Update sharedLocation in InstallationManager (IBM Sterling B2B Integrator)

First of all the following value has to be unique to each install of Sterling Integrator. If you accidentally used shared location for cluster installation your second node installation not going to work. So here is how we can fix this.

1. Go to user home and move $USERHOME$/IBM/IBMSHARED to new local location.

2. Update the reference in /home/user/var/ibm/InstallationManager/installRegistry.xml

         

That's it. This will fix First node IBMSHARED location and we can proceed with second node installation.

How to verify?
1. Go to InstallManager tools
    cd /InstallationManager/IM_Linux/tools 
2. ./imcl listInstalledPackages -verbose

Validate the output something like below,

[Shared]
Shared resources directory: /opt/ibm/IBMIMShared

[Package group]
Name: Sterling Integrator
Installation directory: /opt/ibm/sfg
Translations:
Architecture: 64-bit

[Package]
Name: IBM Sterling B2B Integrator (com.ibm.sterling.integrator.install.offering)
Version: 5.2.6.1 (5.2.6001.20151220_1540)
Repository: /opt/ibm/media/b2birepo
Features:
    IBM Sterling File Gateway (filegateway.feature)
Fixes:
    None
Rollback versions:
    None

Enable CBC Ciphers in B2Bi v5.2.6.4, B2Bi v6.0, SFG v2.2.6.4 and SFG v6.0

Some of the IBM Sterling B2B Integrator(SI) customers wants to avoid SSH handshake using CBC Cipher as it is vulnerable. The link http://www.kb.cert.org/vuls/id/958563 explains that CBC Ciphers are security vulnerable and the solution is to use CTR Cipher instead of CBC Cipher. However, in SI versions 5020602 and 5020603, maverick (the third party api used for SSH/SFTP) version used is 1.4.60 which mandates that CBC Cipher should be present in Client side. Hence, disabling the CBC support using the security property supportCBCCiphers=false will result in SFTP communication failure with key based authentication.

To enforce the use of CTR Cipher in SI, we have introduced two new properties : SSHServerCipherList, SSHClientCipherList

a) security.SSHServerCipherList is the property to restrict the list of server side ciphers. In the SFTP Server adapter, "Preferred Cipher" drop down will pick the values specified in this property list.

b) security.SSHClientCipherList is the property to restrict the list of client side ciphers. In the SSH Remote Profile Configurations, "Preferred Cipher" drop down will pick the values specified in this property list.

The fix also needs the property security.supportCBCCiphers set as true in customer_overrides.properties.

This is how it works :

1. In the server side, SFTP Server Adapter can restrict Cipher as "ctr" by specifying the property value as
   security.SSHServerCipherList=aes128-ctr,aes192-ctr,aes256-ctr

   This will restrict the client to communicate only with "ctr" Ciphers.

2. In the client side, the Business Process should specify Ciphers as "cbr" and "ctr" by specifying the property value as
   security.SSHClientCipherList=aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc

   Also, the PreferredCipher should have the value of "ctr" in BP. This will ensure that the communication happens with "ctr" Cipher.

3. The external client should ensure that it communicates with server adapter with "ctr" Cipher.

In case, if there is a mismatch in client and server side Ciphers, an error message : Failed to negotiate a transport component [aes128-cbc,aes192-cbc,aes256-cbc] [aes256-ctr,aes128-ctr,aes192-ctr] [Unknown cause]:SSH_DISCONNECT_BY_APPLICATION:SFTP session channel closed by server.: should be displayed in SFTP Client Begin Session Service.

NOTE : This fix is available only as a custom ifix for SI versions 5020602 and 5020603. The changes are NOT available in the product.

https://www.ibm.com/developerworks/community/blogs/2f9ef931-1ac3-4d9b-a8ca-6e3f01b13889/entry/IBM_Sterling_B2B_Integrator_Enforce_CTR_Cipher_in_SFTP_Communication?lang=en

PGP - Generate Import Export PGP Keys

Generate PGP Keys

gpg --gen-key

Enter Key details, Email, Expiration etc.,

Export Secret Key

gpg --export-secret-key -a MY_PGP_KEY >> /tmp/MY_PGP_KEY.key

Export Public Key

gpg --export -a MY_PGP_KEY >> /tmp/MY_PGP_KEY.asc

Import Secret Key

gpg --import /tmp/MY_PGP_KEY.key

Import Public Key

gpg --import /tmp/MY_PGP_KEY.asc

Update Key Trust Trust after importing the Key

gpg --edit-key
$trust
$5
$save

Sterling Integrator User, Workflow Queries

Active Worksflows in Sterling Integrator

select DISTINCT NAME , WC2.WORKFLOW_ID, sysdate - START_T AS TIMEDIFF
From WORKFLOW_CONTEXT WC,
(
SELECT MAX(STEP_ID) STEP_ID , MIN(START_TIME) START_T, WORKFLOW_ID
FROM WORKFLOW_CONTEXT
GROUP BY WORKFLOW_ID
) WC2,
WFD
WHERE WC.WORKFLOW_ID = WC2.WORKFLOW_ID
AND WC.STEP_ID = WC2.STEP_ID
AND WC.NEXT_AI_ID != -1
AND WC.WFD_ID = WFD.WFD_ID
AND WC.WFD_VERSION = WFD.WFD_VERSION
AND BASIC_STATUS = 0

