OWSM 11g: oracle/wss10_x509_token_with_message_protection_service_policy

Similar Messages

• OWSM 11g: oracle/wsaddr_policy policy

  Hi all,
  I am trying to understand and implement oracle/wsaddr_policy policy. The documentation says that there are no configuration required either for web service client or for OPSS. So, i am not able to comprehend the usage of this policy. Could anyone throw some light as to where and how to implement this policy?
  Regards,
  Shomit
  Edited by: Shomit Sahdev on ६ जून, २०१० ११:३२ अपराह्न

  Hi RaJdeep,
  Thank you for your inputs.But I couldnot get what I have to do here.
  Could you please pass on your contact details so that I can contact you.
  Thank you in advance.
  Regards
  Narendra

• OWSM 11g: Custom policy implementation

  Hi all,
  I am unable to replicate the example as discussed in the section 14 of Security and Administrator’s Guide for Web Services 11g Release 1 (11.1.1) B32511-03, April 2010. I am applying the custom policy on a osb (11g r3) proxy service. Kindly take a look at the steps mentioned below & suggest suitably where i may be going wrong:
  1. Creation of the IpAssertionExecutor class which holds the implementation logic (same as Step 1)
  2. Creation of the policy-config.xml file (same as Step 2)
  3. oracle.logging-utils_11.1.1.jar was also added to compile the above class.
  4. IpAssertionExecutor Class & policy-config.xml were added as a jar file as mentioned in page no: 4 of the following link: http://www.scribd.com/doc/25941008/How-to-Create-OWSM-11g-Custom-Policy-Assertion (same as Step 4)
  5. Updation of classpath (same as Step 5)
  6. Creation of oracle/ip_assertion_policy file (same as Step 2)
  7. Importing the Custom Policy File (same as Step 6)
  8. Attaching the Custom Policy to a Web Service or Client (same as Step 7)
  For testing purpose, i used soapui and specified the bind address in the request properties. However, the policy is not working as desired.
  Additionally, i hardcoded the String ipAddr (ip address) in the IpAssertionExecutor class & redeployed the jar. But still couldn't get it working.
  I shall be obliged if someone can help me.
  Thanks in advance

  In the security tab for your OSB Service, ensure that you set the radio button for processing of ws header. Otherwise no policies appear to be called.

• OWSM 11g: Difference between Message Protection Policies

  Hi all,
  I am using OWSM11g for securing web services. There are two separate policies provided oracle/wss10_message_protection_service_policy and oracle/wss10_x509_token_with_message_protection_client_policy. How does these policies differ in providing message protection?
  Additionally, I have the documentations provided by oracle regarding OWSM11g. In case, there are some addtional resources or tutorials for OWSM 11g which might help me please suggest me the same.
  Thanks in advance.

  Hi,
  In OWSM 10g there was concept of Server Agent and Client agents.The server agents were attached with the service providers and client agents were attached with client consumers.Similarly there are two types of policies available with 11g for service endpoints.One is attached with the service provider endpoint and one is attached with the consumer.
  For e.g- If there is a credit validation webservice which requires the payload to be signed and encrypted,then u attach oracle/wss10_message_protection_service_policy with it and if there is a SOA composite invoking this service,then u attach oracle/wss10_message_protection_client_policy with it.For each of the service side and client side policies some configurations/settings can be modified or overridden.
  Now oracle/wss10_message_protection_service_policy is message integrity and confidentiality service policy implementing WS-1.0 security standards.While oracle/wss10_x509_token_with_message_protection_client_policy is X509 token based authentication with message protection client policy implementing WS-1.0 security standards.
  Hence while implementing security always use the same dual pairs for service and client policies.Currently there are not many samples available but the 'Security and Administrator’s Guide for Web Services' guide is good documentation to start with for configuring security using OWSM 11g.
  Rgds,
  Mandrita

• OWSM 11g in EM behaving different than documentation

  Hi everyone,
  I'm trying to get OWSM 11g working so I just installed Soa suite 11gR1(11.1.1.2.0). All I need is to attach a predefined policy to an existing web service which exists incide an EJB in an EAR application. I'm following the instructions from http://download.oracle.com/docs/cd/E12839_01/web.1111/b32511/attaching.htm#CEGDGIHD , in the session "Viewing the Policies That are Attached to a Web Service". Unfortunately I'm expecting different screens than those shown in the Manual. In the documentation the figure 8.1 shows the tabs Operations / Policies / Chart / Configuration, but in my case the same screen shows only the operations Tab, making it impossible to attach the policies I need. Here's what I see at my environment: http://img203.imageshack.us/img203/751/erroowsm.png . I don't know if I missed something but it still not works as the documentation says (figure 8.1). Please, any help will be appretiated !
  Thanks,

