configure soa on oracle ebusiness
TRANSCRIPT
-
7/24/2019 Configure Soa On Oracle Ebusiness
1/22
PowerView is Off (0)Tuli (Available) Contact Us Help
Setting Up SAML Token Security for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3
See Change Record
Overview
Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3 supports Username Token and SAML Token security options
for authenticating inbound requests. This document describes the setup steps required to configure SAML Token security onOracle E-Business Suite 12.1.3 installation.
The following topics are included in this document:
Section 1: SAML Setup Steps for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3Section 1.1: Steps to be Followed at Run Time by Client While Sending Web Service Request with SAML TokenSection 1.2: How to Work With Java 7 Keytool
Section 2: Steps to Test an Oracle E-Business Suite Integrated SOA Gateway Web Service Using soapUI with SAMLToken
Section 2.1: Deploying a Web Service from Oracle E-Business Suite Integrated SOA Gateway
Section 2.2: Creating a Project i n soapUI 3.5 Using WSDLSection 2.3: Configuring and Testing an Outgoing Web Service
Section 3: Steps to Test a Web Service Deployed wi th SAML Token Policy Using JAX-WS Client
Note:For more information about Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3, see the followingKnowledge Documents on My Oracle Support (formerly OracleMetaLink):
1494997.1: Oracle E-Business Suite Release 12.1.3: Integration Products and Technologies Primer1096553.1: Oracle E-Business Suite Integrated SOA Gateway Release Notes for Release 12.1.3556540.1: Installing Oracle E-Business Suite Integrated SOA Gateway, Release 12726414.1: Oracle E-Business Suite Integrated SOA Gateway Troubleshooting Guide, Release 12
Section 1: SAML Setup Steps for Oracle E-Business Suite Integrated SOAGateway Release 12.1.3
Perform the following steps to set up SAML Token security for Oracle E-Business Suite Integrated SOA Gateway release12.1.3:
Ensure patch 7366746(WLP: Enabling "Use SAML Authorization: Verify Signature" Doesn't Require SAML Token) is
applied.
1.
Perform the following setup tasks both on the client side and server side to ensure SAML Token security worksproperly:
2.
Client Side: Web service client which intends to send SAML token with the Web service request.Server Side: Oracle E-Business Suite middle tier which has the Web Service Provider (Server).
Client Side Setup:
Perform the following steps to set up trusted node on the client side using Public KeyInfrastructure (PKI):
Create or obtain a Keypair for the client.1.
The client needs to either create or obtain from a CA, a V3 Certificate which has aSubject Key Identifier (SKI). See the Section 1.2: How to Work With Java 7 Keytoolto create a sample Keypair.
Send the public key to Oracle E-Business Suite server administrator.2.
The client administrator needs to export the client's public key from the client keystore and sends the key to the Oracle E-Business Suite administrator. The trustedclient node public key must reside and be imported into the Oracle E-Business Suitemiddle tier keystore. See the Section 1.2: How to Work With Java 7 Keytooltoexport a client public key from a keystore.
Was this document helpful
Document Details
Type:
Status:
Last Major
Update:
Last Update:
REFERENC
PUBLISHED
Oct 4, 2014
Jul 23, 2015
Related Products
Oracle E-Business Suite
Integrated SOA Gateway
Information Centers
E-Business Suite ProductInformation Center Index
[444.2]
Document References
No References available for
this document.
Recently Viewed
Setting Up SAML Token Security for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3 (Doc ID1144313.1)
To Bottom
YesNo
Setting Up SAML Token
Security for Oracle
E-Business Suite Integrated
SOA Gateway Release
12.1.3 [1144313.1]Configuring Oracle
E-Business Suite Integrated
SOA Gateway Release
12.1.2 and Release 12.1.3 in
a Multinode Environment
[1081100.1]
Lease Management R12.1.3
Rup3 - Delta 30 patch (July /
2015) [2035996.1]
WS: 15: Automatically
Spread Unapplied Cash
Receipts and Credits to Real
Estate (Property)
Management Invoices
[626850.1]
Is JDeveloper 10g CertifiedAgainst Windows 7 ?
[1099913.1]Show More
Dashboard Service Requests Patches & UpdatesKnowledge
Give Feedback...
ment 1144313.1 https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLo
2 8/18/2015 1
-
7/24/2019 Configure Soa On Oracle Ebusiness
2/22
The client administrator should communicate to the server administrator, an identifier,indicating the name of the provider generating the SAML assertion. This identifier is used inthe SAML assertion and sent to server with Web service request. The server administratorneeds to configure this identifier on server. This identi fier can be the domain name of thetrusted node. See Step 2 in the Server Side Setupsection.
3.
Import the public key of server side keystore to client side keystore.4.
Server Side Setup:
Oracle E-Business Suite system administrator needs to perform the following steps on the server
side:
Create a keystore and key-pair or obtain from a CA.1.
