OWSM 11g: Difference between Message Protection Policies

Similar Messages

• Difference between message type and idoc type

  Hi
  difference between message type and idoc type
  Regards
  Rama

  Hi,
  Message Type:
  A message type represents the application message exchanged between R/3 systems and R/3 and an external system. A message type characterises the data sent across systems and relates to the structure of the data called an IDOC type.
  Diff. with IDOC type
  An IDoc type specifies the structure of the data.
  A message type specifies the meaning of the data
  Diff. b/w IDOC type and IDOC
  An IDoc type is the definition of a specific data structure.
  An IDoc is an actual instance of data based on an IDoc type. Therefore, there can be many IDocs created from a single IDoc type.
  Example:
  MATMAS is the message type and MATMAS05 is IDoc type for Material Master.
  Thanks,
  Shankar

• Difference between Message monitoring and end tot end monitoring.

  Hi,
  What exactly is the difference between message monitoring and end to end monitoring?
  I read that message monitoring is used  by end to end monitoring. Then why do we have two separate monitoring options?
  Thanks
  Hari.

  End-to-End Monitoring
  You use end-to-end monitoring in the following cases:
  ●      If you want to monitor message processing steps in a number of SAP components (to be configured).
  ●      If you want to monitor the path of individual messages through these SAP components, from start to end.
  Message Monitoring
  You use message monitoring in the following cases:
  ●      To track the status of messages
  ●      To find errors that have occurred and establish what caused them
  for detail see this
  Message Monitoring
  http://help.sap.com/saphelp_nw04/helpdata/en/2f/4e313f8815d036e10000000a114084/frameset.htm
  End-to-End Monitoring
  http://help.sap.com/saphelp_nw04/helpdata/EN/82/9e8dfe9eadbd4b9194c433e646b84e/content.htm

• What is the difference between message type and element

  hi,
  When we create a new variable in BPEL we get the option to create 'simple', 'message type', 'element'
  I would like to know what is the difference between message type and element.
  thanks
  Yatan

  A message is part of the service and is usually assigned to one of the operations in the wsdl. For example getPhoneNumer() operation may have an input message of personInput and output of phoneNum. These messages would have a type...maybe of string or decimal or a complex type with multiple values.
  An element is typically a complex type that could be defined in an xsd file.
  When you create a variable in the bpel, you can declare it as a message or a simple type or an element. As I understand it, the simple types are pre-defined in the schema namespace such as string, decimal, date, etc.
  The elements are defined in the xsd files or wsdls and can be a combination of strings, dates, etc or other stuff as well.
  The messages are defined in the wsdl as part of the input/output but they are typically assigned a type just like other variables you create.

• What is the difference between Message Monitoring and End-to-End monitoring

  Hi experts,what is the difference between Message Monitoring and End-to-End monitoring? and What is the difference between Value Mapping and Fix value?
  Thanks,
  Manoj

  HII
  You use message monitoring in the following cases:
  ● To track the status of messages
  ● To find errors that have occurred and establish what caused them
  Check this help for further info:
  http://help.sap.com/saphelp_nw04/helpdata/en/2f/4e313f8815d036e10000000a114084/content.htm
  You use end-to-end monitoring in the following cases:
  ● If you want to monitor message processing steps in a number of SAP components (to be configured).
  ● If you want to monitor the path of individual messages through these SAP components, from start to end.
  Check this help for further info:
  http://help.sap.com/saphelp_nw04/helpdata/en/82/9e8dfe9eadbd4b9194c433e646b84e/content.htm
  also refer this doc...gives more insight on various monitoring:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/0b4580be-0601-0010-d3ad-bd6ce51ae916
  ... End-to-end monitoring in SAP XI provides a graphical overview of the different XI
  components and the message flow between them. It is based on the Process Monitoring Infrastructure (PMI).
  ans also
  http://help.sap.com/saphelp_nw2004s/helpdata/en/7c/14b5765255e345a9e3f044f1e9bbbf/frameset.htm
  You use message monitoring in the following cases:
  1 To track the status of messages
  2 To find errors that have occurred and establish what caused them
  Check this help for further info:
  http://help.sap.com/saphelp_nw04/helpdata/en/2f/4e313f8815d036e10000000a114084/content.htm
  You use end-to-end monitoring in the following cases:
  1 If you want to monitor message processing steps in a number of SAP components (to be configured).
  2 If you want to monitor the path of individual messages through these SAP components, from start to end.
  Check this help for further info:
  http://help.sap.com/saphelp_nw04/helpdata/en/82/9e8dfe9eadbd4b9194c433e646b84e/content.htm
  End-to-end monitoring includes message monitoring, adapter monitoring, BPE if BPM is involved.. so end-to-end monitoring tells you complete description of your scenario......but message monitoring is concerned only with source message coming to target message successfully generated.

