Custom SCEP policy

I need to create a SCEP policy that applies to a single computer, which will have a list of files to not scan. Would I have to create a new collection for this single computer, or is there a way that I can apply a policy to a computer directly?

Hello!
Yes, you have to create a collection, even if it's for a single computer.
Hope this helps.
Note: This posting is provided 'AS IS' with no warranties or guarantees, and confers no rights. Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and
recognises useful contributions.

Similar Messages

  • Custom SCEP Policies not applied

    Hi All,
    I've got 3 test systems with SCEP installed.  They all receive definitions just fine.  Unfortunately they are not receiving the custom antimalware policies i've created.  I found this blog that tells me a command i can run against the registry
    to see what policies are applied:
    reg query HKLM\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy /f 2 /d
    http://www.niallbrady.com/2013/02/17/how-can-i-determine-what-antimalware-policy-is-applied-to-my-scep-2012-sp1-client/
    and it returns the following:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy
        All Windows SCEP Clients Policy (Scan Schedule)    REG_DWORD    0x2
        All Windows SCEP Clients Policy (Threat Default Action)    REG_DWORD    0x2
        Windows Server Scanning Exclusions (Excluded)    REG_DWORD    0x2
        Default Client Antimalware Policy (Excluded)    REG_DWORD    0x2
        All Windows SCEP Clients Policy (Realtime Config)    REG_DWORD    0x2
        All Windows SCEP Clients Policy (Advance Setting)    REG_DWORD    0x2
        All Windows SCEP Clients Policy (Spynet)    REG_DWORD    0x2
        All Windows SCEP Clients Policy (Signature Update)    REG_DWORD    0x2
        All Windows SCEP Clients Policy (Scan)    REG_DWORD    0x2
    End of search: 9 match(es) found.
    The way I read that means that the "All Windows SCEP Clients Policy" settings are all applied.  The "Windows Server Exclusions" policy is excluded for some reason. 
    My custom policies set scan times different than the default and i have some exclusions.  When I launch the SCEP client on the local computer, i don't see the set scan times, just the default scan times.  I also don't see the exclusions. 
    I see in that req query command that the Exclusions are (Excluded), but the scan schedule should apply. The priorities on the applied AMP (antimalware policies) are:
    Default Client AntimMalware Policy  10000
    All Windows SCEP Clients Policy  21
    Windows Server Scanning Exclusions  5
    These policies are applied to appropriate collections.  When I click on the system in question in the console and look at the antimalware policies, it lists those three. 
    I cannot for the life of me get these policies to apply even though they have what i think are the right priorities.  The way i understand it, the policies stack for most of the settings.  So the default settings get set by the default policy. 
    Then the "All Windows SCEP Policy" settings would override or merge with any settings in the default policy.  Then the "Windows Server Scanning Exclusions" policy would override or merge with any of the previous two policies. 
    Am I misinterpreting things here?

    Hi,
    I don't know if you managed to resolve this. But I had similar issues and after some detective work this was being caused by Group policy preventing the processing of local group policies. Specifically, the offending setting and explanation is listed below:
    Setting Path:
    Computer Configuration/Administrative Templates/System/Group Policy
    Setting: Turn off Local Group Policy objects processing: Enabled
    Explanation
    This policy setting prevents Local Group Policy objects (Local GPOs) from being applied.
    By default, the policy settings in Local GPOs are applied before any domain-based GPO policy settings. These policy settings can apply to both users and the local computer. You can disable the processing and application of all Local GPOs to ensure that only
    domain-based GPOs are applied.
    If you enable this policy setting, the system will not process and apply any Local GPOs.
    If you disable or do not configure this policy setting, Local GPOs will continue to be applied.
    Note: For computers joined to a domain, it is strongly recommended that you only configure this policy setting in domain-based GPOs. This setting will be ignored on computers that are joined to a workgroup.
    Make sure the setting is either set to disable or not configured.
    The image below shows a RSoP on a computer where policies are applying successfully. As you can see, antimalware settings are being applied as local group policy settings

  • Osb 10gR3 - Active Intermediary proxy with custom WS-Policy files

    I'm setting up an Active Intermediary proxy, and the Security option on the proxy to "Process WS-Security header" is only usable when Custom Policy Bindings are assigned to the proxy. But I don't want to use the default Oracle policies.
    The "Select WS-Policy" popup within OSB only shows entries under the Predefined Policy tab. Yet I have custom WS-Policy files which have been imported into OSB.
    So what's the trick?

