Security Provider Service in NWA on 7.3?

Similar Messages

• J2EE Security Provider Service in NWA on 7.10?

  Hi,
  In versions up to 7.0, there was a J2EE Security Provider Service which could be configured in Visual Administrator to control fine-grained security between deployed components on the system. I cannot find anything similar in NetWeaver Administrator in 7.1. Has this become obsolete or am I overlooking something?
  Thanks,
  Thorsten

  Hi,
  NWA -> Configuration Management -> security -> authentication
  here you can find the required policy configurations
  regards,
  Jozsef

• SLD Data Provider Service

  Can I access SLD Data Provider service using NWA instead of using Visual Administrator? I looked into Configuration of NWA under Application and could not find screens similar to VA. I was successful in finding JDBC Resources.
  Any help appreciated.

  Hi,
  I am not sure,but you can try out this option.
  1.Go to <b>http://hostname:http port/nwa</b> page.
  2.give administrator credentials to logon to the page.
  3.at the left hand side,for <b>System Landscape selection</b>,
  give <b>Local system administration</b>.
  4.Then at the tabs at the top,Select <b>deploy and change</b> tab.
  Under that,u will get a <b>configuration wizard</b> page.
  Underconfiguration wizard,u will get a <b>task</b> name tab.
  type<b> sld</b> there and enter.
  You will get a list of <b>Templates</b> under it.
  You eill get an option of,
  <b>Creating connections to sld and setting SLD autorizations</b>...........
  If you select that,you will have template configurator installed,where you can enter all details of SLD Data supplier.
  This would help you.
  Reward points if helpful.........

• VA - Security Provider hung

  hi all,
  We had recently deployed SP16 on our XI 7.0 NW 2004s, since then the the 'Security Provider' service neither in STOP nor in STARTED states. If i click the mouse right button to see the status (stop/start) the pop-up with start, stop are grayed out. But since this service is not RED cross marked i assume it's not in stopped state. But not sure why the stop & starting options are grayed out.
  Please help with this.
  Thanks
  Sekhar.

  By default,
  web dynpro deployed on Java stack have urls of type:
  http://server:50000/webdynpro/dispatcher/local/
  Regards,
  Tanguy

• LDAP security provider and web service authentication

  Background: we are currently developing web services to our existing weblogic application. Our users can configure user/password authentication in one of three ways: database, LDAP, or SSO. Setting SSO aside, we need to implement the same authentication for database and LDAP that we use in our existing logon servlet in our web services. In our servlet we detect which they are configured for and, if database, authenticate the encrypted password to a database table we have for user id/password. If LDAP we use weblogic.servlet.security.ServletAuthentication and the weak() method to authenticate.
  We've to use SOAP headers to communicate username/password from the client to the web service. We want to code a SOAP message handler to grab the username/password and do the authentication there. We've successfully put something together that handles the database authentication no problem and are now struggling with how to handle the LDAP authentication. We distribute a LDAP security provider we've coded for LDAP authentication. I guess what I am looking for is an equivalent functionality provided with weblogic.servlet.security.ServletAuthentication. Note that I realize the weblogic.servlet.security package has been deprecated starting with Weblogic 9.0 but cannot find what functionality replaces it. Any help there would be appreciated as well.
  Note that I am fairly new to web service development (about 10 months now) and definitely new to web service security and Weblogic security. I tried digging into the volumes of documentation out there regarding these two topics but am simply having a difficult time sorting it all out and figuring out how to do what I want to do.
  Thanks in advance!
  Julia

  Hi,
  Add Provider (LDAP Credentials) in Admin console Security Realm --> defaultrealm -->Providers. Configuring Ldap in Admin Console will enable Admin Server to connect to LDAP. All the LDAP preconfigured Users/Groups will be available in Users and Groups Tab of Security Realms >defaultrealm >Users and Groups. Add Roles using Security Realms >defaultrealm > Roles and Policies > Global Roles > Roles. Add Role Conditions to the role by specifying users/groups configured in LDAP. If your webservice runs with SSL Anotate the Webservice file something like this below.
  @RolesAllowed({
  @SecurityRole(role="test")
  @Policy(
  uri="policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml",
  attachToWsdl=true)
  Here the role is Preconfigired role in AdminConsole. Add the following tag in the soapenv:header.
  <soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken>
  <wsse:Username>test</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>

• How can you manage ssl service provider service in PI 7.1?