• What is the difference between message and multipart message?

  Does the multipart message type provides the flexibility that the schema assigned to it can be changed later on?
  Suppose if a message is assigned with the schema directly, can it not be changed(adding, deleting elements,etc)
  once deployed.
  If the receive port is set to message box, should the receive shape be assigned with multi part message type or just with a message where a schema is assigned directly.
  what should be done if the input schema which is not a multipart message type changes after deployed?

  Thread Question: Technically, there is no difference.  All messages are multi-part.  The 'single part' type in the Orchestration Designer is just a convenience offered by the Orchestration Designer, the underlying type is the same for both.
  First Question: The difference you see is that the Orchestration Designer does not enforce the Body part Type on Port bindings because it it abstracted by the Multi-Part Type, which, yes, means you can change Body Part Type without having to unhook the Port
  and Receive/Send Shapes.
  Second Question: You can make any change to a Schema, except the Root Node Name and Namespace, without affecting the Message variables or Port types at all.  So yes, you can add/remove/change elements without even opening an Orchestration.
  Third Question: There's really no difference because outside of the Orchestration Designer, there is no difference between the 'single' and Multi-Part Message type.  You will always get a filter on the Body part MessageType.

• Difference between message processor and support team

  Gurus ,
    what is the difference between the "Message Processor" field and "support team" field available in support desk message .
  we are defining a three level support . with thord level as SAP GLOBAL SUPPORT . 
  need i have to give first level in message processor and the other on the support team ?
  (or)
  what is the exact purpose and difference of those fields

  HI Susin,
  Let me tell you what i know about this issue
  1) you create your organisation structure in ppoma_crm where Support Team BP is automatically created and you do not need to create explicitly.
  2) Message processor is BP of type employee with object type US.
     can be said member of Support team (BP) which you will be assigning in the ppoma_crm transaction.This user should also have an valid S User ID.
  This support team configuration in transaction ppoma_crm has its direct link with transaction 
  crm_dno_monitor where you will filtering the messages belongs to various Support teams.
  Regards,
  Vijay.

• Working with SAML token message protection policies in JCS-SAAS extension

  Hi
  I am trying to invoke a fusion apps webservice(Journal import ADF service) , for that I have to use client side policy as:-
  oracle/wss11_saml_token_with_message_protection_client_policy.
  1) I have imported certificate into my client keystore and cacerts and using them in my client code. I have mode both defaul-keystore.jks and cacerts to JCS file systema and then using them in my client code.
  keytool -importcert -trustcacerts -file "C:\Fusion_cloud\JournalImportServiceTester\fap1530\JournalImportSC.cer" -alias journalimportsc -keystore "C:\Fusion_cloud\JournalImportServiceTester\fap1530\default-keystore.jks"
  keytool -importcert -trustcacerts -file "C:\Fusion_cloud\JournalImportServiceTester\fap1530\JournalImportSC.cer" -alias finutilsc -keystore "C:\Oracle\Middleware\jdk160_24\jre\lib\security\cacerts"
  I am using CLI (Command Line Interface) with JCS SDK to do few administration tasks in JCS, Tried to use to createCredentials in my JCS trial version as below and receiving following error.
  1) java -jar %SDK_HOME%/lib/javacloud.jar set-credential -user cloudusername -id inaccenturetrial00450 -si javatrial2180 -dc us2 -key keystore-csf-key -ku owsm -kp welcome1
  [ERROR] - Permission denied for system credential oracle.wsm.security , keystore-csf-key
  2) java -jar %SDK_HOME%/lib/javacloud.jar set-credential -user cloudusername -id inaccenturetrial00450 -si javatrial2180 -dc us2 -key enc-csf-key -ku orakey -kp welcome1
  >>>> Created OK
  3) java -jar %SDK_HOME%/lib/javacloud.jar set-credential -user cloudusername -id inaccenturetrial00450 -si javatrial2180 -dc us2 -key sign-csf-key -ku orakey -kp welcome1
  [ERROR] - Permission denied for system credential oracle.wsm.security, sign-csf-key
  Can you please suggest, how can I setup my JCS-SaaS extension to use this client policy oracle/wss11_saml_token_with_message_protection_client_policy.
  Apart from the above are there any steps needs to be done to configure trust between client and server(Fusion Apps Cloud instance).
  Thanks in advance
  Samy

