8/4/2020 Document 2650084.

PowerView is Off Enh

Enh30505419
30505419--WORKFLOW
WORKFLOWMAILER
MAILERSUPPORT
SUPPORT
Abdallah OF
OFOAUTH2
OAUTH2--(0)
(Available) GENERIC
GENERIC PLATFORMS
PLATFORMS
Contact Us Help

Dashboard Knowledge Service Requests Patches & Updates Community

Give Feedback...
Copyright (c) 2020, Oracle. All rights reserved. Oracle Confidential.

EBS Workflow Mailer Configuration with OAuth 2.0 Token-Based Authentication for Cloud-Based Email Services To Bottom
(Gmail, Yahoo, Office365, etc) (Doc ID 2650084.1)

In this Document Was this document helpful?

Goal Yes
No
Solution
References
Document Details

Type:
HOWTO
Status:
APPLIES TO: Last Major
PUBLISHED
Mar 23, 2020
Update:
Mar 24, 2020
Oracle Workflow - Version 12.1.3 and later Last Update:
Information in this document applies to any platform.

Related Products
GOAL
Oracle Workflow

Is there any solution provided in order to take into account the OAuth 2.0 token-based authentication for EBS Workflow Mailer ?
Information Centers
Configuring an Oracle Workflow Notification Mailer with Cloud E-Mail Servers (Doc ID 2077434.1) --- uses Basic Authentication
Oracle Information Center
and not OAuth 2.0 token-based authentication Catalog: All Products -
Section 3: Configuring Outbound Notification Mailer Processing Database - EBS - JDE - Fusion
1. Navigate to the Basic Configuration Page within the Oracle Workflow Manager component of Oracle Applications Manager - Middleware - GBUs - Siebel -
... Sun Systems - PeopleSoft -
Enterprise Manager - MICROS
- Cloud - IaaS - PaaS - SaaS
Username: Specify the user name of the account that the notification mailer uses to connect to the SMTP server. [50.2]
Password: Specify the password for the outbound user account that the notification mailer uses to connect to the SMTP
server. Privacy and Security Feature
Guidance for all Oracle
Products (On Premise) [113.2]
>> user/pwd as instructed above is using the Basic Authentication protocol configuration which will not connect any longer with
either Gmail, Yahoo or Office365 when the new OAuth2.0 token-based authentication protocol get into effect

For example, the following documents mention setting up Cloud-Based Email services but are instructing either, to use Basic Document References
Authentication (username/password) setups, or not mentioning the authentication requirements at all, hence assuming to use R12.1.1 : Oracle E-Business
the Basic Authentication: Suite Installation and Upgrade
- Is Multi Factor Authentication (MFA) Supported to Work with Java Mailer ? (Doc ID 2318926.1) Notes Release 12 (12.1.1) for
Oracle Solaris on SPARC (64-
- R12 E-Business Suite Configuring Workflow Mailer with TLS for Microsoft Office365, Gmail, or Cloud-Based Email Services for
bit) [761568.1]
12.1.3 and 12.2 (Doc ID 2051827.1)
- Workflow Notification Mailer Not Authenticating with SMTP Servers Requiring TLS Before Login (Doc ID 1903575.1) Is Multi Factor Authentication
etc. (MFA) Supported to Work with
Java Mailer ? [2318926.1]

What Mail Server Types Can

Be Used To Configure The
GMAIL/YAHOO - and Other generic Cloud-Based Email Services Workflow Java Mailer In R11i
========== and R12.+ [943578.1]

Configuring the Oracle

Google has recently announced that they will be only allowing connections using OAuth (as opposed to username/password, Workflow 2.6 Java-based
which they call Less Secure Apps access) and the deadline is June 2020 Notification Mailer with Oracle
Applications 11i [231286.1]
Refer to
Workflow Notification Mailer
https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html Not Authenticating With SMTP
Servers Requiring TLS Before
We can expect other Cloud-Based email services to follow suite Login [1903575.1]

