To day I would like to share my knowledge, Reading and Finding about
How To Secure a OSB service using SAML Token or What are the Steps to Secure a OSB service using a SAML Token (Also the below steps can be used for SAML token Propagation) :
Now in order to find how to secure OSB there is a sites / videos that can help us:
Before reading this blog further please view / review the above reference artefacts so that you have the basic Knowledge / context.
In order to achieve our goal there are few bits missing in the above referenced artefacts.
In order to secure a OSB service, you will need two product / parts:
1. OWSM policies. -- this is clearly articulated in the referenced artefacts above.
2. Configuration of the Weblogic Server (For the identity Provider) - This is missed out in the above reference artefact.
Note: This blog is not to pinpoint any documentation defects in the reference artefacts, please consider this blog as an additional reference material.
In order to configure the security provider or authentication provider in weblogic server, please follow this documentation:
Document: Oracle® Fusion Middleware Securing Oracle WebLogic Server 11g Release 1 (10.3.6)
Section Relevant to us would be: Configuring LDAP Authentication Providers
And one last thing that would vary for us from the reference artefacts is that the following OWSM policies need to be used instead of the policies stated in the above referenced artefacts:
How To Secure a OSB service using SAML Token or What are the Steps to Secure a OSB service using a SAML Token (Also the below steps can be used for SAML token Propagation) :
Now in order to find how to secure OSB there is a sites / videos that can help us:
- Watch this video for easy understand of how to secure OSB service. This an oracle produced Video. The link provided here is only part 1 out of 3 Parts. As always, youtube provides the links to the relevant videos once you watch the first part.
- The same can be found in this slide pack.
Before reading this blog further please view / review the above reference artefacts so that you have the basic Knowledge / context.
In order to achieve our goal there are few bits missing in the above referenced artefacts.
In order to secure a OSB service, you will need two product / parts:
1. OWSM policies. -- this is clearly articulated in the referenced artefacts above.
2. Configuration of the Weblogic Server (For the identity Provider) - This is missed out in the above reference artefact.
Note: This blog is not to pinpoint any documentation defects in the reference artefacts, please consider this blog as an additional reference material.
In order to configure the security provider or authentication provider in weblogic server, please follow this documentation:
Document: Oracle® Fusion Middleware Securing Oracle WebLogic Server 11g Release 1 (10.3.6)
Section Relevant to us would be: Configuring LDAP Authentication Providers
And one last thing that would vary for us from the reference artefacts is that the following OWSM policies need to be used instead of the policies stated in the above referenced artefacts:
oracle/wss10_saml_token_service_policy
– Proxy Service
oracle/wss10_saml_token_client_policy
– Business Service.
Hope all the above references were of help. Please feel free to leave you comments.
Hi
ReplyDeleteI've got a similar requirement to create a Pass-through proxy for SAML token policy.
Consumer sends the SAML token, and the OSB Business Service invokes UCM which accepts SAML token.
I've understood that I've to configure appropriate policies for Proxy and Business Service, but not able to figure out how to test. The consumer application is not ready yet, and actually developed by a diff team alltogether. UCM is already ready which the Business Service invokes.
In this case, If I want to test, what configurations do I need to do in Weblogic, and can I test the application using SOAP UI?
Appreciate your response
Hi Ravi Kiran,
ReplyDeleteYou can test the web service (OSB) by just invoking the service from SOAPUi.
The steps to configure SOAPui for SAML are available in the SOAPUI forum:
http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html#3-outgoing-ws-security-configurations
Follow steps with the link provided above.
Hope this helps.
Regards,
Arun.
I enable this policy on Proxy Osb. I have separated osb and soa suite (bpel) servers, but with a fixed header that i get on internet and put on soapui the ws works. I want to force authentication, only accept requisition of trusted server. I follow many blogs and posts and not works ... What i am doing wrong ?
ReplyDeleteHi Victor, Not too clear on what you are asking. Are you asking about two way trusted invocation with SSL.
ReplyDeleteCheck out the below A-Team blog:
https://blogs.oracle.com/ateamsoab2b/entry/2_ways_ssl_between_soa
Regards,
Arun.