OWSM POlicy -11g

Similar Messages

• Doubt in implementing OWSM policy in osb 11g

  Hi,
  Can anybody tell me how to implement basic username-token policy in wsdl based paroxy service in osb 11 G.
  I am able to select service policy configuartion from the policies tab of proxy service in sb console,but after that i can not find any OWSM policy there to add.Pls assist me

  have you run rcu to create mds storage for the policies?
  and after that you run the configuration wizard to expand your domain with "Oracle Service Bus OWSM Extension" ?

• Probem attaching OWSM Policy to OSB Proxy Service

  Hi all,
  I am working with OSB 11g R1 and I am trying secure one proxy service by attaching one OWSM predefined policy. However, the "OWSM Policy Binding" is disabled in the Policy section of the proxy service.
  I found this thread in the forum [1] wich seems to have the same problem and I have checked that all the extensions are installed in my domain.
  Sure I missing something but I haven't found anything in the docs.
  Any tip or hint is appreciated
  Thanks in advance
  My enviroment:
  - Weblogic Server (10.3.4.0)
  - Oracle Service Bus (11.1.1.4)
  - Oracle Service Bus OWSM Extension (11.1.1.0)
  [1] OWSM Policy Binding Disabled for proxy/business server with SOAP 1.1
  Edited by: user10102092 on 27-jul-2011 2:42

  I presume you already did a fresh restart of the managed servers?Yeap, I've restarted the OSB server.
  Looking at the logs I can find this message:
  +####<Jul 27, 2011 1:25:52 PM CEST> <Info> <Common> <mydomain.com> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0000J5fLsXLFw0WFLzNM8A1EBzMW000001> <1311765952760> <BEA-000628> <Created "1" resources for pool "mds-owsm", out of which "1" are available and "0" are unavailable.>+
  So I understand that the pool is created correctly, isn't it?

• OWSM Policy in OSB

  I am trying to build a sample OSB service having the OWSM policy attached to it.I am using the option of "From OWSM Policy Store " and used the policy oracle/wss_username_token_service_policy.
  When i tried to exceute the OSB,i am getting an error as
  "oracle.wsm.policymanager.PolicyManagerException: WSM-02128 : Cannot read WSDL. [Possible Cause : unknown protocol: servicebus]"
  Looking like,some issue with the parsing of the WSDL that i used upon the service.Do i need to refer the wsdl from MDS.If,yes how can i do that in OSB.

  You may refer below blog for configuration -
  http://niallcblogs.blogspot.com/2010/07/osb-11g-and-wsm.html
  Regards,
  Anuj

• OWSM policy configurations export mechanism

  Hi,
  We have a requirement of applying owsm policies on OSB 11g proxy and business services.
  What is the best way to apply policies is it at
  1. Design time (in eclipse)
  2.Run time from from SB console
  When we shift the entire OSB projects from development environment to production how does migration takes place is it a project level configuration or server level configuration.
  Do we have two configuration files.
  1. one is OWSM policy configuration file and
  2. OWSM policy and OSB project configuration file.
  If above is the scenario we cna directly edit the config files instaed of changing the OSB project artefacts.
  Any suggetsions on OSB and OWSM policy configurations and environment chnge setup process will be of great help.
  Thanks,
  Sowmya

  Ok got it! Just followed the oracle documentation and copied it in below path and Jdev 11.1.1.4 picked it up!
  C:\Users\Amit\AppData\Roaming\JDeveloper\system11.1.1.4.37.59.23\DefaultDomain\oracle\store\gmds\owsm\policies (not copying it within oracle folder within policies as its a custom policy)
  Strange, I have Jdev 11.1.1.3 in office and it doesnt pick up the policy but Jdev 11.1.1.4 (at home) picks it up without a problem.
  is this a bug in Jdev 11.1.1.3 or my jdev in offic is corrupt?