    Hi,
    Below are the steps followed
    - OSB Proxy service has 'oracle/wss_username_token_service_policy' attached to it.
    - Iam invoking this from BPEL. BPEL process has 'oracle/wss_username_token_client_policy' attached.
    - I can invoke the osb proxy from bpel by passing credentials - No Issues.
    Now I need to put some authorization restriction to the proxy service, so only specific users can access that.
    -I used Role=Admin as a policy condition restriction under security in Proxy service.
    -Then I went to proxy test console and I added the 'oracle/wss_username_token_client_policy' credentials and weblogic/xxxxx at Transport section and I was able to invoke the process. Here weblogic has a Admin Role.
    -I cannot invoke the same proxy service from BPEL in Jdeveloper now.
    All Iam trying to do is to protect my proxy by authrorization policy.
    Thanks
    Jagan.

  • Custom WS-Policy Files in Console Service Endpoint Polices List

    hi
    Not sure which WLS newsgroup for this so here goes.
    I want to assign custom WS-Policy files to a web service via the console (i.e. post-deployment).
    By default, the Service Endpoint Policies list only shows a small subset of default policy files within weblogic.jar and none of the Wssp1.2-* policy files. (i.e. only the proprietary WLS 9.0 WS-Policy files)
    Is this correct behaviour? I want to experiment with policies based on the current WS Security Policy Standard without hard-coding the names of files into the service.
    Is there a way to make these other supplied WSSecurityPolicy 1.2 policies appear in the list?
    Thanks
    Jim Nicolson

    Hi,
    Below are the steps followed
    - OSB Proxy service has 'oracle/wss_username_token_service_policy' attached to it.
    - Iam invoking this from BPEL. BPEL process has 'oracle/wss_username_token_client_policy' attached.
    - I can invoke the osb proxy from bpel by passing credentials - No Issues.
    Now I need to put some authorization restriction to the proxy service, so only specific users can access that.
    -I used Role=Admin as a policy condition restriction under security in Proxy service.
    -Then I went to proxy test console and I added the 'oracle/wss_username_token_client_policy' credentials and weblogic/xxxxx at Transport section and I was able to invoke the process. Here weblogic has a Admin Role.
    -I cannot invoke the same proxy service from BPEL in Jdeveloper now.
    All Iam trying to do is to protect my proxy by authrorization policy.
    Thanks
    Jagan.

  • GRC 10.1 custom security policy

    On GRC Java system, I am not able to create custom security policy under UME->Configuration->Security Policy. I am able to create on all other systems except GRC and NWDI system   I it related to support pack level or facility is not available on these releases
    Thanks Shankar

    Shailendra:
    Might be because there is no Java stack.  AC and PC now run on the ABAP stack and I think SAP recommends not using dual stack.  The only Java stack in the GRC 10.0 landscape that I'm aware of is for ADS.
    Thanks.
    Matt

  • Custom Eviction Policy

    Hello,
    I am storing a few Maps into Coherence - each map might have a few hundred entries. The problem i have at this point is with the eviction policies. If i set the high units on the front map of a near cache to be 100 - it never works. It sees 1 entry per map.
    I created a custom eviction policy where it will remove items from my map when the size of the map reaches the high units of that particular near cache. The problem is that this item is no longer present in the front or back map.
    Is there a way to create a custom eviction policy where i can evict entries out of the front map but not the back map?
    Thanks