  Hello there..
  I am trying to find a place in Netweaver admin tool so that I can add CA certificate into the SSL provider service Trusted Certification Authorities list. I use to be able to do that in Visual Admin tool -> dispatcher node -> Services -> SSL Provider -> Runtime tab -> Client Authentication, but now I cannot find anywhere in the NetWeaver Admin tool.
  Thanks.
  Jerry.

  Hi Jerry,
  Once you login to the NWA, follow this path
  Configuration Management -> Security -> Certificate and keys ->
  You need to import the client certificate under ICM_SSL_xxx and you can find SSL_Provider if you scroll completly down. You need to import the private key of the client certificate under ICM_SSL_xxx.
  You have even Trusted CA's under this list. Please let me know if you have any problems.
  Thanks,
  Srini
  Edited by: srinivas kapu on Dec 18, 2008 9:58 PM

• Problems to invoke a secure Web service from Oracle BPM Studio 10.3

  Hi all
  I'm trying to consume a web service through HTTPS protoloco Oracle BPM Studio v10.3, but I get the following error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
  Some help!!
  Thanks

  Without going into any technical discussion about the code, my first question is what JDK version was used to create this which was imported into the form? Understand that Forms 10 runs on JDK 1.4.2, so if you used any newer JDK version, likely there will be problems.

• The Secure Store Service application Secure Store Service Proxy is not accessible

  I am working on setting up a new SharePoint 2013 Farm for our external web site which is currently running on 2010 SharePoint. Because this is an External Website for our organization we have an internally available Publishing Site and there is an Web App
  Extension to provide Anon Access to users using the www address. Currently I am doing everything on a single server for testing with HOSTS entries to loop back so I can test with real host headers and not impact the 2010 prod environment. We will be setting
  up 2 more WFEs with a NLB before moving this into prod but it isn't there yet. We brought the Site Collection Databases over but are still running in 2010 mode for now.
  I migrated a copy of the Secure Store Database over from 2010 and had it put on the 2013 Farm's Database Server. Set up Secure Store and the Secure Store Proxy. I went into the Secure Store Proxy in CA and refreshed the Key with the proper Pass Phrase. After
  doing that I could see the Target Application IDs listed. Everything was looking good so I went off to test. If I am on the publishing site I can go to a page that has the solution on it and it operates as expected. It does a query to a non SharePoint database
  and returns information filtered based on the search parameters. The only odd thing I see is if I click on the "Site Actions" I get a message "An error has occurred with the data fetch. Please refresh page and retry." Need to look into
  that more but it only happens on pages that have these solutions. Maybe a clue. If I go to the Anonymous Access page (www......) and try and use the solution, it immediately (way too quick to appear like it is doing anything) comes back with "The security
  token request cannot be completed."
  If I dig through the usage logs I am finding the following.
  The Secure Store Service application Secure Store Service Proxy is not accessible. The full exception text is: The security token request cannot be completed.
  Unexpected exception from endpoint address : https://[Servername]:32844/4e87fd3aabb640fb8cc3ed52188cf5c0/SecureStoreService.svc/https
  Logging unknown/unexpected client side exception: InvalidOperationException. This will cause this application server to be removed from the load balancer queue. Exception: System.InvalidOperationException: The security token request cannot be completed.
      at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForServiceContext(Uri contextUri)     at Microsoft.SharePoint.SPChannelFactoryOperations.InternalCreateChannelActingAsLoggedOnUser[TChannel](ChannelFactory`1 factory, EndpointAddress
  address, Uri via)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.GetChannel(Uri address)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.Execute[T](String operationName,
  Boolean validateCanary, ExecuteDelegate`1 operation).
  Initially I was fighting a firewall issue because it wasn't working (different errors) on both sides. Had Network Engineers open firewall ports needed and now it works on the publishing side. Still the same error on the Anon side. I suspect I have missed
  something when it comes to configuring the Secure Store to allow access to anonymous connections.
  Let me know if you need any more information but that should paint a pretty good picture as to how things are set up.
  Thanks for any help on this one. Searches haven't found much that has helped so far.

  Hi Sennister,
  I recommend to verify the things below:
  Did this issue occur with all the pages in the anonymous side?
  Check if the Claims to Windows Token Service is started.
  Change the <identity impersonate="true" /> in the web.config to see if the issue still occurs.
  Thanks,
  Victoria
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Victoria Xia
  TechNet Community Support

• How to consume a secure web service?

