name)-> start the Admin server for Weblogic Domain

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 142 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
e
cl
na
Fi

Step 2: Login to the Admin console using the User Id and Password given while creating the
Domain

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 143 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
13.2.1 Managed Server Creation
e
cl
na
Fi

Step 1: Click on Environment Side Bar link and then click on Servers link in the Main page

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 144 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
Step 2: Click on New button for creating a new server
e
cl
na
Fi

Step 3: Give the server name (say server1).

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 145 of 184
Digital Engagement Hub Installation Guide
Server Listen Address should be the Machine name or IP Address of the host machine where
this Weblogic is installed.
Server Listen port should be different than the Admin console port no (this is port no used in
login url)
Select the “No, this is a Stand-alone server” radio button and click on Finish button

ht
ig
yr
op
C
e
cl
na

To avoid SSLException, we need to ensure the below setup is proper:


In the file, $DOMAIN_PATH$/nodemanager/nodemanager.properties we need to ensure that
the following properties are having the below values:
SecureListener=false
Fi

ListenAddress=$IP_ADDRESS_OF_DEPLOYED_MACHINE$
In Weblogic console, we need to make the similar config like below, make sure the “Type” is
“Plain”

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 146 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
The Above screen is displayed after creation of the server “server1”

13.2.2 Enabling Server Logs through Admin Console


op
For Enabling sop’s in server logs, click on the server hyperlink (In this case server1 is the
server name) which is created as shown above, and click on Logging tab
C
Rotation File size should be increased to 5000
Limit number of retained files & rotate log file on startup checkboxes should be checked
Files to retain: should be increased to 100
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 147 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
e

Save the above configurations and click on the Advanced button which is just on top of the Save
cl

button in the same logging Tab as shown in the above screen shot
na

In the Advanced options of Logging tab, below changes are to be done,


Minimum severity to log: should be selected as Info
Logging implementation: should be changed from JDK to Log4J
Redirect stdout logging enabled and Redirect stderr logging enabled checkboxes should
Fi

be checked

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 148 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
In Message destination(s), below changes are to be made as shown in the next screen shot
and then save the changes
Severity level: should be changed from Trace to Notice
e

Log File Buffer and Buffer Size should be increased to 10


Memory Buffer Severity level: should be Debug
cl

Memory Buffer Size: should be increased to 500


na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 149 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
e
cl
na
Fi

13.2.3 Creation of a Data Source


Step 1: Click on Services→ Data Sources under [Domain Structure].Then click on [New] button
to create the Data Source for the database.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 150 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
Step 2: Specify the data source name and JNDI name. Select the database type and the
appropriate database Driver for Oracle from the drop down and click [Next] button.
C
e
cl
na
Fi

Step 3: Click [Next] button to proceed.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 151 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
Step 4: click on [Next] to proceed.
op
C
e
cl
na
Fi

Step 9: Specify the database name, server name, port, username and password. Then click on
[Next] to proceed.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 152 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
Step 5: Click [Test Configuration] to test the data source configuration. The succeeded message
will be appeared if the configuration is correct. Then click [Finish] button.
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 153 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
Step 6: Select the target server and click [Finish] button

op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 154 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
Click on server, and click on server start, and modify the VM arguments,
C
Add below arguments under server start tab . Also add configurations from Client Configuration.
e

-DFEBA_SYS_PATH="<<Workspace_path>>\WorkingDirectory\data"
cl

-DFEBA_EXTENSION_DIRECTORY=="<<Workspace_path>>\WorkingDirectory\extension”
-DFEBA_MERGE_DIRECTORY=="<<Workspace_path>>\WorkingDirectory\merge”
na

-DPRODUCT_BOOTSTRAP_FILE=<<WorkingDirectory>>\data\BootstrapFile.properties
-DAPPLICATION_CONFIGURATION_FILE="BankAway.properties"
-DFICLIENT_APP_PATH="<<Workspace_path>>\WorkingDirectory"
Fi

-DFI_BASE_INSTANCE_ID=1 -XX:+UseG1GC -Xverify:none -DFI_APP_NAME=FIONLINE


-DFI_IS_CONFIGSER=N -Dweblogic.security.allowCryptoJDefaultJCEVerification=true
-Dweblogic.security.allowCryptoJDefaultPRNG=true -XX:+UnlockCommercialFeatures
-XX:+ResourceManagement -Dcom.ibm.enableClassCaching=false
-Dlog4j.Configuration=/data/profile/WEBLOGIC/Workingdir/data/$BANK_ID$_log4j.xml