    When i put my maps into tangosol i just do:
    NamedCache mCache = CacheFactory.getCache(cacheName);
    mCache.put(cacheKey, deepCopy(cacheObj));
    where cacheObject is a Map and i make a deep copy of that map for thread safety.
    The map contains over 100 entries.
    Here is my cache config file:
              <cache-mapping>
                   <cache-name>CouponCache</cache-name>
                   <scheme-name>content-near-with-eviction</scheme-name>
              </cache-mapping>
              <!--
                   Near caching scheme for all Content Caches
              -->
              <near-scheme>
                   <scheme-name>content-near-with-eviction</scheme-name>
                   <front-scheme>
                        <local-scheme>
                             <scheme-ref>default-front-eviction</scheme-ref>
                        </local-scheme>
                   </front-scheme>
                   <back-scheme>
                        <distributed-scheme>
                             <backing-map-scheme>
                                  <local-scheme>
                                       <scheme-ref>default-back-eviction</scheme-ref>
                                  </local-scheme>
                             </backing-map-scheme>
                        </distributed-scheme>
                   </back-scheme>
                   <!--
                        Specifies the strategy used keep the front-tier in-sync with the back-tier
                   -->
                   <invalidation-strategy>present</invalidation-strategy>
                   <!--
                        It specifies whether or not the cache services associated with this cache scheme should be automatically started at a cluster node.
                   -->
                   <autostart>true</autostart>
              </near-scheme>
              <!--
                   Default front cache eviction policy scheme.
              -->
              <local-scheme>
                   <scheme-name>default-front-eviction</scheme-name>
                   <!--
                        Least Frequently Used eviction policy chooses which
                        entries to evict based on how often they are being
                        accessed, evicting those that are accessed least
                        frequently first. (LFU)
                        Least Recently Used eviction policy chooses which
                        entries to evict based on how recently they were
                        last accessed, evicting those that were not accessed
                        the for the longest period first. (LRU)
                        Hybrid eviction policy chooses which entries
                        to evict based the combination (weighted score)
                        of how often and recently they were accessed,
                        evicting those that are accessed least frequently
                        and were not accessed for the longest period first. (HYBRID)
                   -->
                   <eviction-policy>
                        <class-scheme>
                             <class-name>com.att.uma.cache.eviction.MyEvictionPolicy</class-name>
                        </class-scheme>
                   </eviction-policy>
                   <eviction-policy>LRU</eviction-policy>
                   <!--
                        Used to limit the size of the cache.
                        Contains the maximum number of units
                        that can be placed in the cache before
                        pruning occurs.
                   -->               
                   <high-units>100</high-units>     
                   <expiry-delay>12h</expiry-delay>
              </local-scheme>
    I did not list all of the methods specified by the interface - as they are irrelevant to my issue.
    Here is my eviction class:
    public class MyEvictionPolicy extends AbstractMapListener implements EvictionPolicy
         private final static Log log = LogFactory.getLog(DefaultUnitCalculator.class);
         LocalCache m_cache = null;
         public MyEvictionPolicy() {}
         public void requestEviction(int cMaximum)
              int cCurrent = m_cache.getHighUnits();
              if(log.isDebugEnabled())
                   log.debug("* requestEviction: current:" + cCurrent + " to:" + cMaximum);
              // eviction policy calculations
              Iterator iter1 = m_cache.entrySet().iterator();
              while(iter1.hasNext())
                   Entry entry = (Entry) iter1.next();
                   if (cCurrent > cMaximum)
                        if((entry.getValue() instanceof Map))
                             Map map = (Map) deepCopy(entry.getValue());
                             Iterator iter2 = ((Map) entry.getValue()).keySet().iterator();
                             while(iter2.hasNext())
                                  if(cCurrent == map.size())
                                       entry.setValue(map);
                                       break;
                                  String key = (String) iter2.next();
                                  map.remove(key);
                                  if(log.isDebugEnabled())
                                       log.debug("* requestEviction: current:" + cCurrent + " to:" + cMaximum);
                   else
                        break;
    }

  • Custom Password Policy

    Hi xperts,
    I want to create a custom password policy which shoud fulfil the following requirements.
    1Allow additional alpha characters more other than A-Z and a-z. i.e the ones in Start button--->Programs>Accessories>System Tools>Character Map.
    2.Expand the default special characters list
    3 and we dont want email prefix(before @ to be used in the password).
    Any Ideas if we can do this ?

    You can put your validation using Java Script on Create User Form.----this can fulfil my 3rd requirement.
    or
    you can create custom action class which will validate your password. Change the reference of OLD action class and replace it with yours.
    I am a little new to sucg kind of customisations,can u just give me a little idea how exactly I can go about it..i.e which files to modify,which action class etc...
    Also I want this password policy for a group of users and if I modify the action class will there be an effect on the policies associated with other resources?