  Could someone post me an sample to invoke the certificate based secure web service?
  All I have is wsdl, certificate (.pfx file) and password and client jar file. Searching for the sample program to access the secure web service.
  I work on weblogic workshop.

  Unfortunately, I have just been provided with the endpoint and the SOAP action. Don't have any other details :(

• Errors with SharePoint Security Token Service: "The revocation function was unable to check revocation for the certificate"

  I'm getting these errors in the eventlog and ULS, "An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root
  Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS CERTIFICATE THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate."
  The errors point to the SharePoint Security Token Service as the issue ("The revocation function was unable to check revocation for the certificate") reported back by the Topology service.  This is apparent when executing a search, accessing
  the managed metadata service, issuing SPSite commands in Powershell, or anything that needs to run through the "SharePoint Web Services" site.  I've looked at the certificate assigned to that site and everything appears to be in order. 
  It would seem to me to be either an incorrect endpoint configuration (internally cached perhaps?) or related to security access for the configuration database (in order to validate the certificate root).
  What I’ve tried so far:
  I’ve been all over the certificate settings, both in the server store, and within SharePoint Token Service config.  Both appear to be configured correctly such that the root CAs can be validated.
  Re-entered the passwords for the application pool domain accounts to eliminate these as a potential cause.  I’ve also verified the service accounts reporting the error, do have access to the configuration database.
  Re-provisioned the STS service to see if that might clear out any cached issues and validated everything else according to this
  MS Tech note.
  So far nothing has worked.  Is there anything else I could be looking at that I've missed? (Full eventlog detail below)
  Log Name:      Application
  Source:        Microsoft-SharePoint Products-SharePoint Foundation
  Date:          2/20/2015 11:19:41 AM
  Event ID:      8311
  Task Category: Topology
  Level:         Error
  Keywords:      
  User:          <SP SERVICE ACCOUNT>
  Computer:      <SHAREPOINTSERVER>
  Description:
  An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS
  CERT THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
      <EventID>8311</EventID>
      <Version>14</Version>
      <Level>2</Level>
      <Task>13</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000000</Keywords>
      <TimeCreated SystemTime="2015-02-20T17:19:41.213852500Z" />
      <EventRecordID>1611121</EventRecordID>
      <Correlation />
      <Execution ProcessID="10212" ThreadID="10328" />
      <Channel>Application</Channel>
      <Computer><SHAREPOINTSERVER></Computer>
      <Security UserID="<SP SERVICE ACCOUNT>" />
    </System>
    <EventData>
      <Data Name="string0">CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string1">CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string2"><STS CERT THUMBPRINT></Data>
      <Data Name="string3">RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  </Data>
    </EventData>
  </Event>

  Hi Darren,
  This problem seems to occur when an administrator deletes the local trust relationship of the farm from the Security section of the Central Administration website
  In order to resolve this problem, the local trust relationship has to be created. This can be done by running the following PowerShell commands
  $rootCert = (Get-SPCertificateAuthority).RootCertificate
  New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert
  After running the above commands, perform an IISReset on all servers in the farm.
  More information:
  http://support.microsoft.com/kb/2545744
  Best Regards,
  Wendy
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Wendy Li
  TechNet Community Support

• Error while invoking secure web service.

  Hi,
  I am trying to access a secure web service through a simple BPEL process in SOA Suite 11g. When I test it through enterprise manager I am getting the following error. Since it's a secured websecure i set the WS policy(oracle/wss_username_token_client_policy) in the external reference and also provided the credentials. If anyone has come across similar error or know the solution please let me know. Also I am not sure if its related to security or is it with the way I am trying to call the service.
  Error Message:
  Fault ID     reference:80014
  Fault Time     May 22, 2011 12:54:45 PM
  Non Recoverable System Fault :
  javax.xml.ws.soap.SOAPFaultException: 99999: Unknown Service
  Error Message: {http://schemas.oracle.com/bpel/extension}remoteFault
  Fault ID     default/Mocking!1.0*soa_be35cb3e-5f05-49df-a696-a653d5703681/BPELProcess1/30017-BpInv0-BpSeq0.3-3
  Fault Time     May 22, 2011 12:54:46 PM
  Non Recoverable System Fault :
  <bpelFault><faultType>0</faultType><remoteFault xmlns="http://schemas.oracle.com/bpel/extension"><part name="summary"><summary>99999: Unknown Service</summary></part><part name="detail"><detail>&lt;con:fault xmlns:con="http://www.bea.com/wli/sb/context"> &lt;con:errorCode>99999&lt;/con:errorCode> &lt;con:reason>Unknown Service&lt;/con:reason> &lt;con:location> &lt;con:node>PipelinePairNode1&lt;/con:node> &lt;con:pipeline>PipelinePairNode1_request&lt;/con:pipeline> &lt;con:stage>stage1&lt;/con:stage> &lt;/con:location> &lt;/con:fault> </detail></part><part name="code"><code>soap:Server</code></part></remoteFault></bpelFault>

