Professional Documents
Culture Documents
Original Oracle EBS R12 Connector Document For Venkati SR
Original Oracle EBS R12 Connector Document For Venkati SR
All other product and company names mentioned herein are the trademarks of their
respective owners.
This publication is for informational purposes only and its content does not represent a
contract in any form. CardConnect reserves the right to alter product documentation
and specifications without notice.
If you have any questions about this publication or the product it describes, or if you
require any additional copies, please contact CardConnect at:
CardConnect
1000 Continental Drive
Suite 600, King Of Prussia, PA 19406
USA
Telephone Number: 1-484-581-2200
Fax Number: 1-484-581-2201
Copyright © 2014, CardConnect™. All rights reserved, including those to reproduce this
publication or parts thereof in any form without permission in writing from
CardConnect™.
Table of Contents
Introduction 2
Change History 49
I NTRODUCTION
The CardConnect Gateway™ is a payment card middleware solution from CardConnect. The
CardConnect Oracle Connector integrates Oracle E-Business Suite systems with the CardConnect
gateway for payment card processing. The connector fully implements the payment card
gateway model as defined by Oracle Corporation within their EC Application Servlet
specification.
This document is intended to guide the reader(s) through the functional and technical setup
steps to fully install, test and debug the CardConnect solution. Each of the following sections
will clearly indicate the access required.
The following list of items represents an inventory of files and information provided by the
CardConnect team to complete your installation:
O R A CL E W AL L E T M A NA G E R
During Oracle Payments transactions like authorization and capture, your EBS database server
quite literally becomes a “client” to the CardConnect gateway. This is evidenced by the
construction of a URL that equates to an HTTPS request from the EBS database to CardConnect.
And whereas your browser has the ability to “negotiate” an SSL handshake, exchange
certificates and establish a connection to a webserver, your EBS datatbase is unable to perform
this dynamically.
To satisfy this requirement (as well as others), Oracle has designed a solution so that you can
intall or import the SSL certificate for the remote server (CardConnect, in this case) into a
truststore locally on your EBS server. This truststore called a “wallet” then provides the basis
for secure communications when needed. Importing an SSL certificate into the Oracle wallet is
typically performed by your DBA as the “oracle” database userid. The next section of this
document provides some guidance for importing a certificate.
This section of the document illustrates one possible use of an X environment to establish a
connection to your EBS for the purpose of importing a certificate. You environment may vary.
vncserver 1
The UNIX host should respond with output similar to the following:
If this is the first time you are starting vncserver, the output may differ slightly but the
confirmation for successful start should be similar:
Password:
Verify:
xauth: creating new authority file /home/oracle/.Xauthority
Here is a screenshot of a sample session. Please note the port number after the colon
(:). In our example, we are using port 1.
When prompted, enter the password for the XServer. This will establish a connection
to your remote desktop running on the server:
IMPORTING TO WALLET
Assuming that the target certificate has already been uploaded to the server and
copied to a directory like /tmp, here are the steps required to import the certificate
into the Oracle wallet:
If the wallet is newly created, please note the location (directory path) and the password you
specified. Both will be needed to specify te Oracle Payments Profile Options below.
O R A CL E ACL F OR C AR D C O NNE C T
Not Required For R12.2
The Oracle database provides a control mechanism called an Access Control List to limit objects
and privileges for several core packages which coordinate access to external network resources.
The ability to invoke the UTL_HTTP package and, therefore transact with the CardConnect
Gateway is limited by your database inherently. Your DBA will need to perform the following
steps to permit transactions to flow:
1. Create an ACL to allow the APPS user to invoke UTL_HTTP to connect to CardConnect
2. Associate the “cardconnect.com” domain with the ACL created above
3. Optionally, test the connection using a simple procedure
Here are the commands required for each step, please execute as SYS:
The output should look similar to the following and is considered indicative of success as long as
the EXECUTE privilege has been granted to PUBLIC or APPS:
O R A CL E P AY M E NT S S E C U R I T Y O P T I O NS
Once the values and locations for some of the features above are known, the DBA should login
as the Payments Setup Administrator and set the appropriate options. To do so, login to your
EBS instance, then expand the Payments Setup Administrator responsibility menu and select
Oracle Payments Setup as illustrated below:
There are 3 categories of security options that are available for you to secure your payment
processing environment. They include:
1. Encryption
2. Masking
ENCRYPTION
Encryption refers to the obfuscation of sensitive data as it resides (at rest) in the Oracle
tables under the various EBS modules. Since you are implementing tokenization using
CardConnect, the sensitive data has already been removed from your system, so no
encryption is required.
