OWSM policy configurations export mechanism

Similar Messages

• OWSM Policy in OSB

  I am trying to build a sample OSB service having the OWSM policy attached to it.I am using the option of "From OWSM Policy Store " and used the policy oracle/wss_username_token_service_policy.
  When i tried to exceute the OSB,i am getting an error as
  "oracle.wsm.policymanager.PolicyManagerException: WSM-02128 : Cannot read WSDL. [Possible Cause : unknown protocol: servicebus]"
  Looking like,some issue with the parsing of the WSDL that i used upon the service.Do i need to refer the wsdl from MDS.If,yes how can i do that in OSB.

  You may refer below blog for configuration -
  http://niallcblogs.blogspot.com/2010/07/osb-11g-and-wsm.html
  Regards,
  Anuj

• Doubt in implementing OWSM policy in osb 11g

  Hi,
  Can anybody tell me how to implement basic username-token policy in wsdl based paroxy service in osb 11 G.
  I am able to select service policy configuartion from the policies tab of proxy service in sb console,but after that i can not find any OWSM policy there to add.Pls assist me

  have you run rcu to create mds storage for the policies?
  and after that you run the configuration wizard to expand your domain with "Oracle Service Bus OWSM Extension" ?

• OWSM Policy Binding Disabled for proxy/business server with SOAP 1.1

  Hi,
  I am using 11pPS2.
  In osb, i created a proxy service with soap 1.1. and business proxy with soap 1.1
  Now I click Policies tab of each service,
  In Service Policy Configuration,
  OWSM Policy Bindings is disabled to choose.
  So I can't attach any OWSM policy to osb service.
  Only Custom Policy bidings are enabled.
  appreciate any help and comments on this issue

  Need check if you Extend your Oracle Service Bus domain with Oracle Web Services Manager and Oracle Enterprise Manager.
  Select the following domain templates when running the Oracle Fusion Middleware Configuration Wizard
  Oracle Service Bus OWSM Extension
  Oracle WSM Policy Manager (automatically selected when you select the OWSM Extension)
  Oracle Enterprise Manager (optional, needed for creating and managing Oracle Web Services Manager policies)

• OWSM POlicy -11g

  Hi All,
  We are working on attaching OWSM policies of SOA suite 11g to secure the composites.
  Attached 'oracle/wss10_saml_token_service_policy' to the composite keeping configurations as default in saml login module.
  When we are trying to test this composite with the below payload
  <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="Id-00000127b711fabc-0000000001bda657-2" IssueInstant="2010-04-01T01:52:41Z" Issuer="www.oracle.com" MajorVersion="1" MinorVersion="1"> <saml:Conditions NotBefore="2010-04-01T01:52:41Z" NotOnOrAfter="2010-04-06T01:52:41Z"/> <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="2010-04-01T01:52:41Z"> <saml:Subject> <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">orcladmin</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> </saml:AuthenticationStatement> <saml:AttributeStatement> <saml:Attribute Name="username" NameFormat="www.oracle.com"> <saml:AttributeValue>weblogic</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="password" NameFormat="www.oracle.com"> <saml:AttributeValue>Password1</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </wsse:Security> </soap:Header> <soap:Body> <cli:process xmlns:cli="http://xmlns.oracle.com/UserProvisioning_jws/Project1/BPELProcess1"> <!--Element must appear exactly once --><cli:input>abc</cli:input> </cli:process> </soap:Body> </soap:Envelope>
  it is throwing an error
  OWSM Policy Fault : FailedAuthentication : The security token cannot be authenticated.
  Do we need to make any changes in the input payload or configuration files.
  Any pointers on the same will be more helpfull.
  Thanks,
  Sowmya

  Ok got it! Just followed the oracle documentation and copied it in below path and Jdev 11.1.1.4 picked it up!
  C:\Users\Amit\AppData\Roaming\JDeveloper\system11.1.1.4.37.59.23\DefaultDomain\oracle\store\gmds\owsm\policies (not copying it within oracle folder within policies as its a custom policy)
  Strange, I have Jdev 11.1.1.3 in office and it doesnt pick up the policy but Jdev 11.1.1.4 (at home) picks it up without a problem.
  is this a bug in Jdev 11.1.1.3 or my jdev in offic is corrupt?

• Issue while attaching OWSM policy to OSB Business Service

  How to configure OWSM policy to NON WSDL based Business service.
  We are not able to encrypt the data for NON WSDL based Business service.
  Please help.
  Thanks,
  Mihir

  I presume you already did a fresh restart of the managed servers?Yeap, I've restarted the OSB server.
  Looking at the logs I can find this message:
  +####<Jul 27, 2011 1:25:52 PM CEST> <Info> <Common> <mydomain.com> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0000J5fLsXLFw0WFLzNM8A1EBzMW000001> <1311765952760> <BEA-000628> <Created "1" resources for pool "mds-owsm", out of which "1" are available and "0" are unavailable.>+
  So I understand that the pool is created correctly, isn't it?

• Attaching OWSM Policy to OSB Services

  Hi,
  Can anyone please share the detailed procedure of how to attach the OWSM policy to a Proxy Service in OSB 11g.
  The documentaion of OSB 11g doesnt provide the information of attaching the OWSM polic to OSB services.
  please refer
  http://download.oracle.com/docs/cd/E14571_01/doc.1111/e15866/owsm.htm#CHDBIJHD
  I created a Custom Policy with the predefined assertion wss_username_token_service_template .
  But i couldnt find a way to attach this policy to OSB Service. Also the OSB 11g Documentation didnt help much.
  Thanks in Advance

  Hi All,
  I figured out a way of how to attach the OWSM policy to a prox service.
  Its pretty simple in that way.
  After you create a proxy service, Click on the proxy you created which opens the "View a Proxy Service" page.
  In that there are many tabs such as
  1. Configuration Details
  2. Operational Settings
  3. SLA Alert Rules
  4. Policies
  5. Security
  In Policies tab, you can select "OWSM Policy Bindings" and then choose the policy you want.
  The only thing bothering me now is how to test it?
  I have used the following assertion to create the policy "wss_username_token_service_template "
  Any help would be appreciated.
  Cheers.

• [TUTORIAL+KB] How to create an EML export mechanism in GW8

  Hello there folks!
  I'm pretty new to the topic of C3PO, GW and all the Novell stuff and one of my tasks was to "code an export mechanism for GW8 thats lats us save e-mails to our storage system". Ok, that was a hammer. But wrapping my head around it and starting to error out the things got me pretty far and I guessed it was tutorial material. So here we go:
  @Moderators: Please don't delete this. I need some time to wrap it all up.
  This tutorial is intendend for C# only. I don't like VB and I'm too dumb for C++ so if you need it for another dialect you need to work it out your self.
  Agenda:
  Needed packages
  C3PO wizard
  Loading to Visual Studio 2010
  Needed Imports/References
  Simple MessageBoxing
  Get Messages and stuff them into Lists
  Export single Messages
  Export multiple messages
  Registering and caching the .DLL
  Testing (please help me with a better way here)
  1. Needed packages
  the novell-gwc3po-devel-2012.11.15.zip file (unzip this after downloading)
  an installed version of Visual Studio 2012 C# (or if you want to work with a different dialect choose another)
  cmd access to some of the registering tools:
  It may be the best thing to set tose paths up in you env variables. Allthough when running the cmd with administrator privileges you can't use regasm from env variables and need to cd to the directory.
  RegAsm (regasm.exe): C:\Windows\Microsoft.NET\Framework\v4.0.30319 (the version depends on the target)
  GACUtil (gacutil.exe): C:\Program Files(x86)\Micrsoft SDKs\Windows\v7.0A\Bin\NETFX 4.0 Tools\ (this path is also dependent on your target framework version, I chose .NET4)
  StrongName (sn.exe): C:\Program Files(x86)\Micrsoft SDKs\Windows\v7.0A\Bin\NETFX 4.0 Tools\ (this path is also dependent on your target framework version, I chose .NET4)
  a good beverage :D (you should obtain multiple of these :D)
  2. The C3PO wizard
  Loading to Visual Studio 2010
  Needed Imports/References
  Simple MessageBoxing
  Get Messages and stuff them into Lists
  Export single Messages
  Export multiple messages
  Registering and caching the .DLL
  Testing (please help me with a better way here)

   can see it in the screenshot8 there is a function called "_Z8AddierenddPd" instead of "Addieren". I copied this name to Labview (see screenshot9) and it worked.
  I'm sure that there is a way to compile the shared folder with gcc without decorations (mangling). But I don't know how. If someone has a recommendation I would be very glad!
  Prepend each function declaration that you want to be available without name decoration with
  extern "C" <your function declaration>
  Or if you have multiple functions you want to export you can in the header file where you declare your functions simply use:
  #ifdef __cplusplus
  extern "C" {
  #endif
  <all your function declarations>
  #ifdef __cplusplus
  #endif
  Rolf Kalbermatter
  CIT Engineering Netherlands
  a division of Test & Measurement Solutions

• Configuring Export to PDF and Report Printing

  Greetings
  using Apex 3.1,Oracle 10g Release 2 on Hp-Unix
  i have got to Configure
  Export to PDF and Report Printing
  please mention Documents or Links for the Configuration
  thanks a lot

