Wednesday, August 13, 2014

EBS 12.2 -- disabling SEND_ACCESS_KEY

Sending the access key is a feature of Workflow notification mailer. SEND_ACCESS_KEY attribute of the Notification mailer enables/or disables this feature.
When SEND_ACCESS_KEY is set to Y, Notification mailer sends notification emails, which include access keys. This access keys let users to access the Notification Details web page of EBS directly without authenticating..
When SEND_ACCESS_KEY is set to N, users must sign on to access the notification details web page.. So they can not access the notificaiton details web page directly without authenticating..

Anyways, It seems that , setting SEND_ACCESS_KEY to Y creates a Security Vulnerability , and here is the method for setting SEND_ACCESS_KEY to N;

  • Stop the Workflow Services (Agent Listeners and Mailer)
  • From the Application Tier operating system -- As application owner run -> 
sqlplus apps/apps @$FND_TOP/sql/afsvcpup.sql
Something like the following will be returned from the sql;

Component Id Component Name Component Status Type Coe
------------ ------------------------------ ---------------- --------------- ---
10000 ECX Inbound Agent Listener STOPPED_ERROR WF_AGENT_LISTEN GSM
10001 ECX Transaction Agent Listener STOPPED WF_AGENT_LISTEN GSM
10002 Workflow Deferred Agent Listen STOPPED WF_AGENT_LISTEN GSM
10003 Workflow Deferred Notification STOPPED WF_AGENT_LISTEN GSM
10004 Workflow Error Agent Listener STOPPED WF_AGENT_LISTEN GSM
10005 Workflow Inbound Notifications STOPPED WF_AGENT_LISTEN GSM
10006 Workflow Notification Mailer DEACTIVATED_USER WF_MAILER GSM
10020 Workflow Java Deferred Agent L STOPPED WF_JAVA_AGENT_L GSM
10021 Workflow Java Error Agent List STOPPED WF_JAVA_AGENT_L GSM
10022 Web Services OUT Agent STOPPED WF_DOCUMENT_WEB GSM
10023 Web Services IN Agent STOPPED WF_JAVA_AGENT_L GSM
11020 WF_JMS_IN Listener(M4U) STOPPED WF_JAVA_AGENT_L GSM
11021 Workflow Inbound JMS Agent Lis STOPPED_ERROR WF_AGENT_LISTEN GSM
13020 TESTMLR DEACTIVATED_USER WF_MAILER GSM
14020 WF_IN Test STOPPED WF_AGENT_LISTEN GSM
15020 SYC_PASSWORD_MAILER DEACTIVATED_USER WF_MAILER GSM



  • afsvcpup.sql also will wait for input.. enter the ID # corresponding to the Workflow Mailer
Enter 10006 as it is the component id of the Notification mailer as you see above..
After hitting Enter, Sql will return the following output;

Comp Param Id Parameter Name Default Value d
------------- --------------------------------------------- --------------------
10055 Allow Forwarded Response Y Y
10123 Alternate email parser oracle.apps.fnd.wf.NctEmailParser r
10124 Attach images to outbound emails Y Y
10125 Attach stylesheet to outbound email Y Y
10056 Attached URLs WFMAIL:ATTACHED_URLY
10057 Autoclose FYI Y Y
10061 Debug Mail Session N N
10126 Direct response N N
10062 Discard Folder DISCARD N
10063 Email Parser oracle.apps.fnd.wf.NlatedEmailParser r
10141 Enable stylesheet references N Y
10064 Expunge Inbox on Close Y Y
10129 Framework Application ID 1 N
10128 Framework Responsiblity 20420 N
10130 Framework URL timeout 30 N
10127 Framework User 0 N
10065 From Workflow Mailer Y
10066 HTML Agent Y S
10340 HTML delimiter DEFAULT N
10131 HTTP User Agent Mozilla/4.76 Y
10068 Inbound Protocol imap N
10240 Inbound SSL Enabled N N
10069 Inbound Server Name N
10082 Inbound Thread Count 1 Y
10132 Inbound connection time out 120 N
10133 Inbound message fetch size 100 N
10070 Inbox Folder INBOX N
10071 Inline Attachments N Y
10138 Invalid More Information Response Notificatio WFMAIL:OPEN_INVALIDYn
10074 Invalid Response Notification WFMAIL:OPEN_INVALIDY
10219 Invalid address list size 100 N
10060 Log Level 5 Y
10073 Mailer Node Name WFMAIL N
10084 Max Error Count 10 N
10134 Maximum Ignore List size 1000 N
10135 Maximum Response lookup code cache size 100 N
10136 Maximum returned email list size 100 N
10072 Message Formatter oracle.apps.fnd.wf.NficationFormatter r
10077 Open FYI Notification WFMAIL:OPEN_MAIL_FYY
10075 Open Notification WFMAIL:OPEN_MAIL Y
10076 Open Notification (Direct Response Parsing) WFMAIL:OPEN_MAIL_DIY
10139 Open Notification (More Information Request) WFMAIL:OPEN_MORE_INY
10058 Outbound Cancelled Notification WFMAIL:CANCELED Y
10059 Outbound Closed Notification WFMAIL:CLOSED Y
10142 Outbound HTML Summary Notification WFMAIL:SUMHTML Y
10078 Outbound Protocol smtp N
10244 Outbound SSL Enabled N N
10079 Outbound Server Name N
10092 Outbound Summary Notification WFMAIL:SUMMARY Y
10086 Outbound Thread Count 1 Y
10094 Outbound Warning Notification WFMAIL:WARNING Y
10140 Outbound connection time out 120 N
10080 Processed Folder PROCESS N
10088 Processor Close on Read Timeout Y N
10081 Processor Error Loop Sleep 60 N
10085 Processor Max Loop Sleep 60 N
10083 Processor Min Loop Sleep 5 N
10087 Processor Read Wait Timeout 10 N
10220 Processor defer reading event data Y N
10089 Reply-to Address Y
10090 Reset NLS N Y
10243 SSL Trust store NONE N
10091 Send Access Key Y Y
10242 Send e-mails for canceled notifications Y N
10241 Send warning for unsolicited e-mail Y Y
10093 Test Address NONE Y
10137 Unsolicited event threshold 2 N
10054 Username N

  • Sql will wait for the following inputs, enter the Comp Param id of the Send Access Key for the Comp Param ID and Enter "N" for the values, as we wanted disable it..

Enter the Comp Param Id to update : 10091
Enter a value for the parameter : N

  • Lastly, Restart workflow services and you re done.
Note that same procedure applies for 12.1 and instances > 12.0.3 , as well.

No comments :

Post a Comment