  Hi Samy
  Are you trying to propagate identity to an associated FA instance that belong to the same identity domain? If so, You dont need to configure anything.  You can directly use the policy oracle/wss11_saml_token_with_message_protection_client_policy in your client. We have a sample in the SDK that showcases this.
  Thanks
  Vel

• Difference between messages and notes in Gmail

  Please forgive my ignorance.  I don't know what the difference is.  I am new to Apple but that is hardly an excuse.

  From my understanding when reading it, and mind you I do not use Gmail, that it is similar to the Windows Recycle bin. You are removing the mail from the Inbox, but instead of completely deleting it, it archives it so you can recall it. I suspect that a search at the Gmail support site might yield you more current and accurate information.

• Difference between Message View and Console Output view on JDeveloper 3.0

  Hello,
  My name is Vani Bansoodeb and I have just started learning Java.
  I am using Oracle JDeveloper 3.0 as IDE.
  I was trying the Synch.java(see below) program to learn how to
  use the "synchronized" key word.
  However, I got 2 diffent outputs, depending on the output medium.
  With the MESSAGE VIEW, I got the following output:
  [Hello
  [Synch
  [World
  With the CONSOLE WINDOW (i.e.DOS Prompt), I got the following output:
  [Hello]
  [Synch]
  [World]
  Could anyone please tell me why the right square bracket is printing on
  a new line in the first case?
  Thanx,
  Vani
  ------------Synch.java--------------------------------------------------
  class Callme {
  synchronized void call(String msg) {
  System.out.print("[" + msg);
  try{
  Thread.sleep(1000);
  }catch(InterruptedException e){
  System.out.println("Interrupted");
  System.out.println("]");
  class Caller implements Runnable{
  String msg;
  Callme target;
  Thread t;
  public Caller(Callme targ, String s){
  target = targ;
  msg = s;
  t = new Thread(this);
  t.start();
  public void run(){
  target.call(msg);
  class Synch{
  public static void main(String args[]){
  Callme target = new Callme();
  Caller ob1 = new Caller(target, "Hello");
  Caller ob2 = new Caller(target, "Synch");
  Caller ob3 = new Caller(target, "World");
  try{
  ob1.t.join();
  ob2.t.join();
  ob3.t.join();
  }catch(InterruptedException e){
  System.out.println("Exception Interrupted");
  }

  Thanks for your feedback,
  What I was wondering is: Why has the db to look for distinct values? There is a unique ocnstraint on this column so the DB should in advance know that there will be no dublicate.
  It would be intressting to check in the Oracle Optimizer does it the same way on a 10g DB.