  • OSB 10.3 and custom signing policy

    Good morning.
    I had several problems receiving signed messages from a customer. We have an active intermediary proxy, with a custom policy based on "Sign.xml" to require signing of message body.
    But out customer is signing using a third-party solution, so our proxy can't validate his message. We are trying to create a custom policy without "bea" namespaces, that is:
    <?xml version="1.0"?>
    <wsp:Policy
      xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
      wsu:Id="firma"
      >
      <sp:SignedParts>
        <sp:Body/>
      </sp:SignedParts>
    </wsp:Policy>This policy seems to be ok, but when we try to attach this as a "Custom policy" in the proxy, it is not in the list of custom policies.
    Can't Oracle process non-propietary policy file?.
    Thanks.

    Please refer section "Creating and Using Custom WS-Policy Statements" at -
    http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/security/ws_policy.html
    Regards,
    Anuj

  • Hi, How can I attach a custom expiration policy to a content type?

    I have found a code snippet, but it only attaches one xml. The thing is, I have two XMLs, one to set the expiration date, one for the action upon expiration. I have found this question similar to the question I asked now, however, it doesn't answer my question,
    nor do blogs anywhere. Is there a solution where two xmls can be added to one custom expiration policy? Or is there a way to change the xml itself so that it contains data for both formula and action together?
    Please let me know if you need any additional info.

    I honestly haven't dealt with custom expiration policies as far as Coding one is concerned.
    http://msdn.microsoft.com/en-us/library/cc453774(v=office.12).aspx
    Talks about doing this and if this is the link you've already looked at I apologize.
    I can work on a custom solution and see what I can find if that would be any help.
    Brandon James SharePoint Developer/Administrator

  • Custom Password policy for ProxyAgent

    Solaris 10 Server Directory Server LDAP 6.3. Clients are Solaris 10.
    The clients use "proxyagent" user located in ou=profile. When I create a Global Password policy and apply to my top level dc, then this service account can "expire". I can't have my service accounts expiring...
    How do you create a custom filter with NO account lockout, expiration, etc? The DSCC wizard doesn't allow you to as the last step of the wizard must have a bug because even though you don't click the Lockout radio button, the webpage asks you to fill in a number for account lockout of 1 to 32768. Ugggh.
    Question 2: how do you apply a custom password policy to ALL of ou=people? I can do it one by one to dn's under the ou=people, but I want it on the parent so new users get the custom password policy. Everything I try, the Global Password Policy wins. (And can't seem to be done via the DSCC but rather through command line)
    Help.
    Thanks,
    Sean

    How do you create a custom filter with NO account lockout, expiration, etc?
    The DSCC wizard doesn't allow you to as the last step of the wizard must have
    a bug because even though you don't click the Lockout radio button, the
    webpage asks you to fill in a number for account lockout of 1 to 32768. Ugggh.Logged a new bug
    http://sunsolve.sun.com/search/document.do?assetkey=1-1-6787917-1
    The clients use "proxyagent" user located in ou=profile. When I create a Global Password
    policy and apply to my top level dc, then this service account can "expire". I can't have
    my service accounts expiring...Password policies have to be applied to individual accounts (manually or via CoS). So you
    may need to create a new password policy and assign it to the proxyagent user. Since DSCC
    does not seem to allow you to do that, best to munge it via the commandline (after specifying
    the lockout in dscc). Yes, it's ugly but a bug has been logged. Please contact Sun Support if
    you want a fix against 6.3 (quote the above bug number)

  • Introducing a custom Password policy to expire passwords. odsee 11g - what are the expected results

    We have left the default Password Policy untouched. As a default password aging is off. Our DS compatibility mode is now DS6 so we can add Password Policies with max age!
    Some users need to have their passwords changed regularly due to political reasons.
    We have introduced a custom Password Policy which has a pwd_Max_age value of 180 days and allows the user to Change Password. Entry is cn=Custom Pwd Policy for ABC,dc=mycorp,dc=com
    Ok. Now we get confused by the behaviour of this ODSEE 11g server. Now, we are ADDING a new custom Password Policy to just a few selected users!
    1. When we add the Policy to the user by setting the passwordpolicysubentry attribute = "cn=Custom Pwd Policy for ABC,dc=mycorp,dc=com"
    - Nothing seems to happen.
    - WHEN IS THE PASSWORD EXPIRED?
    2. After we change a password for a user who has the passwordpolicysubentry attribute, he gains a new attribute pwdChangedTime
    - IS THIS THE ONLY TIME THE EXPIRY CLOCK STARTS TICKING? *AFTER* THE PASSWORD IS CHANGED?
    3. Is it true, that if a user never changes his password, even if he gets the new custom password policy applied, his password never automatically expires????
    I just cannot work out what is supposed to happen. I would have hoped that at the very least, the password begins to expires as soon as he gets a Password Policy with pwd_Max_age set.
    How is ODSEE 11g designed/supposed to function.
    Help!!!!!
    *HH