Show More

MICROSOFT OFFICE365 Recently Viewed

=================
OAuth 2.0 Support For
Following Microsoft announcement for October 2020, saying that they will Outbound Web Services
- turn off Basic Authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP [2455078.1]
- only use Modern Authentication (OAuth 2.0 token based auth) for security concerns, afdbprf.sql fails w/ ORA-
what will be the impact for EBS Workflow Mailer, since it is using IMAP? 12514 listener does not
currently know of service
requested in connect
descriptor [434352.1]
Running adpreclone.pl
Extracted from Microsoft website for an explanation of the change implemented for Office365, please refer to:
dbTier or Autoconfig fails
----------------------------------------------------------------------------------------------------------------------------------------------- with error ORA-01882
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Improving-Security-Together/ba-p/805892 [1223243.1]

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=207160713960283&id=2650084.1&displayIndex=1&_afrWindowMode=0&_adf.ct… 1/3
8/4/2020 Document 2650084.1
... Enh
Enh30505419
30505419--WORKFLOW
WORKFLOWMAILERMAILERSUPPORT
SUPPORTOF OFOAUTH2
OAUTH2 --GENERIC
GENERIC
Autoconfig PLATFORMS
PLATFORMS
on dbTier failing
Last year we announced we are turning off Basic Authentication for Exchange Web Services on October 13, 2020. with ORA-12514 while doing
the RAC to RAC cloning for
Today, we are announcing we are also turning off Basic Authentication in Exchange Online for Exchange ActiveSync (EAS), POP, E-Business Suite
IMAP and Remote PowerShell at the same time – October 13, 2020. [1350714.1]
adcfgclone.pl appsTier
----------------------------------------------------------------------------------------------------------------------------------------------- autoconfig is failing on patch
file system: AFPCOA failed
due to ORA-12514:
TNS:listener does not
currently know of service
requested in connect
descriptor [2357063.1]
Show More
SOLUTION

GMAIL/YAHOO - and Other generic Cloud-Based Email Services

==========

Enhancement Request Bug 30505419 - WORKFLOW MAILER SUPPORT OF OAUTH2 - GENERIC PLATFORMS
was filed to deliver a solution for WF Mailer to interact with generic Cloud-Based email services using JavaMail API's (such as
ones used by Google, Yahoo, etc)

A solution is in the work with a goal of delivery on top of 12.2.10 EBS-code level.
If a solution is needed on top of EBS 12.1.3 code level then a backport must be requested once patch 30505419 has been
delivered.
An analysis of the new code requirement will need to be done as there is no guarantee the older12.1.3 techstack will be able to
handle the new security delivered with OAuth2.0

MICROSOFT OFFICE365
=================

-------------------------------------------------------------------------------------------------------------------------------------------------------
It seems Microsoft has still not completely developed their implementation of OAuth 2.0 with Office 365.

One can read the following in:

https://developer.microsoft.com/en-us/office/blogs/end-of-support-for-basic-authentication-access-to-exchange-online-apis-for-
office-365-customers/
>>> "...we are making significant investments to our service that include OAuth 2.0 support for POP, IMAP, and ... We will be
sharing more information on these new features over the coming months"

And by a Microsoft employee in a discussion forum entry:

https://stackoverflow.com/questions/29747477/imap-auth-in-office-365-using-oauth2/58072053#58072053
>>> We are actively working on OAuth support for IMAP connections to O365 mailboxes. We will make a public
announcement once the same is available.

--------------------------------------------------------------------------------------------------------------------------------------------------------

Hence Microsoft has not yet delivered a complete solution for OAuth 2.0 for their Office 365 for the IMAP protocol... which EBS
Workflow needs in order to manage notifications !
At this time, it is difficult for Oracle EBS ATG Development to deliver *ANY* solution, 12.2 included (!), for Workflow with
Office365 OAuth 2.0, if Microsoft has not yet delivered its own IMAP OAuth2.0 implementation

Enhancement Request Bug 30505419 - 30840012 - WORKFLOW MAILER SUPPORT OF OAUTH2 - OFFICE 365 PLATFORM
was filed to deliver a solution for WF Mailer to interact with Microsoft Office365 but any potential solution cannot be progressed
until Microsoft has completed their own development of a solution for IMAP using OAuth2.0 token-based authentication. Until
then, ER 30505419 will be in suspense, awaiting Microsoft solution.