  Rajesh wrote:
  Is it going above 1GB ?No, current memory utilization is 503MB, but it keeps increasing. Support specialist told me it is OK for agents with large number of targets to utilize up to 1GB of memory even if I told him I have only 11 targets on this host. I do not think 11 targets is "large number" and I do not want to wait until agent will use 1GB of memory.
  You can also check MOS note :
  How To Effectively Investigate & Diagnose Grid Control Agent High Memory Utilization Issues? [ID 1092466.1]I have read this note and did not find solution for my problem and that is why I contacted Oracle Support. I think this agent is leaking memory, but Support specialist suggests reinstalling this agent on other host.
  I do not think he understands problem and that is why I looking for other opinions.

• Require Inputs on OWSM 11g message protection policy

  Hi All,
  we are trying to achieve encryption and decryption of payload in SOA 11g using OWSM. We have configured keystores in the weblogic domain.
  I have two composites namely client and service. The client will invoke the service composite using a partner link with a payload. I have attached oracle/wss11_message_protection_client_policy to the partner link of Client composite and also attached oracle/wss11_message_protection_service_policy to the Service composite.
  When i test the composites there are no errors but i cannot see any encryption and decryption happening. I cannot see any information in the logs as well.
  If anyone has achieved message protection using OWSM 11g then please throw some light on how to go about doing it.
  Thank you in advance.
  Regards
  Narendra

  Narendra,
  Were you able to figure out solution for this.
  Thanks

• OWSM 11g: Message Protection

  Hi All,
  I have earlier woked on OWSM 10g and implemented XML encryption and decryption. Now,I am trying to implement message protection(encryption and decryption) using OWSM 11g policies. The sample scenario consists of two web services OWSM_11g and OWSM_11g_client. The message send from OWSM_11g_client should be encrypted and signed and OWSM_11g needs to verify the signature and decrypt the message.
  Here is what i have done so far.
  a.) I have attached oracle/wss10_message_protection_client_policy to OWSM_11g and oracle/wss10_message_protection_service_policy to OWSM_11g_client.
  b.) I have configured a keystore for weblogic domain exactly as explained in the following article http://www.ora600.be/node/5000
  c.) I have enabled the logging assertion for oracle/wss10_message_protection_client_policy & oracle/wss10_message_protection_service_policy.
  The message flow between the services is proceeding without any errors. There are two problems that I am facing here:
  a.) I cannot view SOAP message in the message logs to verify the encrytion and decryption.
  b.) It seems that I may be missing out some configuration parameters as specified in the documentation required to apply above policies.
  Any inputs regarding this would be greatly helpful.

  Hi there,
  I can suggest the following to you and hopefully it should work:
  a.) Instead of using the default keystore you should set up a new keystore for the weblogic domain. You may follow the guidelines as described in the following article: http://www.ora600.be/node/5000
  b.) Specify the keystore.recipient.alias (public key which maps to client_key according to the above article) at per-client basis using the Security Configuration Details and keystore.enc.csf.key (private key which again maps to client_key according to the above article).
  c.) message_protection_client_policy and message_protection_service policy are made up of assertion templates. So, Go to the web services policy page and enable the loggin assertion for each of the policies. Here, in case both the composites are on the same soa server then, you need to turn off the local optimization. Read the above post by Ronald which explains this lucidly. On this page you may change setting for the request and response messages.
  d.) You need to check the following log file to view the soap messages logged by the assertions to verify encryption and decryption domains\soa_domain\servers\AdminServer\logs\owsm\msglogging\diagonstic.log
  Here I was able to encrypt and sign the message when both the composites were in the same soa server. However when they were in different soa server some server side error was occuring. You may try the same as an addtional exercise and update me in case you succeed.
  In case you still face any problems I will be glad to help you out.
  Regards,
  Shomit

• OWSM 11g: Kerberos policies

  Hi All,
  I am trying to implement authentication using oracle/wss11_kerberos_token_client_policy and oracle/wss11_kerberos_token_service_policy policies. I have download and installed the kerberos software for windows 2.6.5. Currently i have set the default values for the kerberos login module. As per the documentation i need to initialize and start the kdc. But commands in the documentation are for a unix environment whereas i am trying to run the software on a windows xp machine.
  I dont know how to proceed further.
  Any help in this regard is appreciated.