  Thanks very much for your suggestion. I will take a look into the wsdl again and see if something is wrong in that.
  I have a peculiar problem with the wsdl. When I created the partner link using the remote wsdl it would throw a compilation error. But when I took a local copy of the remote wsdl and seperated all the schema's from the wsdl and imported them inside wsdl it gets compiled. But I am not sure if this is a appropriate thing to do and if that is creating this problem. Any thoughts on this would be really helpful.

• OWSM 11g: Invoking a secured web service through a java proxy service

  Hi All,
  I am trying to call a secured bpel service which is expecting a username token password. I have created a java proxy service for the same. I now need to add the username token to the same. Can anyone please guide me in this regard.
  Thanks in advance.

  Just to add some pointers,
  I added the following code to the proxy still the soap headers is not getting propagated.
  OrderBookingAndShipment orderBookingAndShipment = orderbookingandshipment_client_ep.getOrderBookingAndShipment_pt();
  String username = "OWSM_11g";
  String password = "password";
  List credProviders = new ArrayList();
  //client side UsernameToken credential provider
  CredentialProvider cp = new ClientUNTCredentialProvider(username.getBytes(),password.getBytes());
  credProviders.add(cp);
  Map<String,Object> context = ((BindingProvider) orderBookingAndShipment).getRequestContext();
  context.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST,credProviders);