Sterling Integrator User & User Associated Groups List 

select YFS_USER.LOGINID, YFS_USER_GROUP.USERGROUP_NAME from YFS_USER, YFS_USER_GROUP, YFS_USER_GROUP_LIST
where YFS_USER.USER_KEY=YFS_USER_GROUP_LIST.USER_KEY
and YFS_USER_GROUP.USERGROUP_KEY=YFS_USER_GROUP_LIST.USERGROUP_KEY

SSHKeyGrabber in Sterling Integrator not working

http://www-01.ibm.com/support/docview.wss?uid=swg21628336

Sometimes SSHKeyGrabber don't work when we trying to extract Known Host Key from Sterling Integrator UI. The work around for this is disable StrictHostKeyChecking and download the Key from Linux/Windows and Check in the key to Sterling Integrator.

$ssh -o StrictHostKeyChecking=no user@sftp.host.com -p 22

Above command will save host key to known_hosts file located .~/.ssh/known_hosts

Note: Remove excess content from host key and just keep the key from ssh-rsa followed the key. 

B2BI MESA API/JAR's for Custom Service Development

asset.jar
b2b_aee.jar
b2b_base.jar
b2b_oba.jar
ebics.jar
entities.jar
gis.jar
install_foundation.jar
mailbox.jar
maverick-all.jar
perimeter.jar
platform_activemq.jar
platform_activity.jar
platform_afc.jar
platform_afc_security.jar
platform_aop.jar
platform_asi.jar
platform_baseutils.jar
platform_dv.jar
platform_ifcbase.jar
platform_ifcui.jar
platform_osgi.jar
platform_security.jar
platform_services.jar
resources.jar
soap.jar
standards.jar
translator.jar

Launching ikeyman from IBM JDK

Navigate to IBM JDK bin directory and execute the following command,

C:\Sirish\Softwares\ibm_sdk80\bin>java com.ibm.gsk.ikeyman.Ikeyman

Install 3rdParty JAR on IBM B2B Sterling Integrator

If we want to install external JARs (3rdParty JARs) on Sterling Integrator here are the steps,

1. Stop B2BI Cluster (All Nodes) by running hardStop.sh/cmd.
2. install3rdParty.sh -j
         -j = JAR
         -l = Library File
3. Run setupfile.sh
4. Repeat Step 2 and 3 on all Nodes.
5. Restart B2BI Cluster.

Validation Procedure:

If installation was successful then you will see an entry for your new JAR file in dynamicclasspath.cfg file.  

IBM Sterling B2B Integrator Map Editor Rules Hierarchy

Here is how IBM Sterling B2B Integrator map editor translator controller parse and executes the Rules.

Pre-Session (Variable Declarations & Hard Coded Values)
Root On Begin
   Root Exedend Rules
Record On Begin
Standard Rule & Exedend Rule

Record On End
Root On Begin
Post-Session (Executes before end of map)

Calling B2BI WebService from SOAP UI

soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mesa="http://www.sterlingcommerce.com/mesa"
   soapenv:Header/
   soapenv:Body
      mesa:DEMO_WEB_SERVICE xmlns:mesa="http://www.sterlingcommerce.com/mesa"
Payload goes here....
      /mesa:DEMO_WEB_SERVICE
   /soapenv:Body

/soapenv:Envelope



Need to add namespace xmlns:mesa="http://www.sterlingcommerce.com/mesa under soapenv:Body.

Setting up VisualVM from Sterling Integrator

1. Download  VisualVM 

    https://java.net/projects/visualvm/downloads/download/release138/visualvm_138.zip

2. Find the value of the property called ACTIVEMQ_JMX_PORT from sandbox.cfg.

3. Add Remote Host First and under Remote Host add Add JMX Connection. 

    <SI HOST Name>:<ACTIVEMQ_JMX_PORT>

    No need of providing user credentials and Save the connection. 