MASKING
Masking refers to that portion of sensitive data that you deem necessary to remain visible
to end-users. Be sure to set the Credit Card masking options to display the last 4 digits.
You may optionally configure Bank Account masking at this point as well.
VERIFICATION
Verification refers to options that control additional required transaction attributes. You
may optionally compel users to enter their credit card security code (CVV) and/or their
billing address.
Once all options are specified to your liking, please click “Apply” as shown in the image below:
O R A CL E P AY M E NT S P RO F IL E O PT I O NS
The following profile options are required for the middle-tier to have secure access to the
Oracle Wallet. Access to the wallet is needed for the following:
Once the location and the password for the wallet as outlined above have been finalized, the
DBA should login to EBS, assume the System Adminstrator responsibility and update the values
for the following System Profile Options:
O R A CL E P AY M E NT S C R ED I T C AR D R A NG E S
With the CardConnect solution, you will be using tokens within Oracle EBS. Many application
entry forms validate the card numbers to determine the card issuer or brand like MC, VI, AMEX,
etc. From release 12.1.3 onward, the validation is a required step and may cause a failure
during processing. To allow for successful processing, we need to add several valid card ranges
to the IBY_CC_ISSUER_RANGES table. To match the same, granular validation that currently
exists, we need to duplicate all the current ranges and simply prefix the existing ranges with a
“9”. Here is a script that will load the rows for you. Please run as the APPS user against your
Oracle R12 database:
Paypal – The following insert should only be done if you will be utilizing Paypal external
authorizations. Please contact your Card Connect representative if you are unsure if this step
is required.
POODLE V UL NE R A B I L I T Y SSL V 3
To mitigate the SSLv3 vulnerability (aka “POODLE”) for all customers, the CardConnect team has
disabled the ability to negotiation SSLv3 communication protocol within our data center. We
are therefore requiring all merchants to patch or upgrade their Oracle middle-tier and
databases services in compliance with the Oracle Support note listed below:
VE-2014-3566 - Instructions to Mitigate the SSLv3 Vulnerability ("POODLE Attack") in Oracle EBS
Further information on mitigating this vulnerability can be found in the document attached
below.
Routing Rules Are Not Working Correctly For Credit Card Transactions After Submit Offline Transactions
Is Run (Doc ID 1452743.1)
Settlement Transactions are Sent to the Payment System Using the Wrong Payment System Account
(Doc ID 1406063.1)
The root cause for both has been identified and addressed with the following patch. Please do
not be misled by the description:
When an Oracle module accepts and processes a credit card transaction, it typically applies a
payment system order number (PSON) that provides a unique reference and is indicative of the
source of the transaction. If the transaction originates in Order Management, the PSON begins
with “ONT”. If Receivables, the PSON begins with “AR”. This is useful, however the PSON does
not equate to any user-visible element in the source application.
Ideally, the PSON should be more reflective of some meaningful business object that is familiar
to the user. There is a way to override the default value with the Order Number from Order
Management, for example.
Oracle has released a patch that can be applied and allows you to customize the PSON value.
The patch implements the following features:
1. Call to a new custom procedure from within the card transaction code.
2. Sample/shell procedure that should be customized to return a new PSON that is
formatted to fit your requirements.
More information about the patch can be found in metalink by searching for the document id
below:
How to Change the Format of the PSON to a User Defined Format? (Doc ID 1159244.1)
Appendix A contains sample code that you can use as a starting point for your solution.