• Create a Secure Client for a Secure Web Service- is failing

  Hi,
  This is actually with reference to the webservice tutorial.I am trying the example on Create a Secure Client for a Secure Web Service and have followed all the steps mentioned,however I am getting the following error:
  D:\JDev11gTp\jdk\bin\javaw.exe -client -classpath D:\Jdev11gTpInstance\mywork\WebServiceApplications\.adf;D:\Jdev11gTpInstance\mywork\WebServiceApplications\WebServiceProjects\classes;D:\JDev11gTp\webservices\lib\jaxws-api.jar;D:\JDev11gTp\webservices\lib\jws-api.jar;D:\JDev11gTp\webservices\lib\orawsmetadata.jar;D:\JDev11gTp\webservices\lib\wsclient.jar;D:\JDev11gTp\j2ee\home\lib\activation.jar;D:\JDev11gTp\j2ee\home\lib\ejb.jar;D:\JDev11gTp\j2ee\home\lib\jms.jar;D:\JDev11gTp\j2ee\home\lib\jta.jar;D:\JDev11gTp\j2ee\home\lib\mail.jar;D:\JDev11gTp\j2ee\home\lib\servlet.jar;D:\JDev11gTp\webservices\lib\jaxrpc-api.jar;D:\JDev11gTp\webservices\lib\wsserver.jar;D:\JDev11gTp\webservices\lib\wssecurity.jar;D:\JDev11gTp\webservices\lib\wsdl.jar;D:\JDev11gTp\webservices\lib\orasaaj.jar;D:\JDev11gTp\webservices\lib\saaj-api.jar;D:\JDev11gTp\webservices\lib\orawsdl.jar;D:\JDev11gTp\webservices\lib\orawsrm.jar;D:\JDev11gTp\webservices\lib\orawsrel.jar;D:\JDev11gTp\webservices\lib\jaxr-api.jar;D:\JDev11gTp\webservices\lib\orajaxr.jar;D:\JDev11gTp\webservices\lib\relaxngDatatype.jar;D:\JDev11gTp\webservices\lib\xsdlib.jar;D:\JDev11gTp\webservices\lib\mdds.jar;D:\JDev11gTp\webservices\lib\wsif.jar;D:\JDev11gTp\webservices\lib\fabric-common.jar;D:\JDev11gTp\webservices\lib\fabric-interceptors.jar;D:\JDev11gTp\jlib\jaxen.jar;D:\JDev11gTp\jlib\oraclepki.jar;D:\JDev11gTp\jlib\ojpse.jar;D:\JDev11gTp\jlib\jsr106.jar;D:\JDev11gTp\jlib\jsr105.jar;D:\JDev11gTp\jlib\osdt_xmlsec_jce.jar;D:\JDev11gTp\jlib\osdt_wss_jce.jar;D:\JDev11gTp\jlib\osdt_saml_jce.jar;D:\JDev11gTp\jlib\osdt_saml2_jce.jar;D:\JDev11gTp\jlib\osdt_core.jar;D:\JDev11gTp\jlib\osdt_cert.jar;D:\JDev11gTp\jlib\osdt_xmlsec.jar;D:\JDev11gTp\jlib\osdt_wss.jar;D:\JDev11gTp\jlib\osdt_saml.jar;D:\JDev11gTp\jlib\osdt_saml2.jar;D:\JDev11gTp\jlib\ojmisc.jar;D:\JDev11gTp\j2ee\home\lib\http_client.jar;D:\JDev11gTp\j2ee\home\jazncore.jar;D:\JDev11gTp\j2ee\home\oc4jclient.jar;D:\JDev11gTp\rdbms\jlib\xdb.jar;D:\JDev11gTp\j2ee\home\lib\javax77.jar;D:\JDev11gTp\lib\java\api\jsr173_api.jar;D:\JDev11gTp\lib\java\shared\sun.jaxb\2.0\jaxb-impl.jar;D:\JDev11gTp\lib\java\shared\sun.jaxb\2.0\jaxb-xjc.jar;D:\JDev11gTp\lib\java\shared\sun.jaxb\2.0\jaxb1-impl.jar;D:\JDev11gTp\j2ee\home\lib\oc4j-schemas.jar;D:\JDev11gTp\jlib\ojdl.jar;D:\JDev11gTp\jlib\ojdl2.jar;D:\JDev11gTp\jlib\fmw_audit.jar;D:\JDev11gTp\j2ee\home\lib\jmxri.jar;D:\JDev11gTp\j2ee\home\lib\jmx_remote_api.jar;D:\JDev11gTp\j2ee\home\lib\adminclient.jar;D:\JDev11gTp\j2ee\home\lib\jmxframework.jar;D:\JDev11gTp\j2ee\home\lib\jmxspi.jar;D:\JDev11gTp\j2ee\home\lib\xmlcfg.jar;D:\JDev11gTp\jlib\dms.jar;D:\JDev11gTp\jlib\orai18n.jar;D:\JDev11gTp\j2ee\home\lib\commons-digester.jar;D:\JDev11gTp\j2ee\home\lib\spring.jar;D:\JDev11gTp\lib\java\shared\oracle.wsm\11.1.1.0\wsm-policy-core.jar;D:\JDev11gTp\lib\java\shared\oracle.wsm\11.1.1.0\wsm-pmclient.jar;D:\JDev11gTp\lib\java\shared\oracle.wsm\11.1.1.0\wsm-pap.jar;D:\JDev11gTp\lib\java\shared\oracle.wsm\11.1.1.0\wsm-agent.jar;D:\JDev11gTp\lib\java\shared\oracle.wsm\11.1.1.0\wsm-secpol.jar;D:\JDev11gTp\lib\java\shared\oracle.javatools\11.1.1.0.0\javamodel-rt.jar;D:\JDev11gTp\lib\java\shared\oracle.javatools\11.1.1.0.0\javatools-nodeps.jar;D:\JDev11gTp\lib\java\shared\oracle.toplink\11.1.1.0.0\toplink-sdo.jar;D:\JDev11gTp\lib\java\api\jaxb-api.jar;D:\JDev11gTp\lib\xmlparserv2.jar;D:\JDev11gTp\lib\xml.jar;D:\JDev11gTp\jakarta-taglibs\commons-logging-1.0.3\commons-logging.jar -Dhttp.proxyHost=localhost -Dhttp.proxyPort=8099 -Dhttp.nonProxyHosts= -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8099 -Dhttps.nonProxyHosts= HelloPolicyPortClient
  Feb 1, 2008 5:13:43 PM oracle.j2ee.ws.common.context.ContextInterceptor init
  INFO: Context provider properties file not found
  Feb 1, 2008 5:13:44 PM oracle.wsm.audit.Auditor <init>
  INFO: Created J2SE auditor for componentType=OWSM-AGENT busstop=D:\oracle\product\10.2.0\client_1\auditlogs\OWSM-AGENT filter=false auditor=oracle.security.audit.Auditor@143a083
  Feb 1, 2008 5:13:44 PM oracle.wsm.audit.Auditor <init>
  INFO: Created J2SE auditor for componentType=OWSM-PM-LIB busstop=D:\oracle\product\10.2.0\client_1\auditlogs\OWSM-PM-LIB filter=false auditor=oracle.security.audit.Auditor@15af049
  SEVERE: WSM-04514 An MDS error occurred.
  SEVERE: WSM-09012 No key, WSM-06002, was found in the resource bundle oracle.wsm.resources.policyvalidation.PolicyValidationMessageBundle.
  javax.xml.ws.WebServiceException: oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-06002 PolicyReference Invalid policy reference
  at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:466)
  at oracle.j2ee.ws.client.jaxws.WsClientProxyInvocationHandler.invoke(WsClientProxyInvocationHandler.java:204)
  at $Proxy28.sayHello(Unknown Source)
  at HelloPolicyPortClient.main(HelloPolicyPortClient.java:35)
  Caused by: oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-06002 PolicyReference Invalid policy reference
  at oracle.integration.platform.common.InterceptorChainImpl.createPolicyEnforcementException(InterceptorChainImpl.java:217)
  at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:104)
  at oracle.j2ee.ws.client.mgmt.runtime.SuperClientInterceptorPipeline.handleRequest(SuperClientInterceptorPipeline.java:91)
  at oracle.j2ee.ws.client.jaxws.DispatchImpl.handleRequest(DispatchImpl.java:309)
  at oracle.j2ee.ws.client.jaxws.DispatchImpl.handleRequest(DispatchImpl.java:290)
  at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:444)
  ... 3 more
  Process exited with exit code 0.
  Can anyone please give any clue as to why this error is coming?
  Thanks.

