OSB 11gR1 PS 7 (11.1.1.7) makes use of OWSM and one of the out of the box policies should enforce the use of UsernameToken, specifically the policy oracle/wss_username_token_service_policy. However there are a few additional steps that may need to be completed before this can be successfully tested. This article attempts to capture all of the steps.
Pre-requisites for OWSM
Firstly in order to use OWSM and its associated policies this must be enabled for the OSB domain. This is not the case by default and requires some additional configuration. Note also that the use of OWSM requires the use of a database.
1. Use the 11.1.1.7 Repository Creation Utility (RCU) to create a Database schema that the OSB domain will use. For OWSM the "Oracle AS Repository Components/AS Common Schemas/Metadata Services" schema is required however the Reporting Provider requires "Oracle AS Repository Components/SOA and BPM Infrastructure/SOA Infrastructure" schema and "Oracle AS Repository Components/SOA and BPM Infrastructure/User Messaging Service" schema
- "Oracle AS Repository Components/AS Common Schemas/Metadata Services"
2. The domain must be created or extended with the following product options:
- Oracle Service Bus OWSM Extension
- Oracle Enterprise Manager
- Either Oracle Service Bus for developers, or
- Oracle Service Bus
- WebLogic Adavanced Web Services for JAX-RPC Extension (required by OSB)
- Oracle WSM Policy Manager (recommended by OSB OWSM)
- Oracle JRF (required by OSB)
3. During the domain creation the OWSM MDS Schema must be configured to use the Database schema that was created with the RCU.
Applying the OWSM Policy
Assuming that the per-requisites for using OWSM have been met then it should be possible to select OWSM policies from the "Security" tab of the Proxy service that should use the policy.
Clicking the "Browse" button will bring up a new window which will list all the policies that have been registered with OWSM. Select the one named "oracle/wss_username_token_service_policy".
Ensure that the Proxy Service has been saved.
Testing the Secured Proxy
Before the OSB test console can be used for the selected "oracle/wss_username_token_service_policy" policy a test credential (in this case a user name and password) must be configured in the Credential Store Framework (CSF). The OSB test console uses CSF to locate the username and password it should supply to the service.Creating the Credential in CSF
To create the test user credential in the Credential Store Framework (CSF).
1. Open the Enterprise Manager Fusion Middleware Control (http://localhost:7001/em)
2. Navigate to the CSF page by performing the following:
a) Expand the WebLogic Domain.
b) Right Click on the domain and then select "Security/Credentials" from the resulting context menu.
3. Create the required credential.
a) Click the "Create Map" button and create a new map with the name "oracle.wsm.security". It has to be this name precisely and no other! If it already exists then this can be skipped.
b) Click the "Create Key" button and create a new key with the same name as your WebLogic administration user, typically "weblogic". Enter the following details and then click the "Ok" button:
Map = oracle.wsm.security
Type = Password
User Name = weblogic
Password = ****** (whatever your WebLogic user's password is)
Using the CSF Credential in the Test Console
Now that a user credential has been created in the CSF we can refer to that from the OSB test console when making a call to the secured proxy.
1. Launch the OSB test console. Right-click on the proxy within OEPE and select "Run on Server". This should launch the test console within the IDE.
2. Enter whatever data you require as the payload of the request.
3. Under the "Security" section of the page specify the csf-key property of "weblogic" (or whatever you setup as the key in the CSF).
You should see the Proxy Service testing result page and in the request there should be a UsernameToken that looks something like the following:
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