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 155 of 184
Digital Engagement Hub Installation Guide

Step 12: DataBase connectivity issues

ht
Case -1: For Weblogic Server 10.3.5 and earlier versions below change in code is required.

ig
In Weblogic Server 10.3.5 and earlier versions
javax.sql.DataSource.getConnection(X,Y) method used in

yr
ConnectionManagerDSImpl.java was not supported
(javax.sql.DataSource.getConnection() method was supported with out arguments).
So, we need to change the getConnection() method signature by removing UserId,

to
op
Password arguments in ConnectionManagerDSImpl.java
from dbConnection = ds.getConnection(UserId, Password);
dbConnection = ds.getConnection();
C
Case -2: For Weblogic Server 10.3.6 and Later versions
javax.sql.DataSource.getConnection(X,Y) method is supported and so no code
changes are required only below changes in Admin console and Database are
e

required.
cl

1. Login to Admin console, Navigate to below path


Services-> Data Sources-> click on DataSource hyperlink (In our case FEBAV5) -
> Select Oracle Tab -> click on Use Database Credentials checkbox ass
na

highlighted in the below screenshot and click on Save button to save the changes.
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 156 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
2. Provide authorization to connect for ECECUSER user in database by runing the
below script in the db.

ALTER USER ECECUSER GRANT CONNECT THROUGH ECECUSER;


e

13.2.4 Installation Packages


cl

The name of OCH WAR will be FEBWeb.war. Please make sure that you take the correct WAR for
deployment based on your requirement.
na

From 11.5.3, FEBWeb.war present under two locations DEH and ModularDEH directories.
DEH → contains RM screens and api’s for consumer and corporate
ModularDEH → Contains only api’s for consumer and corporate.
Fi

Service registry is to be disabled for DEH Instance.

13.2.5 Types of Deployments

Build scripts changes are done for generation of WEBLOGIC specific WAR. Weblogic WAR can be
deployed in 2 forms as shown below

Option-1: Deployment of weblogic specific WAR ( FEBWeb .war) from the build as it is.

➢ Get Latest FEBA war (generated after successful build with current set up available with
BAMA team and in latest Build setup as well).

➢ Deploy the WAR by following the steps mentioned in section 11.2.8 WAR Deployment.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 157 of 184
Digital Engagement Hub Installation Guide
➢ Get the Data folder from the build do the changes as mentioned in section 11.2.7 for
making data folder compatible with Weblogic.

➢ The problem with this type of Deployment is for applying any patches, we need to put the
respective patch (either JSP or jar) directly inside the zipped WAR which is further
present in EAR. Since the WAR and EAR files are zipped putting the patches inside them
is time consuming and sometimes if the Ear size is too large there are chances of EAR
getting corrupted/ as well.

ht
Option-2: Deployment of extracted WAR.

➢ We need to extract the WAR (FEBAWeb.war) which we got from the Build setup.

ig
➢ Need to extract the WAR (FEBAWeb.war) file as well inside the EAR

yr
➢ Now deploy the extracted WAR by following the same procedure mentioned in section
11.2.8 WAR Deployment.

➢ Do the Data folder configurations as mentioned in section 11.2.7 for making data folder
compatible with Weblogic.
op
➢ Applying patches is fairly simple compared to normal WAR deployment as we can directly
C
place the jars or JSP patches inside the WAR folders. No chance of corrupting the WAR
file.
e

13.2.6 WAR Modifications to Make it Compatible with Weblogic


cl

The changes mentioned in this section are not required to be done explicitly if we take the Weblogic
specific WAR generated from the build.
na

All these changes are available in the build setup for generating the Weblogic Specific WAR.