Enable External Purge in Sterling Integrator

Starting an External Purge

Procedure

1. If you have a cluster installation, make sure that you are not running the external purge on another node of the cluster. If you are running the external purge on more than one node, it will cause database locks. For more information, see Monitoring an External Purge.
   Important: It is the customer's responsibility to keep exactly one of these external purge processes running in the cluster. If you need to shut down the hardware that is running the external purge, you must run the external purge on a different node.
2. Disable the default Purge service. Click Deployment > Schedules, search for PurgeService, and then clear the Enabled checkbox for PurgeService.
   Note: If you have customized the Schedule_PurgeService business process, you need to add your customized code to the new Schedule_PurgeService business process. The new Schedule_PurgeService business process includes a warning message about running the external purge while the scheduled new purge is enabled.
3. Turn off the "Important Schedules are Disabled" email notifications by adding the following line to the customer_overrides.properties file. This removes the Purge Service SQL query for the schedule.
   resourceMonitor.ScheduleMonitor.propertyValue.1=SELECT STATUS, SERVICENAME FROMSCHEDULE WHERE SERVICENAME IN ('BackupService','IndexBusinessProcessService','AssociateBPsToDocs'
   ,'BPRecovery','BPLinkagePurgeService')
4. Do the following:
   • In Windows, do one of the following:
     • Run the command startExternalPurgeWindowsService.cmd from the INSTALL_DIR\bin directory.
     • Run the Windows service. Click Control Panel > Administrative Tools > Services, right-click IBM Sterling B2B Integrator External Purge at BASE_PORT, and click Start.
   • In UNIX, run the command control_extpurge.sh start from the INSTALL_DIR/bin directory.
• In iSeries, run the command
  SBMJOB CMD (QSH CMD('cd INSTALL_DIR/bin; ./ExternalPurgeConsole.sh -clearlocks > INSTALL_DIR/logs/extpurge.log')) JOB(EXTPURGE)

http://www-01.ibm.com/support/knowledgecenter/SS3JSW_5.2.0/com.ibm.help.enhancement_external_purge_524.doc/ArchPrg_StartExtPurge.html?lang=en

Remote FTP Directory Sync using lftp

http://www.cyberciti.biz/faq/lftp-mirror-example/

$lftp user@my.ftp.com
$mirror -c source target

Reverse Sync to Server:
Change local directory to  where you saved the files /home/somedirectory
$lcd /home/somedirectory
$mirror -R

Remove SFG Partner Profile (Hard Delete if SFG removal fails)

There was bug in SFG (old versions) where it leaves some orphan entries in DB when you try to remove the trading partner from SFG UI. To solve the problem here are steps to do hard delete of partner profile.

Attempt to delete from SFG in regular way and then remove from Dashboard --> Trading Partner (All Contracts, Document Exchange, Profile, Routing Channels, Mailbox Virtual Roots if any etc.)

Make sure the following table should not return any entry for Trading Partner, If it returns then remove the entry manually...

This example Partner Name is : EDI

select 'YFS_USER' from YFS_USER where UPPER(USERNAME) like '%EDI%'  UNION
select 'YFS_ORGANIZATION' from YFS_ORGANIZATION where UPPER(ORGANIZATION_KEY) like '%EDI%'  UNION
select 'MBX_ACTION'  from MBX_ACTION where UPPER(USER_ID) like '%EDI%'  UNION
select 'MBX_MAILBOX'  from MBX_MAILBOX where UPPER(PATH) like '%EDI%'  UNION
select 'SCI_CONTRACT' from SCI_CONTRACT where UPPER(OBJECT_NAME) like '%EDI%'  UNION
select 'SCI_DOC_EXCHANGE' from SCI_DOC_EXCHANGE where UPPER(OBJECT_NAME) like '%EDI%'  UNION
select 'SCI_ENTITY'  from SCI_ENTITY where UPPER(OBJECT_NAME) like '%EDI%'  UNION
select 'SCI_PACKAGING'  from SCI_PACKAGING where UPPER(OBJECT_NAME) like '%EDI%'  UNION
select 'SCI_PROFILE' from SCI_PROFILE where UPPER(OBJECT_NAME) like '%EDI%'  UNION
select 'SCI_TRANSPORT' from SCI_TRANSPORT where UPPER(OBJECT_NAME) like '%EDI%'  UNION
select 'SCI_CODE_USR_XREF'  from SCI_CODE_USR_XREF where UPPER(USER_ID) = 'EDI%';

select * from YFS_USER where UPPER(USERNAME) = 'EDI';
select * from YFS_ORGANIZATION where UPPER(ORGANIZATION_KEY) = 'EDI';
select * from MBX_ACTION where UPPER(USER_ID) = 'EDI';
select * from MBX_MAILBOX where UPPER(PATH) = 'EDI';
select * from SCI_CONTRACT where UPPER(OBJECT_NAME) ='EDI';
select * from SCI_DOC_EXCHANGE where UPPER(OBJECT_NAME) = 'EDI';
select *  from SCI_ENTITY where UPPER(OBJECT_NAME) = 'EDI'; 
select *  from SCI_PACKAGING where UPPER(OBJECT_NAME) = 'EDI';
select * from SCI_PROFILE where UPPER(OBJECT_NAME) = 'EDI';
select * from SCI_TRANSPORT where UPPER(OBJECT_NAME) = 'EDI';
select * from SCI_CODE_USR_XREF where UPPER(USER_ID) = 'EDI';

