Oracle applications - Surendranath Subramani: April 2018

Friday, April 6, 2018

Oracle XML gateway cXML PO Direct to Supplier Results Status Code 500 PRIMARY AUTHENTICATION FAILED

EBS version: 12.1.3
Database version: 11.2.0.4


Agenda:

In this article we will see how to resolve "500 PRIMARY AUTHENTICATION FAILED" error.


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cXML SYSTEM "http://xml.cxml.org/schemas/cXML/1.2.007/cXML.dtd"><cXML version="1.2.005" xml:lang="en-US" payloadID="3/27/2018 8:36:40 AM@www.xxx.com" timestamp="3/27/2018 8:36:40 AM">
  <Response>
    <Status code="500" text="Primary Authentication Failed."></Status>
  </Response>
</cXML>


This issue has mainly caused due to couple of reasons:

Reason: A

Note there could be other reasons also but i am listing what I did to fix.

Get .xml file which was transmitted to trading partner:

Go to system administrator responsibility, Workflow, Transaction Monitor, Transaction Monitor
select Outbound Messages and hit Go to perform search.

Click on xml to view the xml sent to trading partner.



Sample below:

<?xml version="1.0" encoding="US-ASCII" standalone='no'?>
<!DOCTYPE cXML SYSTEM "cXML.dtd">
<!-- Oracle eXtensible Markup Language Gateway Server  -->
<cXML version="1.2.007" payloadID="2018-03-27-09-50-27.914161:0:83.258178051217931149619384968413032891341@" timestamp="2018-03-27T09:50:27+00:00" xml:lang="en">
  <Header>
    <From>
      <Credential domain="DUNS">
        <Identity>Source Company Name</Identity>
      </Credential>
    </From>
    <To>
      <Credential domain="DUNS">
        <Identity>123456789</Identity>
      </Credential>
    </To>
    <Sender>
      <Credential domain="DUNS">
        <Identity>Source Company Name</Identity
 

Ask the trading partner what should be the FROM and TO values populated in the xml file.
If the values are not correct then it won't work.

How to setup From domain, identify and To domain, identify can be found the below oracle document.

IProcurement Punchout CXML Is Showing Wrong 'to Domain Credential' (Doc ID 1965013.1)

Bug: 12818333

<From>
<Credential domain="from domain">                    ===> from profile option PO: cXML From Domain
<Identity>from identity</Identity> <!---                  ===> from profile option PO: cXML From Identity
</Credential>
</From>

<To>
<Credential domain="to domain"> <!---                 ===> trading partner's username
<Identity>to identity</Identity> <!---                      ===> trading partner's source_tp_location_code
</Credential>


Reason: B

Shared Secret key: 

Other reason for the failure can be shared secret key. Check with trading partner if the secret key is required? seeded map (cXML_OrderRequest) does contain secret key by default.

If secret key is not required then it will be a customization:

Highlighted below customization list if secret key is not required:

Create map file by copying from standard (cXML_OrderRequest).
Create package by copying from standard PO_XML_DELIVERY
Modify get_cxml_header_info procedure to not return secret key.
Call the custom package in the map file and
Load the mp file using oracle.apps.ecx.loader.LoadMap command
Modify trading partner setup to use new mapping.

Sample below:

      <Credential domain="DUNS">
        <Identity>Cablevision</Identity>
        <SharedSecret>#WF_DECRYPT#_@#$@49#866@$!!0$9!8^0898469!$^0$0#$840
                               @`B*&+B00}@@0%|#@@#WF_DECRYPT#</SharedSecret>
      </Credential>


In the next blog i will discuss more about SharedSecret key.

PART - 2


Thanks for visiting my blog.

How To Get The Shared Secret For CXML Transactions In Clear Text Rather Than Encrypted Format

Agenda:

In this blog we will discuss how to send shared secret key in clear text.

In 11i by default password will be encrypted. In order to send clear text you may need to do customization. However in r12 you do not have to worry.

Please refer below Oracle support document

How To Get The Shared Secret For CXML Transactions In Clear Text Rather Than Encrypted Format ? (Doc ID 553000.1)
The Shared Secret is Sent Encrypted on cXML Purchase Orders to the Supplier (Doc ID 563954.1)


By default r12 sends the password in plain text. You want to know how? Let's find out.

Check out PO_XML_DELIVERY.get_cxml_header_info package it calls ecx_eng_utils.get_tp_pwd API to get the encrypted password. Hence the order xml file will have the encrypted password available in the payload.

But what happens is before the payload goes into queue process.
ecx_eng_utils.convertEncryCodeClob is called to convert to plan text and then queued. After it is queued again password is encrypted and stored in ECX_DOCLOGS table.

To validate if right password is sent, stop Oracle Transport Agent and test the process.

Since OTA is down the order will be still in the queue table (ECX_OUTQUEUE).

In the user_data column you will see password in plain text.


Thanks for visiting the blog.