Step 1: Extract the WAR,


Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 158 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
Step 2: Place weblogic.xml file in the FEBAweb\WEB-INF\ directory. weblogic.xml should have the
below content inside it. Modify context-root if needed.
e

weblogic.xml content
cl

<?xml version="1.0" encoding="UTF-8"?>


<weblogic-web-app xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app">
na

<!-- Context Root for the web application


Note: In case of ear deployment, the context-root in application.xml takes
Fi

precedence over this -->


<context-root>/corp</context-root>
<container-descriptor>
<prefer-web-inf-classes>true</prefer-web-inf-classes>
<!—Added below entries to enable the Log4j logging for versions 12.1.2 and above -->
<prefer-application-packages>
<package-name>org.apache.log4j.*</package-name>
<package-name>org.apache.*</package-name>
<package-name>org.slf4j.*</package-name>

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 159 of 184
Digital Engagement Hub Installation Guide
</prefer-application-packages>
</container-descriptor>
</weblogic-web-app>

Step 3: Web.xml changes:


Comment the below gesture servlet tag if already not commented.

ht
<servlet>
<servlet-name>gesture</servlet-name>

ig
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>

yr
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.infosys.ebanking.rest.common.v1.GestureResourceConfiguration</param-
value>
</init-param>
<init-param>
op
C
<param-name>jersey.config.server.response.setStatusOverSendError</param-name>
<param-value>true</param-value>
</init-param> -->
e

<!-- <init-param>
cl

<param-name>uri</param-name>
<param-value>/gesture/</param-value>
na

</init-param>
<init-param>
<param-name>jersey.config.server.provider.scanning.recursive</param-name>
Fi

<param-value>true</param-value>
</init-param>
<init-param>
<param-name>jersey.config.disableMetainfServicesLookup</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 160 of 184
Digital Engagement Hub Installation Guide

Step 4: Place the wllog4j.jar in data folder

ht
ig
yr
op
C
Wllog4j.jar You will find in the wlserver_10.3\server\lib directory,
e

N>B--- It may different for each version of weblogic, so copy it from your weblogic installation path
cl

only.
..\Oracle\Middleware\wlserver_10.3\server\lib
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 161 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
e

Step 5: Place this jar files inside the domain \lib directory,
cl
na
Fi

Create log folder

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 162 of 184
Digital Engagement Hub Installation Guide

ht
Step 6: Give the Absolute log path in DBS_log4j.xml

ig
yr
op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 163 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
e

13.2.7 Data Folder Configuration


cl

Now Refer to the section “Common Data Folder Configuration” in the document for the further steps.
na

Step 1: In Onlineclient_Config.properties file, update the below the


“com.ibm.websphere.naming.WsnInitialContextFactory” with “weblogic.jndi.WLInitialContextFactory”

Step 2: In bankaway.property Replace the IIOP according to your environment


Fi

(IIOP://hostname:portNo/) like IIOP://chnmct210406d:8001/


Replacing all instances of IIOP://arya:2811/with IIOP://chnmct210406d:8001/

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 164 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
Also Update BOOTSTRAP_ADDRESS field value your host name and port number as shown below

op
Replacing IIOP://localhost:2809 with IIOP://chnmct210406d:8001/
C
e
cl
na
Fi

Step 3: In Weblogic, it is observed that the paths like “.../../../” is not being recognized. So, we have
to give the Absolute paths instead of these paths in all the files where ever such paths are being used.
Step 4: In Log4j.xml file,
Before change:
<param name="File" value=".\\log\\$BANK_ID$_FEBA_fatal.log"/>
As shown in the above line, the highlighted path has to be replaced with the Absolute path as shown
in the below line similarly in all such places it has to be absolute paths
After change:

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 165 of 184
Digital Engagement Hub Installation Guide
<param name="File"
value="...\Oracle\Middleware\user_projects\domains\FEBA\WorkingDir\log\$BANK_ID$_FEBA_
fatal.log"/>
1. Similarly, in HIF_HOST.xml file, stubs path has to be Absolute path where ever “../../../” path
is being used replace it with the Absolute path

For the routeName "StubbedFI" and "DBStubbedFI", the stub path should be changed

ht
to absolute paths
Before change:

ig
<property name="MessageFormat" value="XML"/>
<property name="RequestPath" value="./stub/request"/>

yr
<property name="ResponsePath" value="./stub/response"/>
<property name="XSDPath" value="./stub/xsd"/>
<property name="SERVICE_REQUEST_VERSION" value="10.4"/>

op
In the above code, ./ Should be replaced with Absolute paths as shown below
C
After change:
<property name="MessageFormat" value="XML"/>
e