• Attaching OWSM Policy to OSB Services

  Hi,
  Can anyone please share the detailed procedure of how to attach the OWSM policy to a Proxy Service in OSB 11g.
  The documentaion of OSB 11g doesnt provide the information of attaching the OWSM polic to OSB services.
  please refer
  http://download.oracle.com/docs/cd/E14571_01/doc.1111/e15866/owsm.htm#CHDBIJHD
  I created a Custom Policy with the predefined assertion wss_username_token_service_template .
  But i couldnt find a way to attach this policy to OSB Service. Also the OSB 11g Documentation didnt help much.
  Thanks in Advance

  Hi All,
  I figured out a way of how to attach the OWSM policy to a prox service.
  Its pretty simple in that way.
  After you create a proxy service, Click on the proxy you created which opens the "View a Proxy Service" page.
  In that there are many tabs such as
  1. Configuration Details
  2. Operational Settings
  3. SLA Alert Rules
  4. Policies
  5. Security
  In Policies tab, you can select "OWSM Policy Bindings" and then choose the policy you want.
  The only thing bothering me now is how to test it?
  I have used the following assertion to create the policy "wss_username_token_service_template "
  Any help would be appreciated.
  Cheers.

• Securing web services SOAP headers against OWSM policy

  Hi,
  I need to authenticate the user against the OWSM policy. The caller will pass username and password in SOAP headers and I need to attach WSS policy to my exposed web service.
  How to extract the Header information and then validate them against the policy.
  A simple HelloWorld sample will be of great help.
  regards
  Sanjeev

  Hi,
  For service authentication add policy wss_username_token_service_policy to client composite.Create user in security realms in adminstration console.
  While testing the service select wss username token option under security tab and test with valid credentails or from, soap UI
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>USER CREATED IN SECURITY REALMS</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PSWD ENTERED FOR THE SAME USER IN SECURITY REALMS</wsse:Password>
  </wsse:UsernameToken></wsse:Security> WITH INPUT

• Osb proxy service with owsm policy auth slow when soap request very large

  I have a proxy service which is security with owsm policy: oracle/wss_username_token_service_policy, the proxy service simply route to Business Service which directly invoke a bpel exposed web service, when I call the proxy service with soap envelope large than 15MB(not attachment), waiting about 4~5 minutes, the bpel instance created ; but when I remove the security policy:oracle/wss_username_token_service_policy, it will cost only 20 seconds, why authentication cost so long? How can I deal with the problem?
  My English is poor, please don't mind!
  besides, with my OSB version is 11.1.1.6.0

  I finally figured it out. The nullpointer exception is related to the SAML assertion. The SAML assertion in my requests is signed with embedded signature and this seems to be not supported with the used OWSM policy. Without the signature is the exception gone.
  Marian

• HTTP 503 after enabling OWSM policy on an ADF BC Service

  I deployed an ADF BC Service to soa_server1 and tested (no problem). But when I added an OWSM policy, I could no longer access the service, nor its WSDL contract.
  Here's the steps:
  1. Deploy and test your ADF BC Service with no policy
  2. In EM, go to the Web Services menu item for the deployed service application, then Policies tab.
  3. Attach the "oracle/log_policy" policy to the service's endpoint
  4. Restart the application after saving the change (as EM tells you to do).
  5. Try to access your Service and/or the Service's WSDL ==> *503 Error*
  6. Use EM to Detach the policy on the service's endpoint
  7. Restart the application after saving the change
  8. Retest -- works fine.

  Note that I can apply the same policy at Develop-Time and deploy and that works.  i.e. Specific to Attaching the policy through EM.
  Actually, Firefox fooled me with a browser cache. The same problem occurs whether the policy is applied at Develop-Time or through EM.
  -Todd
  Edited by: tbeets on May 22, 2009 1:29 PM