• Message protection (Encryption) through OWSM in BPEL process 11g

  What is my requirements ?_
  I want to encrypt the messages in BPEl process using OWSM message protection policies
  What is the configuration i am using ?_
  Weblogic Server 10.3.3
  Soa Server 11.1.1.3.0
  Oracle JDeveloper 11.1.1.3.0
  What I have done so far ?_
  (1) Created one Sync BPEl process (CalledAddition) which take two input and add them and give the output
  (2) Created one more Sync BPEL process (CallerProcess) which takes two input and call the above created bpel process
  (CalledAddition) and get the response back as addition of two number.
  Now I want to Add OWSM Message protection policy to Encrypt the message in Main BPEl process(CallerProcess) and the called service (CalledAddition) decrypt the message upon invocation. It is a very simple scenario.
  For this purpose I have done the following OWSM Policy Configuration:
  (1) Created a java keystore as follows
  keytool -genkey -keyalg RSA -keystore test_keystore.jks -storepass welcome1 -alias client_key -keypass welcome1 -dname "CN=Client, OU=WEB AGE, C=US" -keysize 1024 -validity 1460
  (2) Copy the keystore (test_keystore.jks) to location domain/config/fmwconfig.
  (3) Go to EM console/WeblogicDomain/Security/Credential and delete the map oracle.wsm.security and then again created it, with no key inside.
  (4) Go to EM console/WeblogicDomain/Security/SecurityProviderConfiguration and configure the above created keystore as follows:
  (i) Keystore Type=JKS, Keystore Path=./test_keystore.jks, password=welcome1, confirmPassword=welcome1
  (ii) Signature Key:
  Key Alias=client_key, Signature Password=welcome1, confirmPassword=welcome1
  (iii)Encryption Key:
  Crypt Alias=client_key, Crypt Password=welcome1, confirmPassword=welcome1
  (5) Now restart the server (both Weblogic and SOA server)
  (6) Now again go to EM console/WeblogicDomain/Security/Credential and open expand the oracle.wsm.security map, Automatically
  the following keys are made inside it:
  (i) sign-csf-key
  (ii) enc-csf-key
  (iii) keystore-csf-key
  Created one more key inside it explicitly:
  (iv) basic.credentials with username=weblogic and password=welcome1
  (7) Go to EM console/WeblogicDomain/WebServices/Policy and cretaed the following policies:
  oracle/wss11_message_protection_service_policy:
  (i) select policy oracle/wss11_message_protection_service_policy from list and click on create like button. This will create a copy of the policy with different name.
  (ii) Give the new name as oracle/wss11_message_protection_service_policy_Copy ( which is by default)
  (iii) Local Optimization = off and enabled is checked
  (iv) Attachment Attributes …..
  Applies To=Service BIndings and Service Category=Service Clients
  (v) Assertions …..
  Select middle assertion MessageProtection and Advertised=checked and Enforced=checked
  (vi) Configuration....
  Add following Configure properties, if present already edit them as follows:
  (a) name=keystore.enc.csf.key, property set=standard-security-properites, value=enc-csf-key, Type=Optional
  (b) name=keystore.sig.csf.key, property set=standard-security-properites, value=sign-csf-key, Type=Optional
  (c) name=role, property set=standard-security-properites, Default=ultimateReceiver, Type=Optional
  (v) Setting.........
  Done the following setting
  - Message Security/include timestamp=unchecked
  - Message Signing Setting/Include entire body=unchecked (since we need only encryption, no signing of message)
  - Message Encrypt Setting/include entire body=checked
  (vi) Validate and save
  (vi) Thus a new policy is made in domain with name oracle/wss11_message_protection_service_policy_Copy
  Simmilarly create oracle/wss11_message_protection_client_policy:
  (ii) Give the new name as oracle/wss11_message_protection_client_policy_Copy ( which is by default)
  (iv) Attachment Attributes …..
  Applies To=Service BIndings and Service Category=Service Endpoint
  (vi) Configuration....
  Add following Configure properties, if present already edit them as follows:
  (a) name=keystore.recipient.alias, property set=standard-security-properites, value=client_key, Type=Optional
  (b) name=role, property set=standard-security-properites, Default=ultimateReceiver, Type=Optional
  (vi) Thus a new policy is made in domain with name oracle/wss11_message_protection_client_policy_Copy
  Rest of the steps(i,iii and v) are same as described above in case of service policy
  After creating the policies in domain attach them to the bpel process as follows:
  (1) Go to SOA project (CallerProcess) in EM console.
  (2) Click on policy tab
  (3) First attach the client policy (oracle/wss11_message_protection_client_policy_Copy) to the endpoint of the process CallerProcess.
  (4) Then attach the service policy (oracle/wss11_message_protection_serivce_policy_Copy) to the reference in CallerProcess which is calling CalledAddition.
  (5) Now test the process (CallerProcess)
  pass input say 10 and 20 in input
  Upon testing it give the following error_
  Web Service invocation Failed:
  oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: InvalidSecurity : error in processing the WS-Security security header
  I have made all thing clear. I have gone through several documents but unable to find the solution. If anyone please help me in this case.
  Thanks

  I have followed same steps and getting same errror.
  User 868153, were you able to resolve this issue.
  Appreciate your help.
  Thanks

• What's the difference between tags and labels?

  What's the difference between message tags and labels?
  Solved!
  Go to Solution.