<property name="RequestPath"
value="..\Oracle\Middleware\user_projects\domains\FEBA\WorkingDir\stub\request"/>
cl

<property name="ResponsePath"
value="..\Oracle\Middleware\user_projects\domains\FEBA\WorkingDir\stub\response"/>
na

<property name="XSDPath"
value="..\Oracle\Middleware\user_projects\domains\FEBA\WorkingDir\stub\xsd"/>
<property name="SERVICE_REQUEST_VERSION" value="10.4"/>
Fi

Below are some more configurations:

Step 5: In workdir\extension\PRPM.xml:
Modify the below parameter:
<Param name = "SERVERNAME" value = "WEBLOGIC" />
Step 6: In BankAway.properties:

If the database password is using single encryption mechanism, then the change the below
parameter to N. (Ex: if password is vkgadm i.e. plain password without encryption, this parameter

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 166 of 184
Digital Engagement Hub Installation Guide
should be changed to N) <Param name="DB_PWD_ENCRYPTION_ALGO_REQUIRED" value="Y"
comment="this property is from BankAway.properties"/>

Also, landing page entries should be changed accordingly for the bank id to be used. For example,
LANDING_PAGE_DBS_001 entries are for bank id DBS and language id 001.
So if bank id is different then, this entry should be updated accordingly. There are multiple entries
like this for every language id.

ht
Step 8: License configurations are as per Bank ID. As per the Current License, it will work for Bank
ID

ig
'DBS'. If the BankId is other than 'DBS', LicenseGenerator needs to be executed corresponding to
new BankId to generate the license file and it is to be kept in data/lic folder.

yr
In Data Folder, the below files are available in lic Folder.
LicenseBackup.dat

op
Step 9: extension\hif\config\EB_HIF.xml (only applicable to Standalone and OCH profile):
Change the entry fileNames to use correct host configuration.
C
Step 10: Depending upon the host configured in the EB_HIF.xml, please make following
configuration changes in the respective Host file.
e

For example, if we are using 10219 Host configured in Step10, then make changes in below tags in
\extension\hif\config\HIF_10219_Host.xml.
cl

<hostConfig hostName="EBANKING_EXPOSED_SERVICES_OAUTH">
na

<routeConfigList>
<routeConfig routeName="XML/HTTP">
<routerClassName>com.infosys.feba.framework.hif.protocol.
XServiceHandler</routerClassName>
Fi

<responseConverter>com.infosys.feba.framework.hif.processor.
XMLHostResponseConverter</responseConverter>
<propertyConfig>
<properties>
<property name="MessageFormat" value="XML"/>
<property name="URL" value="http://SERVER_NAME:PORTNUM/corp/XService"/> --
Mention the URL of the profile in which configuration is done
<property name="State" value="N"/>
<property name="USERNAME" value="DBS.VIRUSR"/> -- Working virtual for the profile
<property name="ACCESSCODE" value="c"/> -- Encrypted password for the virtual user
<property name="APP_SERVER_JSESSION_VARIABLE" value=";jsessionid="/>
</properties>

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 167 of 184
Digital Engagement Hub Installation Guide

<hostConfig hostName="EBANKING_EXPOSED_SERVICES">
<routeConfigList>
<routeConfig routeName="XML/HTTP">
<routerClassName>com.infosys.feba.framework.hif.protocol.XServiceHandler</routerClassN
ame>
<responseConverter>com.infosys.feba.framework.hif.processor.XMLHostResponseConverte
r</responseConverter>
<propertyConfig>

ht
<properties>
<property name="MessageFormat" value="XML"/>
<property name="URL" value="http://SERVERNAME:PORTNUM/corp/XService"/> --

ig
Mention the URL of the profile in which configuration is done
<property name="State" value="N"/>
<property name="USERNAME" value="DBS.VIRUSR"/> -- Working virtual for the profile

yr
<property name="ACCESSCODE" value="c"/> -- Encrypted password for the virtual user
<property name="APP_SERVER_JSESSION_VARIABLE" value=";jsessionid="/>
</properties>

Step 14: data/client-beans.xml (OCH Application) op


User Has to Update below two values in Config Server
C
1) REMOTE_SERVICE_URL
2) AUTH_REMOTE_SERVICE_URL
e

This is used for calling remote services in the EB/OCH application to authentication micro-
cl

services use case. We have implemented RM usecase of Authentication microservice.


