After enabling OCB features, you should check if folders and files are correctly available in SMP3. In theory, the enablement worked, when OCB files are available in the features, plugins and webapp folder of SMP3.
ls /SAP/MobilePlatform3/Server/features/ | grep "com.sap.banking.omnichannel*"
While installing OCB, SMP3 had to be stopped. During the installation, the database was prepared and files that represent the OCB application were copied to SMP3. Those bundles are now available in SMP3 (OSGI bundles), but are not activated. To be able to use OCB, the features must be activated by SMP3 administration in the Admin web interface. First, start SMP3.
Add OCB p2 repository
Log on to the SMP3 admin interface and navigate to settings -> repositories
To be able to install SAP Omnichannel retail banking on SMP3 SP8, some adjustments must be done on the SMP3 server configuration.
Avoid memory leak
Add a new parameter in the props.ini file of SMP3 server.
Parameter to add: -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true
Looking at the installation guide from SAP, this configuration is somewhat against SAP’s own security recommendations, but is needed as OCB uses struts, and for those the validation must be done via DTD and not by XSD. Edit the file fixed-sys.properties located at /SAP/MobilePlatform3/Server/configuration/com.sap.mobile.server.launcher.
Comment out the last two properties.
Weak Diffie-Hellman ciphers
New browser don’t like anymore the SMP3 SP8 standard TLS ciphers, therefore these must be changed to be more aligned with latest security expectations.
For each TLS connector, substitute the ciphers by TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA.
Form the above connection parameters you can see that SMP3 is going to use the user gomobile with the password secret to connect itself to Oracle XE. This means that the user with the password and a schema must be created in the DB. SMP3 comes with a SQL script for Oracle that does exactly that. The script is located at /db_tools/db/oracle/smp3/sql. The file is 001_SMP3_drop_and_create_user.DDL The file contains the SQL statements to create the user with the right permissions:
CREATE ROLE SY365_OBJOWNER;
GRANT CREATE SEQUENCE TO SY365_OBJOWNER;
GRANT CREATE SESSION TO SY365_OBJOWNER;
GRANT CREATE SYNONYM to SY365_OBJOWNER;
GRANT CREATE TABLE TO SY365_OBJOWNER;
GRANT CREATE VIEW TO SY365_OBJOWNER;
GRANT CREATE PROCEDURE TO SY365_OBJOWNER;
GRANT CREATE SEQUENCE TO SY365_OBJOWNER;
GRANT CREATE TRIGGER TO SY365_OBJOWNER;
GRANT CREATE INDEXTYPE TO SY365_OBJOWNER;
DROP USER GOMOBILE CASCADE;
CREATE USER GOMOBILE
IDENTIFIED BY secret
DEFAULT TABLESPACE USERS
TEMPORARY TABLESPACE TEMP
-- 2 Roles for GOMOBILE
GRANT SY365_OBJOWNER TO GOMOBILE;
GRANT CREATE SESSION TO GOMOBILE;
GRANT CONNECT TO GOMOBILE;
ALTER USER GOMOBILE DEFAULT ROLE ALL;
-- 1 Tablespace Quota for GOMOBILE
ALTER USER GOMOBILE QUOTA UNLIMITED ON USERS;
You’ll have to add the command EXIT; at the end of the file
SQL*Plus: Release 22.214.171.124.0 Production on Wed Aug 24 21:37:08 2016
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Oracle Database 11g Express Edition Release 126.96.36.199.0 - 64bit Production
DROP USER GOMOBILE CASCADE
ERROR at line 1:
ORA-01918: user 'GOMOBILE' does not exist
The error regarding DROP user is normal, as the user gomobile hasn’t been created before, so there is no user to drop.
Install some additional packages via yum to ensure that the installation and execution of the database will work. The list may differ, depending on the actual version of CentOS you are using, but the internet gave me back the following packages and you should be on the safe side.
If you want or have to download Java from Oracle’s web site, you might know that you have to accept the “Oracle Binary Code License Agreement for Java SE” to activate the download link. If you have to download the binary from a computer without a browser, you get some problems: how to click on something that needs to accessed by a browser? What happens when you click on the link (technically) is that a cookie is being set. The download site checks for that cookie and when it is set, allows you to download the binary.
With knowing that, you can use wget to download Java without having to actually click on the checkbox. Just send the cookie with wget. The command for downloading Java SE 8 u51 with wget is: