BPEL and OWSM Security

I am new to OSWM.
I am using BPEL Process as my consumer. Meaning it is an outbound message and will be sending out WSS header as username token.
I noticed that OWSM's Request Pipeline, I need to add
1. Extract Credential Policy Step - to specify to use WS-BASIC
2. File Authenticate Policy Step - Store the user [such as ABCD]and password[such as ABCD] in a file -.htpasswd
At the sametime, For the Partnerlink, BPEL.xml has this property name tag
<property name ="wsseUsername">ABCD</property>
<property name ="wssePassword">ABCD</property>
Question :
Do I need to do the File Authenticate Policy Step in OWSM ?
or
Do I need to do in BPEL only ?
or
Do I need to do both in OWSM and BPEL ?

HI,
I hope that depends on how you want to secure the BPEL service.
Either you can define the username and password in BPEL. Or
If you use OWSM, you need to again authenticate the username and password else just extacting the credentials does not make sense.
For example, if you do not use File authenticate in OWSM policy then only security the OWSM gateway will provide is "proxifying the BPEL Web Service".
Also can you clarify, if BPEL PM is sending out WSS headers then I think it is message producer not consumer.

Similar Messages

  • How to call a secure external Web Service using Oracle BPEL and OWSM

    Hi,
    i have to invoke an external secure Web Service using SOA Suite 10.1.3.1, but i don´t know how to do this. Do i use OWSM gateway or Agent? how to configure the gateway or agent to pass the required security to the external secure web service.
    thanks in advance
    Dong

    Are you getting any errors? What type of XAI Class are you using?
    One thing I've noticed is that if you are making changes to the XAI Sender you will have to restart the environment before the changes can take effect.
    Also, if you are using RTHTTPSNDR as XAI Class you may have to include the HTTP Method - Post in the context.
    Hope this helps.
    Regards,
    Philip

  • How to pass Username from OWSM Security policy in Oracle Apps Adapter .jca file

    My BPEL process uses Oracle Applications Adapter. The following is the .jca file for the Adapter.  The Username is initialized statically to "sysadmin" when I created the Adapter.Is it possible to pass in the username from the OWSM Security policy for the username value below? If so how to do? I appreciate your response.
    <adapter-config name="EBSAdapter" adapter="Apps" wsdlLocation="../WSDLs/EBSAdapter.wsdl" xmlns="http://platform.integration.oracle/blocks/adapter/fw/metadata">
      <connection-factory UIConnectionName="EBS1" location="eis/Apps/EBS1" UIConcurrentPgmName="" UIOracleAppType="DBOBJECT"/>
      <endpoint-interaction portType="EBSAdapter_ptt" operation="EBSAdapter">
        <interaction-spec className="oracle.tip.adapter.apps.AppsStoredProcedureInteractionSpec">
          <property name="SchemaName" value="APPS"/>
          <property name="PackageName" value="INTG"/>
          <property name="ProcedureName" value="GET_USER_PROFILE1"/>
          <property name="IRepInternalName" value="PLSQL:INTG:WEBCENTER_GET_USER_PROFILE1"/>
          <property name="Username" value="sysadmin"/>
          <property name="Responsibility" value="System Administrator"/>
        </interaction-spec>
      </endpoint-interaction>
    </adapter-config>

    1. Go to Invoke activity
    2. Click on Properties tab.
    3. click Add
    4. Add this property "jca.apps.Username" and map it with either variable or expression.
    5. Populate variable defined at previous step with some valid username value at runtime.
    hope this helps.
    Regards,
    Karan
    Oracle Fusion Middleware Blog

  • How to call OWSM secured web-service from ADF application

    I have a OWSM secured web-service, which takes username/password.
    I want to invoke this webservice from ADF application. ADF application has its own security and it takes its own username/password. End user can't provide the username/password for web-service call. My ADF application should call the webservice and provide it appropriate username/password.
    What is the best practice to handle such scenario. I don't want to hardcode username/password in Java (ADF) code.
    Thanks
    Sanjeev.

    it is not clear to me if you are having problems with calling java code from OIM or if the problem is the web service API.
    Lets do some divide and conquer:
    Can you create a simple java class that just writes a couple of lines to the log? Please attach this code to the OIM task and make sure it runs.
    Once this works we can start looking at the web service call.
    Best regards
    /Martin

  • Way to protect my bpel and esb jar (SOA 10g)  from reverse engineering?

    Hi All
    We would be sharing our BPEL and ESB jars with some other company for deployment? Is there a way to protect them so that they are not able to peak into the contents of the jar?
    If I extract the jar file, i can see all my XSD, WSDL, XSL, BPEL and ESB files as it is (the same as in JDEV)?
    is there a way to protect them? Please help its urgent!

    The use of a Trusted Platform Module (TPM) is a viable and extremely cost-effective alternative to the HSM, if the encryption and key-management application is designed properly. This is the approach we took when storing encrypted data and encrypted-keys within a database for our key-,management system. However, when using cryptographic hardware modules in your solution (that also meet regulatory requirements for split-knowledge and multiple key-custodians), your design for the solution must be carefully thought out to ensure that the implementation is reasonably secure and that it meets regulatory requirements. Storing an unencrypted key (or password that decrypts a PBE-based key) anywhere on a disk is an invitation for disaster.

  • [OSB and OWSM] - External Web service stacks and frameworks

    Hi everyone ! I'm starting to read about OSB and OWSM and I'm having some doubts. I've some developments of Web services with external Stacks like CXF, JBossWS, Metro and I'd like to ask some questions:
    1- Will I be able to productively leverage all features of OSB and OWSM like creating a proxy service to add WS-* standards policies and features (WS-Security, for instance) even with these web services implemented in different stacks other than Weblogic's ?
    2- If it is possible, do these web services need to be deployed at the Weblogic server to enable the OWSM and OSB to work effectively ?
    3- Even if it is possible to use the OSB and OWSM nicely with webservices developed at external stacks and deployed at other application servers is there any reason to quit using these external web service stacks in favor of Weblogic's (like features only enabled on OSB/OWSM when the services use the Weblogic stack) ?
    I suppose that if I ignore the JAX-WS stack from Weblogic and use an external framework (like CXF) I'll lose most of the application server administration capabilities since the Weblogic server won't be able to recognize the CXF stack as it does with its own.But, the main doubt I'm in is, since OSB and OWSM might be used with external providers I probably won't need to develop my web services using the Weblogic implementation (which my team does not yet know) since there will be no features of the OSB and OWSM which can only be used with the Weblogic's stack. I would like, please, to know your oppinions about these considerations. Sorry about the long post and possible errors (I just started learning).
    Thank you!

    Hi Lupan,
    I can speak mostly to OWSM as my experience with OSB is small thus far.
    +1- Will I be able to productively leverage all features of OSB and OWSM like creating a proxy service to add WS-* standards policies and features (WS-Security, for instance) even with these web services implemented in different stacks other than Weblogic's ?+
    OWSM (10gR3) has two types of policy enforcement point (PEP) -- Gateway and Agent. The Gateway acts as a remote proxy and is neutral to the service implementation technology as long as it adheres to SOAP 1.1. In this regard you can use OWSM freely with CXF, MS implementations, etc. Agents run in-process with the service and thus have far greater restrictions on what service implementation frameworks and containers that are supported. There is some certification for AXIS 1.x running in OAS and Tomcat; but practically speaking, my recommendation for Agents is to only use within OAS 10gR3 where it is built in (and using OC4J Web Services through JAX-RPC).
    OWSM 11gR1 initially supports only agent-style (in process) PEP and is built-in to Fusion Middleware and WLS. It is only for Fusion and WLS Web Service implementations.
    OWSM is quite full-featured for WS-*.
    +2- If it is possible, do these web services need to be deployed at the Weblogic server to enable the OWSM and OSB to work effectively ?+
    "No" if using OWSM Gateway PEP. A qualified "Yes" if using OWSM Agent PEP.
    +3- Even if it is possible to use the OSB and OWSM nicely with webservices developed at external stacks and deployed at other application servers is there any reason to quit using these external web service stacks in favor of Weblogic's (like features only enabled on OSB/OWSM when the services use the Weblogic stack) ?+
    There is the manageability that you mention, but also there is the identity propagation scenario and tight security integration. Both OAS and WLS hosted services in the native stacks (JAX-RPC and JAX-WS) allow sophisticated and secure passing of identity in the request -- for instance, via SAML Assertions in the WS-Sec header -- and built-in capabilities to map the passed identity into the running service's Subject (i.e. enabling JAAS security etc.).
    In my experience this type of identity propagation functionality has either been absent or less complete in other typical implementation frameworks not closely aligned with the container security mechanisms.
    Hope this helps,
    Todd

  • Propogating SAML tokens from OSB to BPEL and the reverse

    Hi
    Is there a way to propogate SAML tokens from OSB to BPEL and vise-versa. There are lots of references on using OWSM policies. Can I achieve passing tokens and asserting without them?
    Thanks
    Suman

    Starting from 11gR1 (11.1.1.3) Release, we have new feature to start transaction. OSB proxy can be configured to start a transaction.Refer to message flow transaction http://download.oracle.com/docs/cd/E14571_01/relnotes.1111/e10132/osb.htm#CJACHEHJ
    So with this feature, all we need a create a proxy say HTTP and enable this feature. OSB will start a transaction before your pipeline is invoked. Let me know if you need clarification.
    Manoj
    Edited by: Manoj Neelapu on Jun 22, 2010 8:39 AM
    Edited by: Manoj Neelapu on Jun 22, 2010 8:39 AM

  • Hi i got a new airport express for christmas and i set it up as per instructions ,i even give a static ip and wpa2 security ..the problem is is when i come to want to use it it says its not on my network and a orange triangle shows .when i reboot it works

    hi i got a new airport express for christmas and i set it up as per instructions ,i even give a static ip and wpa2 security ..the problem is is when i come to want to use it it says its not on my network and a orange triangle shows .when i reboot it works..then if i leave it a while and try iy agian its disapeared of my network...i have a bt hub 3 ....any help please ..im not sure if itsa faulty express

    I really don't have an answer for that one. I guess that while trying to get things working correctly, I would use the most basic monitor I had which in your case would be the Eizon using the Thunderbolt port and adaptor.
    When you boot into Safe Mode the startup is quite slow, but you should get the Apple logo and then the spinning gear below it (release the SHIFT key when it appears.) Then after a little more time you should see a gray progress bar appear below the spinning gear. When that disappears the computer will startup to a login screen.

  • My ipod wont let me buy apps etc... keeps saying this is the first time this device has been used and to sign in and answer security questions. I have had this account for years but cant remember the answer to the security questions. How can i fix it?

    My iPod touch wont let me buy anything, i've beem using this account for a couple of years and now it says that this is the first ime this id has been used on my device... it's not.... and to sign in and answer security questions. i cant remember the answers to the questions. How can i fix this without making a new account and losing all my stuff???

    From a Kappy  post
    The Three Best Alternatives for Security Questions and Rescue Mail
       1. Use Apple's Express Lane.
    Go to https://expresslane.apple.com ; click 'See all products and services' at the
    bottom of the page. In the next page click 'More Products and Services, then
    'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Forgotten Apple
    ID security questions' and click 'Continue'. Please be patient waiting for the return
    phone call. It will come in time depending on how heavily the servers are being hit.
    2.  Call Apple Support in your country: Customer Service: Contact Apple support.
    3.  Rescue email address and how to reset Apple ID security questions.
    A substitute for using the security questions is to use 2-step verification:
    Two-step verification FAQ Get answers to frequently asked questions about two-step verification for Apple ID.

  • I have forgotten my Apple ID and my security question. How can I change it. When I try to verify it through email it never goes through...

    I've forgotten my Apple ID and my security question. I've tried to receive the Apple ID through email but I never receive the email.

    The Best Alternatives for Security Questions and Rescue Mail
        a. Send Apple an email request at: Apple - Support - iTunes Store - Contact Us.
        b. Call Apple Support in your country: Customer Service: Contact Apple support.
        c. Rescue email address and how to reset Apple ID security questions.

  • HT201269 When I try to setup my new iPad air, I go through all the steps for the iCloud sign-in and choosing security questions and what not. But after I hit the agree to the terms and conditions... It says Apple ID could not be created because of a serve

    When I try to setup my new iPad air, I go through all the steps for the iCloud sign-in and choosing security questions and what not. But after I hit the agree to the terms and conditions... It says Apple ID could not be created because of a server error. Have no clue what to do... I've restarted the iPad and get the same message. But my internet works just fine.

    1. Turn router off for 30 seconds and on again
    2. Settings>General>Reset>Reset Network Settings

  • Passing value from ADF to BPEL, and to PL/SQL  procedure

    1. I have created BPEL which take 2 inputs and concatenate them.
    2. have created a PL/SQL procedure for invoking this BPEL( working fine).
    Now i need to create a simple ADF page which contain 2 text box, 2 for input and 1 for result(concatenate), this will take 2 inputs and send them into BPEL, this will invoke the BPEL process and perform the necessary concatenate function...
    in addition to this, i am passing code into PL/SQL procedure ...
    <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body xmlns:ns1="http://xmlns.oracle.com/OrderImportDemo">
    <ns1:InputRequest>
    <ns1:FirstName>abcdef</ns1:FirstName>
    <ns1:LastName>aaaaaa</ns1:LastName>
    </ns1:InputRequest>
    </soap:Body>
    </soap:Envelope>';
    this code will take vaule from BPEL and run properly.
    can you please help me,

    thanks for help, but the problem is diff.
    i don't have any schema, what i want i need to create a adf page that will contain 3 tent field, 2 for input and 1 for output. when i will enter 2 input field and click on ok button, this will invoke BPEL, BPEL will take these 2 inputs and do the concat on this and send back to adf with result.

  • Passing value from ADF to BPEL, and to PL/SQL

    1. I have created BPEL which take 2 inputs and concatenate them.
    2. have created a PL/SQL procedure for invoking this BPEL( working fine).
    Now i need to create a simple ADF page which contain 2 text box, 2 for input and 1 for result(concatenate), this will take 2 inputs and send them into BPEL, this will invoke the BPEL process and perform the necessary concatenate function...
    in addition to this, i am passing code into PL/SQL procedure ...
    <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body xmlns:ns1="http://xmlns.oracle.com/OrderImportDemo">
    <ns1:InputRequest>
    *<ns1:FirstName>abcdef</ns1:FirstName>*
    *<ns1:LastName>aaaaaa</ns1:LastName>*
    </ns1:InputRequest>
    </soap:Body>
    </soap:Envelope>';
    this code will take vaule from BPEL and run properly.
    can you please help me,

    Three simple steps you need to do :
    1) Generate proxy for your bpel process in Jdeveloper.
    2)Create simple ADF page with 2 input for taking value and a input for showing the result and one command button.
    3) In backing bean on command button action, get value from two inputs, pass the in the proxy service and update the the the third input with the result of service.
    --Mukul                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

  • Secure and non-secure access to the web application in one war

    Say we have one web application (in one war) which includes JSP, servlets and the security intercepter. There is one business requirement to have most of the JSP(s) accessed via HTTPS, but a few JSP(S) accessed via HTTP.
    My questions are:
    a. Is this possible, or a reasonable requirement or a good practice?
    b. if yes, what can we do to make it happen in the security intercepter implementation?
    c. If not, what is the technical reasons?
    Thanks much.

    a) Yes its is reasonable and good practive, there is an overhead using https, so you should only encrypt file you need to. When you use an online store, only account details / payments are https, the shop itself is http
    b) I dont really understand your difficulty. You can define a folder as 'secure' and put all your secure pages in this folder, leaving non secure files in a different folder. Whenever a page in the secure folder is accessed, https is automatically invoked.

  • I think my other account is hacked and the hacker changed the password and the security questions and i can't retrieve it , so does anyone know how to have a live (online) conversation with a senior or an apple employee responsible for such problems ?!

    Please help me because it's not the first time the account has been hacked, every time i found out that it was hacked i changed the password, but this time it is not easy because he changed the alternative email-adress and the security questions.

    Call the Apple support phone number for your country:
    http://support.apple.com/kb/HE57
    and the 1st tier agent should be able to assist you or transfer your call to the Account Security team.
    Regards.

Maybe you are looking for

  • GPS No longer Works after 2.1

    Has anyone else noticed after upgrading to 2.1 that GPS no longer works in google maps. I get the Cell Tower fix but it never locks onto the gps.

  • Indesign CS4 won't open after updating to Yosemite. How can I fix this?

    I have a new macbook pro, just updated to yosemite, and I use the CS4 adobe suite almost daily. Photoshop, when I opened it, required a plugin which I downloaded and that works. Illustrator works fine, but Indesign begins to boot up, then crashes. Ev

  • Report summary column

    Dear All.......... i have a report with n of pages now i want to get the sum total on each page but it should be a running page total...which mean on the first page it should display the total amount of the first page only and on the second page it s

  • Whats the switch on the 7990 for and what should it be set to ( default )

    Hi Just a quick one, what is the switch for on the 7990 ? and what is the default setting? also are there any other fans that can be fitted to this card that are a bit quieter? Cheers karl

  • Site Analyzer

    Hi, I am new to Weblogic Server and intend to use the Weblogic http server . I have found no mention of a site analyzer to measure number of hits, origin of hits etc. on the BEA site. Can anyone advise if there is a recommended product to use (if any