  Hi,
  In OWSM 10g there was concept of Server Agent and Client agents.The server agents were attached with the service providers and client agents were attached with client consumers.Similarly there are two types of policies available with 11g for service endpoints.One is attached with the service provider endpoint and one is attached with the consumer.
  For e.g- If there is a credit validation webservice which requires the payload to be signed and encrypted,then u attach oracle/wss10_message_protection_service_policy with it and if there is a SOA composite invoking this service,then u attach oracle/wss10_message_protection_client_policy with it.For each of the service side and client side policies some configurations/settings can be modified or overridden.
  Now oracle/wss10_message_protection_service_policy is message integrity and confidentiality service policy implementing WS-1.0 security standards.While oracle/wss10_x509_token_with_message_protection_client_policy is X509 token based authentication with message protection client policy implementing WS-1.0 security standards.
  Hence while implementing security always use the same dual pairs for service and client policies.Currently there are not many samples available but the 'Security and Administrator’s Guide for Web Services' guide is good documentation to start with for configuring security using OWSM 11g.
  Rgds,
  Mandrita

• Error while installing OFM 11g - Oracle Identity management suite 11g

  Hi,
  I am getting following error while installing Oracle Identity management suite 11g (Oracle Internet Directory & Oracle Virtual Directory) on Red Hat Linux 5.0.
  "Error in invoking target 'client_sharedlib' of makefile '/apps/idm/Oracle/OracleHome/Oracle_Home/rdbms/lib/ins_rdbms.mk"
  the same error is repeating for others also i.e. 'all', 'install" etc.
  Can you advice me how to overcome this?
  Regards
  Chinta

  Hi Chinta,
  Pl. check for all gcc and glibc OS packages compatibility with your your OS. This will solve your problem.
  Also check that you are not installing a 32 bit IM software on a 64 bit machine or viceversa.
  regards,
  Sailesh

• Getting exception using 11G oracle driver

  upgraded oracle database from 10G to 11G, and I made the following changes in my application for 11G:
  - Updated [ORACLE_HOME]/jdbc/lib/ojdbc6.jar to the CLASSPATH
  - Application uses JDK 1.6 (compilation & runtime)
  I started 20 instances of my application on Linux box and half of the application instances failed & threw the following exceptions, but when I used 10G Oracle client jar, all the instances comes up fine. Why is 11G Oracle client jar behaving differently than 10G jar? Why am I able to bring only 10 instances up and not all (20) when i used 11G Oracle jar file?
  Oracle 11G version: 11.1.0.6.0
  Oracle 10G version: 10.2.0.3.0
  Oracle 11G client jar: ojdbc6.jar
  Oracle 10G version: ojdbc14.jar
  Here is the exception I'm getting:
  ERROR 02 Aug 2009 01:24:23,488 [main] DelegatingDataSource - java.sql.SQLRecoverableException: Io exception: Connection reset
  at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:281)
  at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:118)
  at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:224)
  at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:296)
  at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:611)
  at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:455)
  at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:494)
  at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:199)
  at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:30)
  at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:494)
  at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:398)
  at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:287)
  at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:268)
  at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:136)
  at oracle.jdbc.pool.OracleImplicitConnectionCache.makeCacheConnection(OracleImplicitConnectionCache.java:2188)
  at oracle.jdbc.pool.OracleImplicitConnectionCache.makeOneConnection(OracleImplicitConnectionCache.java:640)
  at oracle.jdbc.pool.OracleImplicitConnectionCache.defaultUserPrePopulateCache(OracleImplicitConnectionCache.java:239)
  at oracle.jdbc.pool.OracleImplicitConnectionCache.<init>(OracleImplicitConnectionCache.java:198)
  at oracle.jdbc.pool.OracleConnectionCacheManager.createCache(OracleConnectionCacheManager.java:390)
  at oracle.jdbc.pool.OracleDataSource.cacheInitialize(OracleDataSource.java:617)
  at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:572)
  at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:251)
  at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:204)
  at com.cme.fest.framework.persistence.jdbc.datasource.DelegatingDataSource.getConnection(DelegatingDataSource.java:98)
  Any help or ideas would be really appreciated.

  java.sql.SQLRecoverableException: Io exception: Connection reset
  Please refer
  Closed connection error when connection isn't being closed

• 11g Oracle ADF Certification

  Hi, can anyone help me to know, is there any certification is available for 11g Oracle ADF developers like SCJP for java developers. If available pls guide me what is the procedure to write the exam, exam fees, syllabus, eligibility.
  Thanks,
  Sankari Kannan

  Hi Sankari,
  There isn't any certification specifically on ADF. However there are are certifications on Middleware products. Do take a look at this link:
  http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=140
  regards,
  ~Krithika

• Oracle Portal 11g, Oracle WebCenter Suite or Oracle WebLogic Portal ?