  Hi
  Please refer to this thread
  Re: Can I create a login/password protection in Muse for a HTML5 page or two?

• How to call OWSM secured web-service from ADF application

  I have a OWSM secured web-service, which takes username/password.
  I want to invoke this webservice from ADF application. ADF application has its own security and it takes its own username/password. End user can't provide the username/password for web-service call. My ADF application should call the webservice and provide it appropriate username/password.
  What is the best practice to handle such scenario. I don't want to hardcode username/password in Java (ADF) code.
  Thanks
  Sanjeev.

  it is not clear to me if you are having problems with calling java code from OIM or if the problem is the web service API.
  Lets do some divide and conquer:
  Can you create a simple java class that just writes a couple of lines to the log? Please attach this code to the OIM task and make sure it runs.
  Once this works we can start looking at the web service call.
  Best regards
  /Martin

• SAML authentication Secure store service target ID Project server integration with excel service

  I installed and configured share Point 2013 Project server 2013, and Created web application Trusted Identity Provider (SAML 2.0) ,it is working as we expected means
  ..end user are able to access application(User Login through email and alies(account NAME) )
  My problem here CA is working NTLM authentication ,Web application is working SAML
  while creating service application(LIKE SSSA Excel Performance ... ( it automatically take NTLM) I CREATED TARGET ID in secure store service application ,I chooser "GROUPS" under SSSA,and
  we added members "group to account and email id.
  I configure Excel service application and i SSSA Target ID in this excel service application  also added trusted location for PWA site
  while opening excel sheet under Project server (An error occurred while accessing application id ProjectServerApplication from Secure
  Store Service. The following connections failed to refresh)
  I tried target ID choose option " Group Ticket" 
  Is it CA required for SAML authentication? .. (extend web application 
  How Service application like SSSA will work for SAML  authentication? 

  Hi SridharMandipudi, 
  as i know, usually when the error appear, you need to check the member.
  The domain group that was specified the Secure Store Service ID ProjectServerApplication did not have any members in the group. 
  and please also have a try in a testing secure store service application:
  Created new secure store service application with new target application ID. and added this ID in excel service application -----global settings----Application ID.
  went to Central admin---manage web application---selected web application ---click on Service Connection---associated newly created secure store service application.
  edited data connection string of excel file.
  went to site and tried refresh that excel file and able to refresh the file.
  Regards,
  Aries
  Microsoft Online Community Support
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.