F I R E WA L L R U L E C O NF I G U RA T I O N
Many CardConnect customers have secure processing environments which are futher protected
via the use of firewall hardware and software components. The CardConnect solution requires
your EBS middle-tier to be able to communicate with your hosted gateway server within the
CardConnect data center. To allow this communication, the rules within your firewall may need
to modified to permit this communication.
2. Determine the IP address of your hosted gateway server running within the
CardConnect data center.
[This value can be found by “pinging” the name of the server as supplied to you by your
CardConnect project manager. Hosted server names for our customers typically take
the form of customer.cardconnect.com.]
[Also, please note that the “ping” will not be successful, however the IP address of the
target server will be displayed as output of the command.]
3. Please create a firewall rule that will allow TCP traffic between to 2 hosts. Please
contact your CardConnect project manager for the CardConnect IP addresses for your
implementation. The CardConnect ports that need to be allowed are:
a. Development/Test Port: 6443
b. Production Port: 8443
P R O XY A U T H E NT I C A T I O N R UL E C O NF I G U R A T I O N
Some CardConnect customers further require proxy authentication when communicating out
from their network. For users or personal computers, this is done via a prompt to the end-user
during the time of their request. For server-to-server communication, this is handled
differently.
Please work with your network team to ensure that real-time or upon-request authentication
through the proxy is not required. This is normally done by defining a rule to allow server-to-
server authentication to bypass the proxy.
This section of the Oracle EBS Functional Configuration covers the configuration steps that are
to be performed if your implementation requires use of a Gateway Model Payment System. If
you are unsure of the Payment System model that you will be using, please contact your
CardConnect project manager for guidance.
O R A CL E P AY M E NT S P RO F IL E O PT I O NS
The are 3 profile options that need to configured before we proceed with the functional setup.
These profile options, their usage and sample values are shown below:
Profile Option
Name Description Guidance
A value is required if your Enter the value for your proxy address and be
IBY: HTTP Proxy network requires proxy to sure to review the “Proxy Authentication Rule
access the Internet Configuration” section of this document.
Applications Used to indicate domains that You may want to update this value to your
Proxy Bypass are excluded from proxy “local” domain since the profile option above
Domains authentication. will direct all other traffic accordingly.
V E R IF Y P AY M E NT S Y S T E M S E T U P
This section of the document is to verify the functional setup of the payment system that was
created through the MD120’s section titled “XXPPS Installation”.
Let’s start by verifying the new payment system that points to the CardConnect gateway. Start
by clicking on the “Payments Payment Administrator”, then selecting “Oracle Payments Setup”.
Please check that the “Transmission Servlet Base URL” is pointing to the correct site and using
the appropriate port (6443 for non-production environments and 8443 for production
environments), the status is “Active” and the supported funds capture abilities are checked for
credit and debit cards.
Finally, click on the “Oracle Payments Setup” breadcrumb to return the “Oracle Payments
Setup” page.
V E R I F Y I N G P A Y E E D E F I NI T I O N
The Payee definition essentially defines a relationship between an Operating Unit and a
Payment System. To begin the process, click on the “Go To Task” icon next to Payees row.
XML P U BL I S H E R F O R M A T T E M P L A T E S E T U P
Start by clicking on the “Funds Capture Setup Administrator”, then selecting “Oracle Payments
Setup”.
Create a new XML Publisher Template by clicking the “Create Template” button.
Complete the setup by populating the fields as shown below and click Apply.
Field Value
Code XXPPS_SETTLE
Application Payments
Create a new XML Publisher Template by clicking the “Create Template” button.
Complete the setup by populating the fields as shown below and click Apply.
Field Value
Code PPS_FD_BATCH_SEND
Application Payments
Type XSL-XML
Language English
Template Files
F OR M A T S E T U P
Return to the Oracle Payments Setup form and select the Formats task.
First we will create a Funds Capture Acknowledgment format. From the dropdown box,
select Funds Capture Acknowlegment and click Create.
Complete the setup by populating the fields as shown below and click Apply.