--finally delete (be careful) --
DELETE from YFS_USER where UPPER(USERNAME) = 'EDI';
DELETE from YFS_ORGANIZATION where UPPER(ORGANIZATION_KEY) = 'EDI';

Enterprise Integration Techniques - Notes

Integration Patterns:
   Enterprise Integration Patterns

   Self Managing
 
   Minimize the dependency between components.
 
   John Prosul Robust principle
 
   Be liberal with what you receive and be specific with what you send out.
 
   Always support previous versions (Backward compatibility). It's always hard to support backward compatibility but it's matter of discipline.
 
   Software is craft not a science.
 
   Be wise on Technical Decision vs Business Decision.
 
   InfoQ.com
 
   gotoconferences

   Twitter University

   Emerging Techologies for Enterprise (Conference hosted in Philly)
 
   Agile Stuff
 
   hackernews.com (YCombinator)
 
   HighScalability.com
 
   Netflix Engineering
 
   Thoughtworks Tech Radar
 
   Micro Services (Sam Newman)

Encoding a Payload in Sterling Integrator using Java Task

import java.io.InputStream;
import java.lang.StringBuilder;
import com.sterlingcommerce.woodstock.workflow.Document;
import com.sterlingcommerce.woodstock.util.Base64;

Document doc = wfc.getPrimaryDocument();
InputStream in = doc.getInputStream();
StringBuilder sb = new StringBuilder();
for (int i = 0; i < in.available(); i++) {
   sb.append(in.read());
}
byte data[] = sb.toString().getBytes();
byte newdata[] = Base64.encode(data);
doc.setBody(new String( ""+ new String(newdata)+"").getBytes());
return new String(sb.toString());

Sterling Integrator Purge All Tables

1.  EDI_COMPLIANCE_RPT
2.  EDI_DOCUMENT_STATE
3.  WF_INST_S
4.  WORKFLOW_CONTEXT
5.  WORKFLOW_LIFESPAN
6.  WORKFLOW_DATA
7.  EDIINTDOC
8.  MSGMDNDUP
9.  MSGMDNCORRELATION
10. WEBX_MINED_DATA
11. WF_INACTIVE
12. GENERIC_ACK
13. CORRELATION_SET
14. ACT_SESSION
15. ACT_AUTHENTICATE
16. ACT_AUTHORIZE
17. ACT_XFER
18. ACT_NON_XFER
19. DATA_FLOW
20. DMI_ROUTE
21. DMI_ROUTE_FACT
22. MBX_MESSAGE
23. TRANS_DATA

Sterling Integrator Blogs

1. https://edigkim.wordpress.com/
2. http://i2b2b.blogspot.com/

Avoid duplicate file processing in Sterling File Gateway (SFG)

The actual error we see in the logs is just the way SFTP in SI detects
duplicate files and since you have the option in the
mailbox.properties set to:

disallowDuplicateMessages=false

This means that duplicate files are allowed and therefore SFG
processed those duplicate uploads.

So the partner should investigate why did their application trigger a
duplicate upload of the same file.

If you want to avoid duplicate uploads, you should consider setting
the option disallowDuplicateMessages to true in both nodes, this will
stop SI from accepting duplicate files.

If you want to make that change, you will need to modify\create your
customer_overrides.properties on both nodes and add the following
line:
mailbox.disallowDuplicateMessages=true

Both nodes need to be restarted for the change to take effect.

Attach multiple SSH Authorized User Key to Sterling File Gateway (SFG) Profile

Multiple source systems can talk to one Sterling Integrator SFTP server and the Authorized User Key for the remote servers could be different. The limitation with SFG is we can’t attach multiple Authorized user key to SFG profile, if we edit the profile SFG will list all the user profiles in drop down it mean we can select only One.

To overcome this problem  DO NOT attach SSH Authorized User Keys from SFG instead go to Sterling Integrator Dashboard and edit the SFG Profile User there is page to attach multiple SSH Authorized User  Keys to one user.

SI Dashboard > Account > User Accounts > Account Name (Search on Account Name), Edit the user and assign multiple SSH Authorized User Keys.