Service Event mapping of usecases of authentication microservice is mentioned in
Spring_Remote_Configuration.xml like as below
na

<Service> <ServiceName>InqFWService</ServiceName>
<Framework>Inquiry</Framework> <EventId>AMPINQ</EventId>
Fi

<BeanId>authenticationRemoteServiceBean</BeanId> </Service>

13.2.8 WAR Deployment in Weblogic Post Modification


Step 1: Click on the Install button, give the path of the Exploded WAR.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 168 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
e

Step 2: Select the radio button for the Exploded EAR and click on Next button
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 169 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
Step 3: Select the first radio button (Install this deployment as an application) and click on Next
button.
e
cl
na
Fi

Step 4: Select the target server and click on Next

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 170 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
Step 4: Select the first (DD Only: Use only the roles and policies that are defined in the deployment
descriptors) and last (I will make the deployment accessible from the following location) radio buttons
C
and click on Next button
e
cl
na
Fi

Step5: Click [Finish] to deploy the application.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 171 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
e
cl

Also, delete jars, from FEBAWeb.war/WEB-INF/lib, such as,


log4j-core-2.11.0.jar
na

log4j-api-2.11.0.jar
log4j-1.2.17.jar
And place those jars in /Oracle/Middleware/Oracle_Home/user_projects/domains/$domain$/lib
Fi

13.2.9 Setting FEBA SysPath in Server


Also add configurations from Client Configuration.
Open the file ...\domains\first_domain\bin\setDomainEnv.cmd, set the data folder path to
JAVA_OPTIONS as below and also shown in the below screen shot.
set "JAVA_OPTIONS=%JAVA_OPTIONS% -
DFEBA_SYS_PATH=../Oracle/Middleware/user_projects/domains/FEBA/WorkingDir/data"
set "JAVA_OPTIONS=%JAVA_OPTIONS% -
DAPPLICATION_CONFIGURATION_FILE=BankAway.properties"
set JAVA_OPTIONS=%JAVA_OPTIONS%
-DFEBA_SYS_PATH=/u01/oracle/WORKDIR/data

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 172 of 184
Digital Engagement Hub Installation Guide
-DFEBA_EXTENSION_DIRECTORY=%PROFILE_PATH%/workdir/extension
-DFEBA_MERGE_DIRECTORY=%PROFILE_PATH%/workdir/merge
–DAPPLICATION_CONFIGURATION_FILE=BankAway.properties
-DPRODUCT_BOOTSTRAP_FILE=/u01/oracle/WORKDIR/data/BootstrapFile.properties -
Dweblogic.security.SSL.ignoreHostnameVerification=true"

ht
ig
yr
op
C
13.2.10 Starting Managed Server
Step 1: Go to servers under environment in domain structure panel, through weblogic admin
console.
e

Step 2: click on lock & edit, and click on control tab in summary of server panel.
cl

for eg: ../Oracle/Middleware/user_projects/domains/First_domain/bin


na
Fi

Step 3: Select the server, and click on to start the server. Now the server will be started.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 173 of 184
Digital Engagement Hub Installation Guide
Step 4: Once the Server is started, you can verify the status of the Admin Server and Managed server
under the Servers tab of Admin console. Both Admin and Managed servers will be in Running State
and Health will be shown as OK with green Tick Mark

ht
ig
yr
green Tick
op
Step 5: Similarly, you can verify the Status of the Deployed WAR under Deployments link of Admin
console. State will be Active after the Managed Server is started and Health will be shown as OK with
Mark
C
e
cl
na
Fi

13.2.11 Enabling Verbose for Class Loading Issues


For Enabling the Verbose,

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 174 of 184
Digital Engagement Hub Installation Guide
Step 1: In setDomainEnv.cmd, add the below yellow highlighted entry for pointing the
JAVA_HOME to JRockit instead of JDK since JDK does not support Verbose.
In case JRockit is not available then get the JRockit copied/installed in the host machine.