This makes using Office365 for Workflow notifications a bit more risky for Oracle EBS WF customers as the deadline is short until
Office365 will not provide IMAP with Basic Authentication starting October 13, 2020.
Customers are urged to contact their Microsoft representative and express their business requirement in order for Microsoft to
implement IMAP using OAuth 2.0 with their Office 365 product.
As a potential workaround, Microsoft has already stated they do not intend to remove Basic Authentication from local Exchange
Server, so customers could revert back to using a in-house Exchange Server, instead of Office365, which might offer the only
solution for WF notifications using Microsoft email solution platform, until Microsoft decides to deliver a solution for Office365.

Once Microsoft deliver their new code for Office365 then Oracle ATG Development will need to evaluate the feasibility of WF
Mailer to use the newly-delivered Office365 IMAP OAuth2.0 Microsoft solution.
Hence, at this time, there are no guarantees WF Mailer can work with Microsoft Office365 starting October 13, 2020.
Any solution, if possible, will first be delivered on top of the new 12.2.x techstack;

A solution on top of 12.1.3 cannot be guaranteed until the final solution for EBS 12.2 connecting to Office365 had been
developed, as we do not know what technical requirements will entail Microsoft future solution. Furthermore, 12.1.3 is also
subject to restriction on new patches starting Dec 1, 2021 since the product will reach end of Extended Support to enter
Sustaining Support where only existing patches are made available.

REFERENCES

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=207160713960283&id=2650084.1&displayIndex=1&_afrWindowMode=0&_adf.ct… 2/3
8/4/2020 Document 2650084.1
NOTE:761568.1 - R12.1.1 : Oracle E-Business Suite Installation and Upgrade
Enh Notes Release
Enh30505419
30505419 12 (12.1.1)MAILER
--WORKFLOW
WORKFLOW for Oracle
MAILER Solaris onOF
SUPPORT
SUPPORT OFOAUTH2
OAUTH2--GENERIC
GENERICPLATFORMS
PLATFORMS
SPARC (64-bit)
NOTE:2318926.1 - Is Multi Factor Authentication (MFA) Supported to Work with Java Mailer ?
NOTE:943578.1 - What Mail Server Types Can Be Used To Configure The Workflow Java Mailer In R11i and R12.+
NOTE:231286.1 - Configuring the Oracle Workflow 2.6 Java-based Notification Mailer with Oracle Applications 11i
NOTE:1903575.1 - Workflow Notification Mailer Not Authenticating With SMTP Servers Requiring TLS Before Login
NOTE:2077434.1 - Configuring an Oracle Workflow Notification Mailer with Cloud E-Mail Servers
BUG:30505419 - WORKFLOW MAILER SUPPORT OF OAUTH2 - GENERIC PLATFORMS

NOTE:2051827.1 - R12 E-Business Suite Configuring Workflow Mailer with TLS for Microsoft Office365, Gmail, or Cloud Based
Email Services for 12.1.3 and 12.2
NOTE:2468254.1 - After Enabling TLS1.2 On R12.1.3, Mailer Not Using TLS1.2 Protocol While Connecting To IMAP Server On
Office365
Didn't find what you are looking for? Ask in Community...

Related
Products

Oracle E-Business Suite > Applications Technology > Integration > Oracle Workflow > Workflow Mailer > Outbound Processing

Keywords
AUTHENTICATION; BASIC AUTHENTICATION; E-BUSINESS; GMAIL; IMAP; WORKFLOW

Back to Top
Copyright (c) 2020, Oracle. All rights reserved. Legal Notices and Terms of Use Privacy Statement

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=207160713960283&id=2650084.1&displayIndex=1&_afrWindowMode=0&_adf.ct… 3/3