    Sylvain ,Many thanks for your reply and suggestions. Always good to have a choice!
    So it seems the only way to get the password aging clock to tick is for the password to be changed after having the password policy applied.
    Option1 is not really an option although it certainly would make the users change the password and set up the password aging...
    The main difficulty with odsee 11g  (Version 11.1.1.7.0) is that pwdChangedTime is a system read-only attribute linked to a modification to userPassword attribute, I cannot use ldapmodify to add/modify the pwdChangedTime attribute.
    I was amazed that I can read/store the userpassword as the base64 string and replace the userpassword attribute with this value using ldapmodify. This is very easy (and works!) but will cause the pwdChangedTime attribute to contain the same time for all users. I can imagine helpdesk loving it when everyone calls them in 6 months time.
    Using the LDIF backup/restore utility looks the best option, if it succeeds. At least we can randomize the actual value of pwdChangedTime with this approach.
    Mercy Buckets.

  • How i replace default password policy with my custom password policy

    Hi All,
    can anybody help me to replace idm default password policy with my custom password policy?

    1. Go to Security --> Policies
    2. New --> String Quality Policy --> define rules --> save
    3. New --> Identity System account policy --> define rules and set the policy created in step2 to for password policy --> save
    4. Assign the policy created in step 3 to the user
    a. when create a user, under the 'Security' tab , for the 'Account policy' select the policy created in step
    b. Programattically, create /check out user view, assign the step 3 policy
    <set name='user.waveset.assignedLhPolicy'>
    <s>step 3 policy</s>
    </set>
    and checkin the view

  • ClassNotFoundException with Custom OWSM Policy in Oracle Service Bus

    Hi All,
    I have a situation where I have created a custom web service manager policy. When I attach this policy to an Oracle Service Bus Proxy Service and invoke the service I get a ClassNotFoundError
    Caused By: java.lang.ClassNotFoundException: au.com.MyClass
    at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
    at oracle.wsm.policy.util.Loader.loadClass(Loader.java:369)
    at oracle.wsm.policy.util.Loader.loadClass(Loader.java:389)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.populateAssertionExecutors(WSPolicyRuntimeExecutor.java:238)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.populateAssertionExecutors(WSPolicyRuntimeExecutor.java:279)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.init(WSPolicyRuntimeExecutor.java:162)
    at oracle.wsm.policyengine.impl.PolicyExecutionEngine.getPolicyExecutor(PolicyExecutionEngine.java:137)
    at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:101)
    at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:937)
    at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:454)
    at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:366)
    at com.bea.wli.sb.security.wss.wsm.WsmInboundHandler.processRequest(WsmInboundHandler.java:150)
    at com.bea.wli.sb.security.wss.WssHandlerImpl.doInboundRequest(WssHandlerImpl.java:223)
    at com.bea.wli.sb.context.BindingLayerImpl.addRequest(BindingLayerImpl.java:289)
    at com.bea.wli.sb.pipeline.MessageProcessor.processRequest(MessageProcessor.java:87)
    at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:593)
    at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:591)
    The jar file is in the user_projects/domains/mydomain/lib directory.
    Attaching the policy to BPEL services has no issue and the policy is invoked successfully.
    I am unable to determine why the OSB would behave differently in this regard, or what I need to configure differently in order to have it found by the class loaders for the OSB.
    Any help or suggestions appreciated.
    I am using 11.1.1.4.0
    The jar file has the necessary policy_config.xml file and the META-INF/mylabel/mypolicy.xml files in situ. As I said, it is working in the soa_server but not the OSB.