Code PPS_SETTLEMENT_ENDPOINT
XML Publisher
CardConnect Settlement Ack Template
Template
Next we will create a Funds Capture Settlement Batch format. From the dropdown box,
select Funds Capture Settlement Batch and click Create.
Complete the setup by populating the fields as shown below and click Apply.
Field Value
Code ppr
Data Extract Extract for credit card, purchase card, debit card, and
bank account funds capture instructions
T R A N S M I S S IO N C O NF I G U R A T I O N S E T U P
After the Format setup, Transmission Configurations should be set up.
Return to the Oracle Payments Setup form and select the Transmission Configurations task.
First we will create a Http(s) POST Request configuration. From the dropdown box, select
Http(s) POST Request and click Create Configuration.
Complete the setup by populating the fields as shown below and click Apply.
Tunneling <blank>
Configuration
Repeat the above to create another Http(s) POST Request transmission configuration with
the values below.
Tunneling <blank>
Configuration
Status Active
HTTP
Authentication To be provided by CardConnect
Password
Send Body Content application/json
Type
Receive Body application/json
Content Type
Next, we will create a Secure File Transfer Protocol for Static File Names configuration.
From the dropdown box, select “Secure File Transfer Protocol for Static File Names” and
click Create Configuration.
Complete the setup by populating the fields as shown below and click Apply.
P A Y M E N T S YS T E M S E T U P
After the Transaction Configurations, the Payment System setup should be performed.
Return to the Oracle Payments Setup form and select the Payment Systems task.
Processing
Processor
Model
Credit Card
Authorization Full and Partial
Reversal
Name Type
Name
Click “Save And Add Accounts” to continue with the next section of this document.
A D DI N G P AY M E NT S Y S T E M A C C O U NT N U M B E R S
Continued from previous section, you may optionally return to this page by clicking on the
“Update Accounts” icon corresponding to the payment system.
Enter your merchant id (MID) as the payment system account number. Oracle references this
field/column as “Name”.
Then click on the “Apply” button to save your changes and return to the Payment Systems
Search page.
Please continue with the Funds Capture Process Profiles definition below.
F U N DS C A P T UR E P R O C E SS P RO F IL E S S E T U P
Prior to setting up the Funds Capture Process Profile, the following insert statements must be
executed by the APPS user.
INSERT INTO iby_ack_readers( ack_reader_code, reader_code_language,
reader_code_package, reader_code_entry_point, created_by, creation_date,
last_updated_by, last_update_date, last_update_login, object_version_number,
zd_edition_name)
VALUES( 'PPS_AUTH_ACK_PARSER_1_0', 'JAVA',
'com.cardconnect.ebs.processor.CCOnlineACKParser', 'parse', 1, SYSDATE, 1,
SYSDATE, -1, 1, 'ORA$BASE');
Return to the Oracle Payments Setup form and select the Funds Capture Process Profiles task.
From the dropdown box, select your payment system and click Create.
Status Active
Transmission
Http(s) POST Request
Protocol
Inbound Response
PPS_AUTH_ACK_PARSER_1_0
Format
Inbound Response
PPS_BATCH_RESP_PARSER_1_0
Format
Transmission
Http(s) POST Request
Protocol
Inbound Response
PPS_BATCH_ACK_PARSER_1_0
Format
In the Payment System Accounts section, enter the values as specified below for each of your
merchant ids.
Online
CardConnect HTTP POST
Authorization
Transmission
CardConnect FundsCaptureSend
Configuration
Enabled Checked
PAYEE DEFINITION
The Payee definition essentially defines a relationship between an Operating Unit and a
Payment System. To begin the process, click on the “Go To Task” icon next to Payees row.
At this point, you have the option of creating a new Payee or modifying an existing one. Use
the Search facility to find and modify an existing or click Create to define a new payee as
appropriate.
Payment System
Select your merchant id (MID)
Account
Assign Operating
Add Operating Units as required.
Units
In the Default Payment Systems section, enter the values below for Pinless Debit Card and
Credit Card as required.