• OSB: Custom OWSM policy with Assertions

  I have created a custom policy. It does nothing, but just prints Test message.
  I have put the policy implementation in a .jar archive and placed that in the domain's lib directory. Then I have imported the policy to the OWSM in the EM console. All the servers were restarted.
  I have created a business service, and a proxy. In the business service policy tab, I have attached my policy as a OWSM Policy Bindings.
  When I try to test this biz service from test console, I get an error "Assertion Executor not found!"
  I'm posting a stack trace:
  <Sep 25, 2012 5:33:42 PM IST> <Error> <oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor> <BEA-000000> <Assertion Executor not found!>
  <Sep 25, 2012 5:33:42 PM IST> <Error> <oracle.wsm.resources.enforcement> <WSM-07501> <Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=CustomAssertionPOC, composite=null, modelObj=DummyPortBindingQSService, policy=null, policyVersion=null, assertionName=null.
  oracle.wsm.common.sdk.WSMException: WSM-07604 : Internal error during policy enforcement.
       at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.populateAssertionExecutors(WSPolicyRuntimeExecutor.java:266)
       at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.populateAssertionExecutors(WSPolicyRuntimeExecutor.java:285)
       at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.init(WSPolicyRuntimeExecutor.java:168)
       at oracle.wsm.policyengine.impl.PolicyExecutionEngine.getPolicyExecutor(PolicyExecutionEngine.java:137)
       at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:101)
       at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1001)
       at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:470)
       at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:373)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundHandler.java:217)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundHandler.java:215)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAs(JpsSubject.java:208)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler.processRequest(WsmOutboundHandler.java:214)
       at com.bea.wli.sb.test.service.wss.WssHandler.processRequest(WssHandler.java:279)
       at com.bea.wli.sb.test.service.ServiceMessageBuilder.buildMessage(ServiceMessageBuilder.java:180)
       at com.bea.wli.sb.test.service.ServiceMessageBuilder.buildMessage(ServiceMessageBuilder.java:99)
       at com.bea.wli.sb.test.service.ServiceMessageSender.send0(ServiceMessageSender.java:261)
       at com.bea.wli.sb.test.service.ServiceMessageSender.access$000(ServiceMessageSender.java:79)
       at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:137)
       at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:135)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
       at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
       at com.bea.wli.sb.test.service.ServiceMessageSender.send(ServiceMessageSender.java:140)
       at com.bea.wli.sb.test.service.ServiceProcessor.invoke(ServiceProcessor.java:454)
       at com.bea.wli.sb.test.TestServiceImpl.invoke(TestServiceImpl.java:172)
       at com.bea.wli.sb.test.client.ejb.TestServiceEJBBean.invoke(TestServiceEJBBean.java:167)
       at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.__WL_invoke(Unknown Source)
       at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
       at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.invoke(Unknown Source)
       at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_WLSkel.invoke(Unknown Source)
       at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:345)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
       at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_1036_WLStub.invoke(Unknown Source)
       at com.bea.alsb.console.test.TestServiceClient.invoke(TestServiceClient.java:174)
       at com.bea.alsb.console.test.actions.DefaultRequestAction.invoke(DefaultRequestAction.java:117)
       at com.bea.alsb.console.test.actions.DefaultRequestAction.execute(DefaultRequestAction.java:70)
       at com.bea.alsb.console.test.actions.ServiceRequestAction.execute(ServiceRequestAction.java:143)
       at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
  Is there anything I am doing wrong.

  Have you put the generated jar on the classpath?
  In the weblogic setDomainEnv.cmd put a row like this:
  set POST_CLASSPATH=d:\Middleware\SOASuite11gR1PS4\user_projects\domains\base_domain\lib\YOURPOLICY.jar;%POST_CLASSPATH%

• OWSM Policy Binding Disabled for proxy/business server with SOAP 1.1

  Hi,
  I am using 11pPS2.
  In osb, i created a proxy service with soap 1.1. and business proxy with soap 1.1
  Now I click Policies tab of each service,
  In Service Policy Configuration,
  OWSM Policy Bindings is disabled to choose.
  So I can't attach any OWSM policy to osb service.
  Only Custom Policy bidings are enabled.
  appreciate any help and comments on this issue