  Indeed tags are freeform and can be added and created by anyone. Labels follow a stricter hierarchy and are usually defined on the individual community level (e.g. per ideation section, or specific to a discussion board).
  Labels are used as a filter by the community team to more easily look at specific sub-sections of content.
  Follow the latest Skype Community News
  ↓ Did my reply answer your question? Accept it as a solution to help others, Thanks. ↓

• OWSM 11g: Message Protection

  Hi All,
  I have earlier woked on OWSM 10g and implemented XML encryption and decryption. Now,I am trying to implement message protection(encryption and decryption) using OWSM 11g policies. The sample scenario consists of two web services OWSM_11g and OWSM_11g_client. The message send from OWSM_11g_client should be encrypted and signed and OWSM_11g needs to verify the signature and decrypt the message.
  Here is what i have done so far.
  a.) I have attached oracle/wss10_message_protection_client_policy to OWSM_11g and oracle/wss10_message_protection_service_policy to OWSM_11g_client.
  b.) I have configured a keystore for weblogic domain exactly as explained in the following article http://www.ora600.be/node/5000
  c.) I have enabled the logging assertion for oracle/wss10_message_protection_client_policy & oracle/wss10_message_protection_service_policy.
  The message flow between the services is proceeding without any errors. There are two problems that I am facing here:
  a.) I cannot view SOAP message in the message logs to verify the encrytion and decryption.
  b.) It seems that I may be missing out some configuration parameters as specified in the documentation required to apply above policies.
  Any inputs regarding this would be greatly helpful.

  Hi there,
  I can suggest the following to you and hopefully it should work:
  a.) Instead of using the default keystore you should set up a new keystore for the weblogic domain. You may follow the guidelines as described in the following article: http://www.ora600.be/node/5000
  b.) Specify the keystore.recipient.alias (public key which maps to client_key according to the above article) at per-client basis using the Security Configuration Details and keystore.enc.csf.key (private key which again maps to client_key according to the above article).
  c.) message_protection_client_policy and message_protection_service policy are made up of assertion templates. So, Go to the web services policy page and enable the loggin assertion for each of the policies. Here, in case both the composites are on the same soa server then, you need to turn off the local optimization. Read the above post by Ronald which explains this lucidly. On this page you may change setting for the request and response messages.
  d.) You need to check the following log file to view the soap messages logged by the assertions to verify encryption and decryption domains\soa_domain\servers\AdminServer\logs\owsm\msglogging\diagonstic.log
  Here I was able to encrypt and sign the message when both the composites were in the same soa server. However when they were in different soa server some server side error was occuring. You may try the same as an addtional exercise and update me in case you succeed.
  In case you still face any problems I will be glad to help you out.
  Regards,
  Shomit

• Require Inputs on OWSM 11g message protection policy

  Hi All,
  we are trying to achieve encryption and decryption of payload in SOA 11g using OWSM. We have configured keystores in the weblogic domain.
  I have two composites namely client and service. The client will invoke the service composite using a partner link with a payload. I have attached oracle/wss11_message_protection_client_policy to the partner link of Client composite and also attached oracle/wss11_message_protection_service_policy to the Service composite.
  When i test the composites there are no errors but i cannot see any encryption and decryption happening. I cannot see any information in the logs as well.
  If anyone has achieved message protection using OWSM 11g then please throw some light on how to go about doing it.
  Thank you in advance.
  Regards
  Narendra

  Narendra,
  Were you able to figure out solution for this.
  Thanks

• OWSM 11g: Kerberos policies

  Hi All,
  I am trying to implement authentication using oracle/wss11_kerberos_token_client_policy and oracle/wss11_kerberos_token_service_policy policies. I have download and installed the kerberos software for windows 2.6.5. Currently i have set the default values for the kerberos login module. As per the documentation i need to initialize and start the kdc. But commands in the documentation are for a unix environment whereas i am trying to run the software on a windows xp machine.
  I dont know how to proceed further.
  Any help in this regard is appreciated.

  Hi,
  In OWSM 10g there was concept of Server Agent and Client agents.The server agents were attached with the service providers and client agents were attached with client consumers.Similarly there are two types of policies available with 11g for service endpoints.One is attached with the service provider endpoint and one is attached with the consumer.
  For e.g- If there is a credit validation webservice which requires the payload to be signed and encrypted,then u attach oracle/wss10_message_protection_service_policy with it and if there is a SOA composite invoking this service,then u attach oracle/wss10_message_protection_client_policy with it.For each of the service side and client side policies some configurations/settings can be modified or overridden.
  Now oracle/wss10_message_protection_service_policy is message integrity and confidentiality service policy implementing WS-1.0 security standards.While oracle/wss10_x509_token_with_message_protection_client_policy is X509 token based authentication with message protection client policy implementing WS-1.0 security standards.
  Hence while implementing security always use the same dual pairs for service and client policies.Currently there are not many samples available but the 'Security and Administrator’s Guide for Web Services' guide is good documentation to start with for configuring security using OWSM 11g.
  Rgds,
  Mandrita