Wednesday 8 January 2014

OSB setup to work with OWSM

What is the use of OWSM:
When we expose our SOA services to external world to send data, we should take care that only selected users can access the services means SOA services needs to be secured.
To secure our SOA services we use OWSM. OWSM contains some security policies that we can attach to our composite and make it secure.
There are two ways mentioned below to apply OWSM policy to SOA service.
  • Apply OWSM policy during design time using Jdeveloper
  • Apply OWSM policy from  em console.
We can Apply these OWSM Security policies for oracle service bus business services and proxy services..
Preparing OSB server to work with OWSM

  • Before OWSM can be used, we need to create a Metadata Service (MDS) database repository.
    The OWSM policies will be stored in the MDS and these policies can be used at design time by
    Eclipse OEPE or the Service Bus console, and at runtime by the OSB server. The second step is to extend our OSB domain with the OWSM and the Enterprise Manager options.
  • While Configure RCU Make sure that we have created MDS and SOAINFRA data sources.we can prefix with OSBDEV_MDS and OSBDEV_SOAINFRA while creating osb domain.
    Extend the osb domain with the following options.

  • OWSM Extention and Enterprisemanager
Configure OSB server for OWSM

    After installing the OWSM component to our WebLogic domain, we will be configuring the OSB server for OWSM. For this, we need to generate a custom Java keystore which contains the server certificates and configure it in Enterprise Manager (EM).
  • Navigate to the bin folder of the JDK used by the OSB in cmd
    In my case I have installed OSB in E:\OracleOSB.so jdk path used by this is
    path—E:\OracleOSB\jdk160_29\bin
  • Generate a new Java keystore with a self-signed server key:type the following command and enter.It will create a keystore.jks file in the specified path(above path)
    keytool -genkey -alias serverKey -keyalg RSA -keystore keystore.jks
Note:here serverKey and jks file name (keystore.jks) are userdefined..remaining all keywords.


  • Copy this keystore.jks from this path to osbdomain/config/fmwconfig.
    Path:E:\OracleOSB\user_projects\domains\osb_domain\config\fmwconfig


  • first run the admin server.
    Navi gate to the following path in cmd and enter startWeblogic.cmd

    E:\OracleOSB\user_projects\domains\osb_domain\bin

    Note:
    Oracle service bus console: http://localhost:7001/sbconsole

    Next, we have to import the Java keystore into Enterprise Manager. Open EnterpriseManager in a browser window (http://localhost:7001/em) and perform the
    following steps:
    1. Login to EM with weblogic/welcome1.
    2. Navigate to weblogic domain and right click on it and select security/security provider configuration.
  • In the Security Provider Configuration page, expand the Keystore option.
  • Click Configure.

  • Enter ./keystore .jks into the Keystore Path field. (jks file name we have given previously)(pwd:welcome1)
  • Enter welcome1 into the Password and Confirm Password field.
  • Enter serverKey into the Key Alias field in the Signature Key section. (serverKey name we given previously)
  • Enter welcome1 into the Signature Password and Confirm Password field.
  • Enter serverKey into the Crypt Alias field in the Encryption Key section.
  • Enter welcome1 into the Crypt Password and Confirm Password field.
  • Click Ok.
  • Restart the admin server.

We have successfully created a Java keystore and configured it for our OSB domain.


  • Now, let's create a user we will use for the authentication later. In the Service Bus console,
    perform the following steps:

    Navigate to the Security Configuration using the menu on the left side.

    1. Select the Users menu item and click Add New.

    1. Enter osb_user into the User Name field and welcome1 into the New Password and Confirm Password fields.

    1. Leave DefaultAuthenticator for the Authentication Provider and click Save.

    Adding a new user through the Service Bus console can be done outside a change session.

  • Next we need to add the osb_user user to the domain credential store. A credential store is a repository of security data.The credential is used later by the Service Bus test console in order to look up the username and password.In Enterprise Manager, perform the following.
    steps to add a credential to the credential store:

  • Right-click on weblogic domain in EM and select security—Credentials..
  •      
  • In the Credentials page, expand the oracle.wsm.security node.

Note:If it is not there at the first time we can create it using CreateMap and we can enter map name as “oracle.wsm.security
  • Click Create Key and the Create Key pop-up window will be shown. 
  • Enter osbtest_key into the Key field and type should be password.
  • Enter osb_user(we have created earlier) into the User Name field and welcome1 into the Password and Confirm Password field.
  • Click OK. 
    • We have now set up the OSB server to work with OWSM and also created and configured the osb_user user which we will use later. 




Posted by at
Labels:

No comments:

Post a Comment

test

Subscribe to: Post Comments (Atom)