L E V E L 2/L E V E L 3 I NF O R M A T I O N
If your business requires Level 2 and Level 3 information to be sent to the processor, please
run the insert statement below to all tokens as needing L2/L3.
R OUTING R ULES
Routing rules can be a very useful feature for routing your transactions to a wide range of
processing options.
Please do not define any routing rules at this time. You can add them after connectivity and
basic functionality has been established.
The next section of this document will guide you through testing and debugging your
configuration.
F U N DS C A P T UR E P R O C E SS M A NAG E R
Testing can be performed to ensure that the setup to this point has been effective. To perform
this testing, the user is encouraged to login to EBS and navigate to the “Home” menu option
under the “Funds Capture Process Manager” responsibility as shown below:
This will display the Funds Capture Process Home page. You can submit 1 or more test
transactions from your EBS environment to the CardConnect gateway. This is done via the
“Transaction Testing” tab show in the following screen shot:
Payment
Instrument Select Credit Card.
Type
On the next page (link), you only need to specify the following information:
Card Holder Search and select any user from your system.
Enter the values as required. Your screen should look similar to the following:
Click “Next” to proceed. You are now at the last link in the Create Authorization workflow. Click
“Submit” to place your transaction.
The idea location to invoke the logging to the screen is from the Transaction Testing tab in the
Funds Capture Process Manager -> Home page. Note the “Diagnostics” option available in the
upper-right portion of your page in the screen shot below:
Note: the Diagnostics link is only displayed if you have enable FND: Diagnostics within your
Profile Options. If diagnostics is not displayed, please switch to the System Administrator
responsibility and set accordingly.
After you have enabled and clicked on Diagnostics, the following page offers options for
reviewing the log activity. Please select “Show Log on Screen”.
Now proceed directly to the testing outlined in the previous chapter of this document.
https://xyz.cardconnect.com:6443/cardconnect
Your CardConnect project manager will supply the username and password to access your site.
The login screen is shown below followed by the secure homepage:
Please enter any relevant search criteria, then click “Search”. Some items that are most useful
include:
The following is an example of the output for the “Search Auth” utility:
Name : iby_pson_boling.sql
Created On: 19-MAR-2014
Created By: David A. Kilgallon
\* ------------------------------------------------------------------------- */
CREATE OR REPLACE PACKAGE iby_pson_customizer_pkg AS
v_code NUMBER;
V_ERRM varchar2(64);
BEGIN
x_msg := g_cust_pson_yes;
SELECT o.order_number
INTO x_cust_pson
FROM oe_order_headers_all o, iby_fndcpt_tx_extensions e, fnd_application a
WHERE TO_CHAR(o.header_id) = e.order_id
AND e.origin_application_id = a.application_id
AND a.application_short_name = p_app_short_name
AND e.trxn_extension_id = p_trxn_extn_id;
EXCEPTION
WHEN OTHERS THEN
v_code := SQLCODE;
V_ERRM := SUBSTR(SQLERRM, 1 , 64);
x_cust_pson:= p_app_short_name || '_' || p_trxn_extn_id || ':' || v_code;
x_msg := G_CUST_PSON_NO;
END;
END;
/
SHOW ERRORS
EXIT
T R A N S A C T IO N R E SP O NS E C O D ES
For the latest API specification including web service endpoints and response codes, please visit
the following link:
http://www.cardconnect.com/developer/docs/
Here is more information about specific CardConnect response codes and how they map to
Oracle transaction statuses. Each Payment Processor has hundreds of proprietary response
codes. CardConnect provides a mapping file to translate each response code for each
supported processor to one of three values. They are as follows:
In all cases, the OapfAuxMsg, OapfVendErrMsf and OapfCendErrCode are returned with a
description of the response code in the 2 msg fileds and the actual processor response code in
the ErrCode field.
A D DR E S S V E R IF I C A T I O N R E SP O NS E C O D ES
Authorization requests also return an OapfAVSCode field containing the result from the Address
Verification System. It is a one-character code that is separate and distinct from the credit
authorization response code. The meaning of the SVS response codes vary by card type. In
most cases, the AVS response comes from the issue bank.