set JAVA_HOME=../Oracle/Middleware/jrockit_160_24_D1.1.2-4

ht
ig
yr
op
Step 2: In …\domains\first_domain\bin\startManagedWebLogic.cmd, add the below yellow
highlighted entry for enabling Verbose.
C
set JAVA_OPTIONS=%JAVA_OPTIONS% -Xverbose:class -
Xverboselog=verboseclass.log
set "JAVA_OPTIONS=%JAVA_OPTIONS% Dweblogic.log.Log4jLoggingEnabled=true"
e
cl
na
Fi

13.2.12 Common Issues Faced in Weblogic Deployment and Application

1. We were getting JAXB.properties file not found post deployment while starting the
server. So have to comment out the jaxb.properties file call in AppEventUtil.java.

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 175 of 184
Digital Engagement Hub Installation Guide

Solution: The file javax/xml/bind/ContextFinder.class inside jaxb-api.jar is referring


to JAXB.properties file. But this file is not used in WebSphere since in WebSphere we
usually mention the class loading property as Parent class loader first so usually IBM
jars will be referred instead of this jar and so in WebSphere we are not getting this
error. Either this jar has to be deleted from …\WEB-INF\lib\ folder
Or else the class loading property has to be changed so that priority is set to Parent
class loading instead of …\WEB-INF\lib\ as mentioned below
1. Delete jaxb-api.jar from …\FEBAWeb.war\WEB-INF\lib\ folder

ht
Or
2. Do the below changes
1. Inside \WEB-INF\weblogic.xml, below code is to be commented

ig
<!--
<container-descriptor>
<prefer-web-inf-classes>true</prefer-web-inf-classes>

yr
</container-descriptor>
-->

op
2. JSP Compilation issue while loading few jsp’s as it could not parse few expressions (like
initiate issuance cheques and Initiate Issuance Others JSP’s)
C
e
cl
na

for this, we need to introduce <rtexprvalue>true</rtexprvalue> for name attribute in


Page tag in feba_taglib.tld file
Fi

Till now we came across the below 2 such instances and hence modified accordingly in
feba_taglib.tld file
1. For the tag with name “caption”, expression was not allowed for “linkstyle” attribute as
rtexprvalue was not set to true (usage InitiateIssuanceChequeRecurring.jsp and
InitiateIssuanceOthersRecurring.jsp files).

<attribute>
<name>linkstyle</name>
<required>false</required>

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 176 of 184
Digital Engagement Hub Installation Guide
<rtexprvalue>true</rtexprvalue>
</attribute>
2. For the tag name with “Page”, expression was not allowed for “name” attribute as
rtexprvalue was not set to true (Usage in DownloadFile.jsp).

<attribute>
<name>name</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>

ht
</attribute>

ig
Source for this info: http://www.coderanch.com/t/292029/JSP/java/rtexprvalue-false-good

yr
3. After Deploying the Web –Services Enabled WAR (by doing changes in web.xml file)

op
while starting the Managed Server, getting the below error as in attached logs.

####<Jun 11, 2012 5:23:11 PM IST> <Error> <Deployer> <HYDHTC100504D> <server1>


<[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS
Kernel>> <> <> <1339415591785> <BEA-149205> <Failed to initialize the application
C
'FEBAApp' due to error weblogic.management.DeploymentException: Error encountered
during prepare phase of deploying WebService module 'FEBAWeb'. While deploying
WebService module 'FEBAWeb'. Error encountered while attempting to Load WSDL
e

Definitions for WSDL:


'file:/C:/Oracle/Middleware/user_projects/domains/new_domain/Latest/FEBAWeb/WEB-
cl

INF/wsdl/Servicerequest.wsdl'. Failed to read wsdl file from url due to --


java.io.FileNotFoundException:
C:\Oracle\Middleware\user_projects\domains\new_domain\Latest\FEBAWeb\WEB-
na

INF\wsdl\ServiceRequest.xsd (The system cannot find the file specified).


weblogic.management.DeploymentException: Error encountered during prepare phase of
deploying WebService module 'FEBAWeb'. While deploying WebService module 'FEBAWeb'.
Fi

Error encountered while attempting to Load WSDL Definitions for WSDL:


'file:/C:/Oracle/Middleware/user_projects/domains/new_domain/Latest/FEBAWeb/WEB-
INF/wsdl/Servicerequest.wsdl'. Failed to read wsdl file from url due to --
java.io.FileNotFoundException:
C:\Oracle\Middleware\user_projects\domains\new_domain\Latest\FEBAWeb\WEB-
INF\wsdl\ServiceRequest.xsd (The system cannot find the file specified)
at weblogic.wsee.deploy.WSEEModule.prepare(WSEEModule.java:149)

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 177 of 184
Digital Engagement Hub Installation Guide
Solution: ServicerequestProviderImpl.class has to be deleted from
ebanking_interceptor.jar

4. Error while trying to start Managed server:

Exception in thread "[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.D


fault (self-tuning)'" java.lang.OutOfMemoryError: PermGen space
Exception in thread "main" java.lang.OutOfMemoryError: PermGen space

ht
Exception in thread "[STANDBY] ExecuteThread: '7' for queue: 'weblogic.kernel.D
fault (self-tuning)'" java.lang.OutOfMemoryError: PermGen space

ig
Exception in thread "[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.De
fault (self-tuning)'" java.lang.OutOfMemoryError: PermGen space

yr
Exception in thread "[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.De
ault (self-tuning)'" java.lang.OutOfMemoryError: PermGen space

op
Exception in thread "[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.De
ault (self-tuning)'" java.lang.OutOfMemoryError: PermGen space
Exception in thread "[STANDBY] ExecuteThread: '0' for queue: 'weblogic.kernel.D
C
fault (self-tuning)'" java.lang.OutOfMemoryError: PermGen space
Exception in thread "ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'" jav
e

.lang.OutOfMemoryError: PermGen space


Exception in thread "Timer-1" java.lang.OutOfMemoryError: PermGen space
cl

Solution: Increasing the heap size should resolve the issue. Increase PermSize to
512m and MaxPermSize to 1024m in setDomainEnv.cmd (As highlighted below)
na

set MEM_PERM_SIZE_64BIT=-XX:PermSize=512m
set MEM_PERM_SIZE_32BIT=-XX:PermSize=512m
Fi

if "%JAVA_USE_64BIT%"=="true" (
set MEM_PERM_SIZE=%MEM_PERM_SIZE_64BIT%
) else (
set MEM_PERM_SIZE=%MEM_PERM_SIZE_32BIT%
)
set MEM_MAX_PERM_SIZE_64BIT=-XX:MaxPermSize=1024m
set MEM_MAX_PERM_SIZE_32BIT=-XX:MaxPermSize=1024m
if "%JAVA_USE_64BIT%"=="true" (
set MEM_MAX_PERM_SIZE=%MEM_MAX_PERM_SIZE_64BIT%

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 178 of 184
Digital Engagement Hub Installation Guide
) else (
set MEM_MAX_PERM_SIZE=%MEM_MAX_PERM_SIZE_32BIT%
)

13.3 Issues during Deployment


1. While trying to start node manager, faced the below error and a temporary fix given by
Devops for the same
Error:

ht
<SEVERE> <Fatal error in NodeManager server>
weblogic.nodemanager.common.ConfigException: Identity key store file not found:

ig
/data/profile/WEBLOGIC/domain/security/DemoIdentity.jks
2. Able to start the WebLogic server only through putty but not through console

yr
3. Ojdbc8 jar is missing in lib of WAR. Added same manually in both lib of WAR and lib of weblogic
server domain
4. Changes made in JSON properties:
i.

ii.
"NAME": "DATA_SOURCE",
"VALUE": "FEBAV5",
op
"NAME": "JAVASCRIPT_ENCRYPTION_ALGORITHM",
"VALUE": "RSA/ECB/NoPadding",
C
iii. "NAME": "JAVASCRIPT_ENCRYPTION_SECURITY_PROVIDER",
"VALUE": "SunJCE",
iv. "NAME": "DRIVER_CLASS",
"VALUE": "oracle.jdbc.OracleDriver",
e

v. "NAME": "INITIAL_CONTEXT_FACTORY",
cl

"VALUE": "weblogic.jndi.WLInitialContextFactory",
vi. "NAME": "SERVERNAME",
na

"VALUE": "WEBLOGIC",
vii. "NAME": "WORK_MANAGER",
"VALUE": "",
Fi

viii. "NAME": "DEFAULT_HIF_PARALLELIZER",


"VALUE": ""

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 179 of 184
Digital Engagement Hub Installation Guide
14. FEBA Batch Setup
The feba batch setup includes the following
1) The properties changes should be done under batch service in config server.
2) Data folder:

Placeholders must be replaced in extension/batch/BatchConfig.xml. Refer to below


example

ht
BatchConfig.xml

ig
3) LIB folder:

yr
The lib folder of the deployed EAR

4) The ojdbc8.jar needs to be placed inside the lib folder.