  Witch of these technologies, Oracle Portal 11g,
  Oracle WebCenter Suite or Oracle WebLogic Portal ?
  is the future product of oracle ?
  I am going to use portal but I don't know witch of these product is the correct one.
  I need help to clarified it. As i am going to use portal I want to use the one that oracle intend to support

  Hi Harish,
  There are lot differences are available when you compare these three products, some them are
  Oracle Web Center Suite
  Comprises of various components such as Web Center Interaction,Oracle Entitlement Server,Oracle Personalization Server an Ensemble(for proxying content and mashups) and chat server,wiki server,blog server,forum etc are available with web center suite.The collaboration tools are out of the box,so you dont require to redevelop anything to enable collaboration for your site.Basically webcenter is more powerful when used to develop intranet sites rather than a website which requires less collaboration.
  Oracle Portal 10g
  Oracle Portal 10g is the primary oracle portal product before oracle bought BEA.The main difference is the architecture and framework,Oracle Portal uses sql/plsql intensively for processing the page as all their pages are developed from browser.Every thing you develop is streaming that is queried from DB in contrast with weblogic portal which has the feature of file based portal which is faster compared to the streaming(persistent desktops).The architecture is different compared to weblogic and webcenter.For ex:There are sql and pl/sql portlets which can be developed very faster which not there in the other two platforms.
  Oracle Weblogic Portal 10.3
  It is hot in the market right now and development is easier and architecture supports both file based and streaming,the primary features of all the portal product are more or less same but webcenter has more collaborative features.Weblogic portal is very stable as it is on WLS which is a stable weblogic server.
  I prefer if you have any previous experience on any of these products then built on that one.Else start with weblogic portal which is easier to startwith compared to others.
  Regards,
  Dinesh

• OWSM 11g:Securing Asynchronous callback

  Hi all,
  I am posting again regarding this hoping that someone may be able help me up this time.
  I am working on soa suite 11g. I have two asynchronous bpel services A and b. I want to ensure message protection for the callback received by A from B using OWSM 11g. I have attached the polices to the respective callback. But the policies are getting by passed and the plain message is transfered from A to B. Additionally I have turned off the local optimization of the policies. however it has also not helped.
  Can anyone point out what additional configuration needs to be done.
  Thanks in advance.
  Edited by: Shomit Sahdev on २५ मई, २०१० १:५८ पूर्वाह्न

  Hi,
  Just a pointer did you configure the keystore path,signing certificate and encryption key alias name and passwords in the Fusion Middleware Control console under 'Security Provider Configuration' and the decryption key password as 'keystore.enc.csf.key' under 'Credentials' in Fusion Middleware Control for both the instances?
  Rgds.

• OWSM 11g: Securing Callback

  Hi All,
  I have two asyn services A and B. I want to secure the callback from B to A. I have attached client policy (u/n authentication and message protection) to the B callback . Additionally I have attached service policy (u/n authentication and message protection) to the callback received by A.
  However the policies are not working.
  Any ideas/suggestions regarding how to secure callback using OWSM 11g will be welcomed.
  Regards

  Hi,
  Just a pointer did you configure the keystore path,signing certificate and encryption key alias name and passwords in the Fusion Middleware Control console under 'Security Provider Configuration' and the decryption key password as 'keystore.enc.csf.key' under 'Credentials' in Fusion Middleware Control for both the instances?
  Rgds.

• OWSM 11g file based authentication

  Hi,
  I have to secure a service using the username and password present in file. I'll have to use a file based authentication mechanism. As OWSM 11g doesnt have the gateway, can i achieve this functionality with OWSM 11g agent ?
  Thanks

  Can you please tell me how to create the file .htpassword. When i'm using a text editor to create this file it does not allow and message is specify file name. Is there a special utility to create such a file.