  Need check if you Extend your Oracle Service Bus domain with Oracle Web Services Manager and Oracle Enterprise Manager.
  Select the following domain templates when running the Oracle Fusion Middleware Configuration Wizard
  Oracle Service Bus OWSM Extension
  Oracle WSM Policy Manager (automatically selected when you select the OWSM Extension)
  Oracle Enterprise Manager (optional, needed for creating and managing Oracle Web Services Manager policies)

• Issue while attaching OWSM policy to OSB Business Service

  How to configure OWSM policy to NON WSDL based Business service.
  We are not able to encrypt the data for NON WSDL based Business service.
  Please help.
  Thanks,
  Mihir

  I presume you already did a fresh restart of the managed servers?Yeap, I've restarted the OSB server.
  Looking at the logs I can find this message:
  +####<Jul 27, 2011 1:25:52 PM CEST> <Info> <Common> <mydomain.com> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0000J5fLsXLFw0WFLzNM8A1EBzMW000001> <1311765952760> <BEA-000628> <Created "1" resources for pool "mds-owsm", out of which "1" are available and "0" are unavailable.>+
  So I understand that the pool is created correctly, isn't it?

• Attaching OWSM policy to only request side

  Hi all,
  I am using OSB11gr1 with OWSM extended domain. Is there a way to attach OWSM policy to only request side?
  I am using wss11_x509_token_with_message_protection_client_policy. Can I override this policy somehow to disable message protection on the response side. I looked into policy editor in OEM, there are ways to disable signing/encrypting body/header but not found any way to disable the message protection policy on response side completely
  Please suggest

  You can attach Oracle Web Services Manager policies only at the service level, and you cannot embed them in service WSDLs.
  Regards,
  Anuj

• RIDC client using JAX-WS Web Service requires OWSM policy

  Hi
  For development purposes, I want to invoke the RIDC JAX-WS Web Service (I believe this to be the 11g idc native ws) but an error is thrown stating the various policies are invalid. The fact is my instance of Weblogic is not set up with OWSM and there are no security policies applied or configured.
  I was wondering if there was a way to invoke this web service using http basic authentication and bypass the requirement to have a policy attached.
  If not, does anyone have steps on how to enable OWSM and policies, and attach these to the IDC native web services).
  Thanks
  M

  Hi Ryan
  Yes, I have tried to use the JAX-WS with configuration that I was hoping would set Basic Auth on the request, however an error is thrown stating that the required policies are invalid on the server.
  In summary:
  I create a JaxWSClient client.
  I create a binder using the client.
  I create a IdcContext using a valid username and password.
  I set up the service details and params in the binder.
  I send the request by invoking the client and passing the binder and IdcContext.
  With this basic set-up, I get a SOAP fault from the server stating that policy 'oracle/no_authentication_service_policy' and oracle/no_messageprotection_service_policy are invalid. It makes sense that there are invalid as they are not present on my weblogic instance, and it seems that because I have not specified any other configuration, that these are treated as the default policies.
  Setting up basic auth would be ideal, as I do not have control of the Weblogic instances, and so getting OWSM would be a pain. There may be some way to set up the client to use Basic Auth, but unfortunately I cannot see how.
  Cheers

• How to do Migration of OWSM policy from development to staging

  The technical document for OWSM states that it
  Supports migration of policy from development to staging, and then on to full-blown production, but there is no clear cut strategy given for the same in any of the documents. Can some body help me out in finding this info anywhere ? If somebody has implemented the same can the strategy to migrate the policy in OWSM from development to staging be shared ? Thanks in advance for the same

  Hi Bhuvi,
  We certainly had discussion with Oracle and thought about this at the very beginning of our implementation. And the answer is there is no clean way to do this in current release. So our SOP is manual process. You may have some help with Policy Templates.
  What we also heard is there will be some significant changes to WSM in r11 in terms it's metadata and support for WS-Policy standard. So we hope those changes are for better and they address the migration of service policies across environments in r11.
  HTH
  Rajesh