    Have you restarted servers after putting jar in $Domain_Home/lib directory? Also try after explicitly adding this jar in classpath by editing server startup script (startManagedWeblogic.cmd or .sh) or in domain env setting script (setDonainEnv.cmd or .sh) and restarting the servers.
    Regards,
    Anuj
    Edited by: Anuj Dwivedi on Mar 21, 2011 1:10 PM

  • Custom Authorization Policy

    Hello Experts,
    I need to create new custom Authorization Policies, but seems that I can create or copy only Policy from these Entity Type:
    - User Management
    - Role Management
    - Authenticated Self Service User Management
    What about the other entity Type? Why I cannot create an Authorization Policy based (for example) on Entity Type 'Scheduler'??
    Thanks in Advance and Best Regards
    AT

    Open an SR and ask Oracle for the 11gR1 unpublished API.
    We automate the creationing of an authz policy when we create a group. We were able to receive the API for 11gR1 with the understading that it was unsupported, and with a very strong business case for needing it.
    Hope that help.

  • Custom WS Policy with Service account in OSB while invoking a https service

    Hi,
    I need your help on one of my issue in invoking an https service from OSB. I read through various posting and tried the below steps in this forum
    -Added the certificate for the https site to soa domain
    -Registered the https webservice as a Business service
    -Registerd a proxy service on top of this Business service
    -In the service call out on Proxy service I did a replace operation on the entire soap header with the below string
    <soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
              <wsse:Username>sysuser@yahoo</wsse:Username>
              <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ABIHAIKLPLKLPMLERLER</wsse:Password>
         </wsse:UsernameToken>
    </wsse:Security>
    </soapenv:Header>
    -After doing all the above steps my call out worked from the test console, If you see closely the userid(sysuser@yahoo) and password(ABIHAIKLPLKLPMLERLER) is hard coded here.
    I need a way to mask the credentials and have the user pass them when they invoke the proxy service. I read through some posting and it was listed that we can create a custom policy and attach that custom policy to the Business service. But my problem here is the userid has an extra char @, so I wasn't able to create the user account with those credentials in OSB, but I was able to create the userid and password using a service account. Iam not sure how I can use this service account along with the custom policy.
    Can you please provide me a suitable approach, which will solve my issue. I appreciate your time and help
    Thanks
    Jagan.

    Hi,
    Below are the steps followed
    - OSB Proxy service has 'oracle/wss_username_token_service_policy' attached to it.
    - Iam invoking this from BPEL. BPEL process has 'oracle/wss_username_token_client_policy' attached.
    - I can invoke the osb proxy from bpel by passing credentials - No Issues.
    Now I need to put some authorization restriction to the proxy service, so only specific users can access that.
    -I used Role=Admin as a policy condition restriction under security in Proxy service.
    -Then I went to proxy test console and I added the 'oracle/wss_username_token_client_policy' credentials and weblogic/xxxxx at Transport section and I was able to invoke the process. Here weblogic has a Admin Role.
    -I cannot invoke the same proxy service from BPEL in Jdeveloper now.
    All Iam trying to do is to protect my proxy by authrorization policy.
    Thanks
    Jagan.

Maybe you are looking for

  • How do I change a photo file name, e.g. DSC001, etc.?

    When I either import or download digital images into IPhoto, I need to change the filename in some instances.  Using the Information feature in IPhoto, I give the photo a name or identifier and add other information.  However, when I then burn the ph

  • DVI to HDMI on big monitor

    I have a 28" monitor with HDMI inputs but my older 13"macbook won't "run" the monitor, will the new Macbook with NVIDIA GeForce 9400M support this size monitor (and will it work with the new Mini-coming out next week?). The display works great with m

  • 1099-misc

    Good day i am running report S_PLO_09000314.On the selection screen in the output control i put the form name for the 1099 report which i got by tcode smartforms. What are the steps that i have tp perform here. i put the 1099 forms in our printer and

  • Dyanamic data in flash button

    Hi all, is it possibile to make flash button that would on mouseover pop up and start showing some dynamic text like the name of a fund in the line the button is located? If you want to see the buttons in question - you can take a look at page: inves

  • Windows 7 users on AD cannot mount Lion Server shares

    Mac mini server 10.7.4 Local users set up (NOT Active Directory users, nor is it tied to AD services--by design) All shares set to AFP and SMB. Mac users can log in and access the shares fine. I can connect on my Windows 7 fine but mine is not connec