  Hello ahuja
  I would start here...
  [APEX Printing|http://www.oracle.com/technology/obe/apex/apex31nf/apex31rpt.htm]
  Kind regards
  Simon Gadd

• Securing web services SOAP headers against OWSM policy

  Hi,
  I need to authenticate the user against the OWSM policy. The caller will pass username and password in SOAP headers and I need to attach WSS policy to my exposed web service.
  How to extract the Header information and then validate them against the policy.
  A simple HelloWorld sample will be of great help.
  regards
  Sanjeev

  Hi,
  For service authentication add policy wss_username_token_service_policy to client composite.Create user in security realms in adminstration console.
  While testing the service select wss username token option under security tab and test with valid credentails or from, soap UI
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>USER CREATED IN SECURITY REALMS</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PSWD ENTERED FOR THE SAME USER IN SECURITY REALMS</wsse:Password>
  </wsse:UsernameToken></wsse:Security> WITH INPUT

• Osb proxy service with owsm policy auth slow when soap request very large

  I have a proxy service which is security with owsm policy: oracle/wss_username_token_service_policy, the proxy service simply route to Business Service which directly invoke a bpel exposed web service, when I call the proxy service with soap envelope large than 15MB(not attachment), waiting about 4~5 minutes, the bpel instance created ; but when I remove the security policy:oracle/wss_username_token_service_policy, it will cost only 20 seconds, why authentication cost so long? How can I deal with the problem?
  My English is poor, please don't mind!
  besides, with my OSB version is 11.1.1.6.0

  I finally figured it out. The nullpointer exception is related to the SAML assertion. The SAML assertion in my requests is signed with embedded signature and this seems to be not supported with the used OWSM policy. Without the signature is the exception gone.
  Marian

• Probem attaching OWSM Policy to OSB Proxy Service

  Hi all,
  I am working with OSB 11g R1 and I am trying secure one proxy service by attaching one OWSM predefined policy. However, the "OWSM Policy Binding" is disabled in the Policy section of the proxy service.
  I found this thread in the forum [1] wich seems to have the same problem and I have checked that all the extensions are installed in my domain.
  Sure I missing something but I haven't found anything in the docs.
  Any tip or hint is appreciated
  Thanks in advance
  My enviroment:
  - Weblogic Server (10.3.4.0)
  - Oracle Service Bus (11.1.1.4)
  - Oracle Service Bus OWSM Extension (11.1.1.0)
  [1] OWSM Policy Binding Disabled for proxy/business server with SOAP 1.1
  Edited by: user10102092 on 27-jul-2011 2:42

  I presume you already did a fresh restart of the managed servers?Yeap, I've restarted the OSB server.
  Looking at the logs I can find this message:
  +####<Jul 27, 2011 1:25:52 PM CEST> <Info> <Common> <mydomain.com> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0000J5fLsXLFw0WFLzNM8A1EBzMW000001> <1311765952760> <BEA-000628> <Created "1" resources for pool "mds-owsm", out of which "1" are available and "0" are unavailable.>+
  So I understand that the pool is created correctly, isn't it?

• HTTP 503 after enabling OWSM policy on an ADF BC Service

  I deployed an ADF BC Service to soa_server1 and tested (no problem). But when I added an OWSM policy, I could no longer access the service, nor its WSDL contract.
  Here's the steps:
  1. Deploy and test your ADF BC Service with no policy
  2. In EM, go to the Web Services menu item for the deployed service application, then Policies tab.
  3. Attach the "oracle/log_policy" policy to the service's endpoint
  4. Restart the application after saving the change (as EM tells you to do).
  5. Try to access your Service and/or the Service's WSDL ==> *503 Error*
  6. Use EM to Detach the policy on the service's endpoint
  7. Restart the application after saving the change
  8. Retest -- works fine.

  Note that I can apply the same policy at Develop-Time and deploy and that works.  i.e. Specific to Attaching the policy through EM.
  Actually, Firefox fooled me with a browser cache. The same problem occurs whether the policy is applied at Develop-Time or through EM.
  -Todd
  Edited by: tbeets on May 22, 2009 1:29 PM

