Migrating to Exchange Online - Overview for Oracle SOA Suite

3. July 2024

Johannes Michler PROMATIS Horus Oracle


Executive Vice President – Head of Platforms & Development

In the recent months, a lot of our customers have migrated from MS Exchange on Premise to Exchange online. A main challenge that causes problems is, that with Exchange Online it is no longer possible to sign in to send and receive Emails using Username and Password. Instead, an OAuth-Sign-In Flow is required.

Configuration for SOA Suite

The following Oracle documentation describes the basic procedure: https://docs.oracle.com/en/middleware/soa-suite/integration-adapters/12.2.1.4/develop-soa-adapters/oracle-jca-adapter-ums.html#TKADP-GUID-0CAAD2F7-915A-447C-A444-24CA490CB58F

However, that procedure has a fundamental catch: "The O365 refresh token regularly expires every 30 to 90 days. Upon expiration, you will need to generate a new token and update the email driver."

Luckily, Oracle has created a (brand new) way better way to solve this by providing standard client credentials/secrets that have a longer validity. That is described in SOA Suite UMS With Office 365 - Refresh Token (Doc ID 3028460.1)

To use this approach, you have to:

  1. Create and authorize an Azure App similar to what is described in "Configuring Oracle Workflow for OAuth 2.0 in Oracle E-Business Suite Release 12.2 and Release 12.1.3 (Doc ID 2884072.1". Go for the chapter 4 in particular; but create a client secret instead of a key there.
  2. Apply the patch 35773019
  3. While SOA Suite is still down backup and modify "the end" of /opt/soadev/Oracle_Home/user_projects/domains/soadev_domain/config/fmwconfig/usermessagingconfig.xml as follows (this is just for IMAP, for SMTP it works similarly):
<ns1:Property name="ProcessingChunkSize" value="100"/>
<ns1:Property name="ImapAuthPlainDisable" value="false"/>
<ns1:Property name="ImapAuthUseOAuth2" value="true"/>
<ns1:Property name="OAuth2AccessTokenSupplierFactory" value="oracle.sdpinternal.messaging.oauth.ums.ms.UMSO365AccessTokenSupplierFactory"/>
<ns1:Property name="O365OAuthClientID" value="944ca635-1482-4522-9f00-e88ac39c4624"/>
<ns1:Property name="O365OAuthTenantID" value="55d1ba91-f485-4cc3-ad12-6d7c3a3f05d3"/>
<ns1:Property name="O365OAuthRefreshTokenScope" value=""/>
<ns1:Property name="O365OAuthRefreshToken" value=""/>
<ns1:Property name="O365OAuthClientSecret" value="sfdgsdfg~sdfhwtwergdfsgfdsghsdhdfghgadf"/>
<ns1:Property name="O365OAuthClientSecretScope" value="https://outlook.office365.com/.default"/>

Then you can start up SOA Suite again.

Summary

Migrating the IMAP (and also the SMTP) postbox behind SOA Suite UMS from MS Exchange to Office 365 / Exchange Online is straightforward.

Due to upcoming changes regarding outbound (mass) Emails out of regular MS Exchange Online accounts you may want to think twice if you want to do outbound SMTP through Exchange Online though. I'll write another blog post on alternative SMTP Server (e.g. within Oracle OCI) shortly.