5) The attached Batch files to run the Batch

BATCHFILES.zip
op
C
The JAVA_PATH is to be set in sh file

The BATCH_PATH=path where the batch setup is bought.


e

Folder Structure is as follows:


cl

Data

Extension
na

Merge

Lib

Log
Fi

Stub

Reports

SchedulerInitializer.sh

ScheduleInsertUtility.sh

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 180 of 184
Digital Engagement Hub Installation Guide
14.1 JVM Arguments
JVM Arguments must be configured in SchedulerInitializer.sh and ScheduleInsertUtility.sh.

Refer to Client Configuration and Common Data Configurations for list of all JVM arguments to be
passed

ht
ig
yr
op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 181 of 184
Digital Engagement Hub Installation Guide
15. Oracle DB installation Frequently Asked Questions
Ques.1 Partition size exceeded.
Ans: Use the command df –k . to find the partition have space and move the db to that path.
Ques.2 Access permission not there for the user to execute script.
Ans: Chmod –r 755 <directory path>
Ques.3 Sql plus command not found. Oracle_home/bin path is not set for the user.
Ans: Check ORACLE_HOME/bin path is set in your environment variable path. If not set, use below

ht
command export PATH=ORACLE_HOME/bin:$PATH
Ques 4: ORA-01127: database name 'ORA1127DB' exceeds size limit of 8.

ig
Ans: Changed the DB instance name from ORA1127DB to ORA112DB. Db Name should not have
exceeded from characters more than 8.

yr
Ques.5: sqlplus command is not successfully executed for the user and after running credb.py file it
shows error as ORACLE instance is already created.
Ans: Delete file init_DB_NAME.ora and config_DBNAME.ora from oracle_home\dbs path. DB_NAME
will be ORACLE_SID name given in. properties file.
op
Ques. 6: During execution of installer error found in logs as sequence does not exist, table or view
does not exist?
C
Ans: In table creation scripts, we have drop script for table and synonyms before the creation script.
So this error can be ignored.
Ques. 7: Python Error
e

Ans:
cl

Export SHLIB_PATH to python2.4 lib folder.


export SHLIB_PATH=/usr/local/include/python2.4:/usr/local/lib/python2.4:$SHLIB_PATH
na

Ques.8: Which logs could be ignored while checking these DB issues


Ans: Below logs can be ignored while checking db issue:
CreCatalog.log, 1_JobInfo.sql_table.log, 2_TaskInfo.sql_table.log, 3_BatchQueue.sql_table.log,
Fi

CreCatalog.log is generated by executing CreCatalog.sql, which creates database data dictionary by


executing scripts provided by Oracle. Some of these scripts may throw below errors which can be
ignored as further actions based on the object being created are going through. Also log may include
ORA codes which are mentioned as part of documentation or comments of Oracle sql scripts.
104423: ORA-01921: role name 'EXP_FULL_DATABASE' conflicts with another user or role
104483: ORA-01921: role name 'IMP_FULL_DATABASE' conflicts with another user or role
Ques.9: Which errors in logs could be ignored while checking DB issues
Ans: Mentioned below are errors which could be ignored from error logs while checking db issue:
ORA-00942: table or view does not exist
ORA-02443: Cannot drop constraint - nonexistent constraint

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 182 of 184
Digital Engagement Hub Installation Guide
ORA-01434: private synonym to be dropped does not exist
ORA-02289: sequence does not exist

ht
ig
yr
op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 183 of 184
Digital Engagement Hub Installation Guide

ht
ig
yr
op
C
e
cl
na
Fi

© EdgeVerve Systems Limited Username : [email protected] Ip address : 182.66.67.250:58972


External Confidential
Time Stamp : 7/21/2023 8:28:15 AM
Page 184 of 184

You might also like