• OSB: Custom OWSM policy with Assertions

  I have created a custom policy. It does nothing, but just prints Test message.
  I have put the policy implementation in a .jar archive and placed that in the domain's lib directory. Then I have imported the policy to the OWSM in the EM console. All the servers were restarted.
  I have created a business service, and a proxy. In the business service policy tab, I have attached my policy as a OWSM Policy Bindings.
  When I try to test this biz service from test console, I get an error "Assertion Executor not found!"
  I'm posting a stack trace:
  <Sep 25, 2012 5:33:42 PM IST> <Error> <oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor> <BEA-000000> <Assertion Executor not found!>
  <Sep 25, 2012 5:33:42 PM IST> <Error> <oracle.wsm.resources.enforcement> <WSM-07501> <Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=CustomAssertionPOC, composite=null, modelObj=DummyPortBindingQSService, policy=null, policyVersion=null, assertionName=null.
  oracle.wsm.common.sdk.WSMException: WSM-07604 : Internal error during policy enforcement.
       at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.populateAssertionExecutors(WSPolicyRuntimeExecutor.java:266)
       at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.populateAssertionExecutors(WSPolicyRuntimeExecutor.java:285)
       at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.init(WSPolicyRuntimeExecutor.java:168)
       at oracle.wsm.policyengine.impl.PolicyExecutionEngine.getPolicyExecutor(PolicyExecutionEngine.java:137)
       at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:101)
       at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1001)
       at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:470)
       at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:373)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundHandler.java:217)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundHandler.java:215)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAs(JpsSubject.java:208)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler.processRequest(WsmOutboundHandler.java:214)
       at com.bea.wli.sb.test.service.wss.WssHandler.processRequest(WssHandler.java:279)
       at com.bea.wli.sb.test.service.ServiceMessageBuilder.buildMessage(ServiceMessageBuilder.java:180)
       at com.bea.wli.sb.test.service.ServiceMessageBuilder.buildMessage(ServiceMessageBuilder.java:99)
       at com.bea.wli.sb.test.service.ServiceMessageSender.send0(ServiceMessageSender.java:261)
       at com.bea.wli.sb.test.service.ServiceMessageSender.access$000(ServiceMessageSender.java:79)
       at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:137)
       at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:135)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
       at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
       at com.bea.wli.sb.test.service.ServiceMessageSender.send(ServiceMessageSender.java:140)
       at com.bea.wli.sb.test.service.ServiceProcessor.invoke(ServiceProcessor.java:454)
       at com.bea.wli.sb.test.TestServiceImpl.invoke(TestServiceImpl.java:172)
       at com.bea.wli.sb.test.client.ejb.TestServiceEJBBean.invoke(TestServiceEJBBean.java:167)
       at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.__WL_invoke(Unknown Source)
       at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
       at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.invoke(Unknown Source)
       at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_WLSkel.invoke(Unknown Source)
       at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:345)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
       at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_1036_WLStub.invoke(Unknown Source)
       at com.bea.alsb.console.test.TestServiceClient.invoke(TestServiceClient.java:174)
       at com.bea.alsb.console.test.actions.DefaultRequestAction.invoke(DefaultRequestAction.java:117)
       at com.bea.alsb.console.test.actions.DefaultRequestAction.execute(DefaultRequestAction.java:70)
       at com.bea.alsb.console.test.actions.ServiceRequestAction.execute(ServiceRequestAction.java:143)
       at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
  Is there anything I am doing wrong.

  Have you put the generated jar on the classpath?
  In the weblogic setDomainEnv.cmd put a row like this:
  set POST_CLASSPATH=d:\Middleware\SOASuite11gR1PS4\user_projects\domains\base_domain\lib\YOURPOLICY.jar;%POST_CLASSPATH%

• Content Player / Policy Configuration component login modules

  Problem using Content Player u2013 HTTP 401 errors, not authorized
  Because of security concerns, we have modified our login Policy Configuration component, u201Cticketu201D to no longer use the login module u201CBasicPasswordLoginModuleu201D. We use the login module u201CSAMLLoginModuleu201D instead and direct our users through our Shibboleth based identity provider.
  We now are having a problem with the Content Player. We have configured it in http://<server>:<port>/lms/mediator/config with connection information including a username and password for both access to the ABAP system and the CMS user. We also have set SNC.
  With the BasicPasswordLoginModule removed, we get HTTP 401 errors, not authorized. We see this in a pop-up window when we try to run a WBT course and we see it in the trace files.
  When we put the BasicPasswordLoginModule back in place, we can access the course.
  We are looking for a way to redirect the Content Player to a different Policy Configuration component that we can then allow to include the BasicPasswordLoginModule.
  Is this possible?
  Where is the configuration defined that directs the Content Player to use that default Policy Configuration component?
  Can we change it to use a different Policy Configuration component?
  Deb Nugent

  It appears that we cannot (or should not) redirect the login module for the Content Player to something other than the "ticket" login method. Since we require Content Player, we re-added the BasicLoginPassword Module to the "ticket" method of logon. We knew this would allow Content Player to work. We are using other / additional security measures to ensure no one is directly accessing our systems with username/password.
  Thank-you all.
  Deb Nugent.