The server needs to have a keystore where the public keys for all the trusted nodesare maintained and also its own key-pair is stored. See the Section 1.2: How toWork With Java 7 Keytoolto create a sample Keypair. The path to this keystoreneeds to be mentioned in $INST_TOP/ora/10.1.3/j2ee/oafm/config/wsmgmt.xml. Use the following xml to mention the keystore details, inbound andoutbound signature and encryption configuration. Find the intended port (service)which is deployed with SAML Token. Replace everything in between
...
with following xml:
RSA-SHA1
-
7/24/2019 Configure Soa On Oracle Ebusiness
3/22
-
7/24/2019 Configure Soa On Oracle Ebusiness
4/22
jdk1.7 has an option to create V3 certificates with SKI.
Command to create a keypair:
/bin/keytool -genkeypair -alias client_alias -keyalg "RSA" -sigalg"SHA1withRSA" -dname "cn=xxx, ou=ATG, o=Oracle, c=US" -keypass -keystore client.jks -storepass -validity5000
Command to export client 's public key:
/bin/keytool -export -alias client_alias -file public_key.cer -keystoreclient.jks
Command to import a public key in a keystore on server side:
/bin/keytool -import -alias some_alias -file public_key.cer -trustcacerts-keystore server.jks
For more information on Java keytool utility, see: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html.
Section 2: Steps to Test an Oracle E-Business Suite Integrated SOA Gateway
Web Service Using soapUI with SAML Token
Note: SoapUI is an open source SOA-based Web service testing tool. Oracle E-Business Suite Integrated SOA Gatewayrelease 12.1.3 uses soapUI 3.5 to test services with SAML Token security. After obtaining and install ing soapUI 3.5, you
need to perform some setup tasks before using it. For these setup tasks, see Section 2.3: Configuring and Testing anOutgoing Web Servicefor details.
This section includes the following topics:
Section 2.1: Deploying a Web Service from Oracle E-Business Suite Integrated SOA GatewaySection 2.2: Creating a Project in soapUI 3.5 Using WSDLSection 2.3: Configuring and Testing an Outgoing Web Service
Section 2.1: Deploying a Web Service from Oracle E-Business Suite Integrated SOA Gateway
Perform the following steps to deploy a Web service enabled through Oracle E-Business Suite Integrated SOA Gateway:
Log on to Oracle Integration Repository with the integration repository administrator role through the IntegratedSOA Gatewayresponsibility. Select the Integration Repository link.
1.
In the Integration Repository tab, select 'Interface Type' from the View By drop-down list.2.Expand an interface type node to locate your desired service that you want to deploy. For example, locate the
'FND_USER_PKG' service.
3.
Click the interface definition name link to open the Interface Details page.4.From the Web Service - SOA Provider region, select the SAML Token (Sender Vouches) check box and click the Deploybutton to deploy the service from the Integrat ion Repository user interface. Once the generated service is successfullydeployed, the 'Deployed' Web Service Status appears along with the Redeployand Undeploybuttons allowing youto redeploy or undeploy the service.
5.
ment 1144313.1 https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLo
2 8/18/2015 1
-
7/24/2019 Configure Soa On Oracle Ebusiness
5/22
-
7/24/2019 Configure Soa On Oracle Ebusiness
6/22
-
7/24/2019 Configure Soa On Oracle Ebusiness
7/22
In the project, configure outgoing WS-Configuration by creating a new configuration, for example,ISG_FND_USER_PKG_CONF.
1.
Add SAML Entry to outgoing WS-Configuration ISG_FND_USER_PKG_CONF2.
Enter Sample Assertion:
-
7/24/2019 Configure Soa On Oracle Ebusiness
8/22
-
7/24/2019 Configure Soa On Oracle Ebusiness
9/22
Use the following steps to add Signature Entry to Outgoing WS-Configuration ISG_FND_USER_PKG_CONF:Choose the correct client keystore from the drop-down menu.1.
Select the correct alias of the client keypair from the drop-down menu.2.Enter password for client keystore.3.Select Key Identifier Type as 'Subject Key Identifier'.4.Select Signature Algorithmand Signature Canonicalizationas shown in the image.5.Make sure that Use Single Certificatecheckbox is unchecked.6.Add the following parts:7.
4.
Name Namespace Encode
Body http://schemas.xmlsoap.org/soap/envelope/ Element
Timestamp http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Element
ment 1144313.1 https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLo
2 8/18/2015 1
-
7/24/2019 Configure Soa On Oracle Ebusiness
10/22
-
7/24/2019 Configure Soa On Oracle Ebusiness
11/22
Adding Incoming WS-Security Configurations6.
Click on plus (+) sign.Enter a name and click OK.Select Decrypt Keystore and Signature Keystore and provide the keystore password.
ment 1144313.1 https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLo
22 8/18/2015 1
-
7/24/2019 Configure Soa On Oracle Ebusiness
12/22
Save the project.7.
For an operation (Testusername) enter all necessary fields in the request. Click the Authentication and security-related settingstab at the bottom of the request panel in soapUI. In the Outgoing WSS field, selectISG_FND_USER_PKG_CONFfor the Outgoing WS-Security Configuration from the drop-down selection and SelectISG_FND_USER_PKG_IN_CONFfor the Incoming WSS drop down.
8.
ment 1144313.1 https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLo
22 8/18/2015 1
-
7/24/2019 Configure Soa On Oracle Ebusiness
13/22
-
7/24/2019 Configure Soa On Oracle Ebusiness
14/22
-
7/24/2019 Configure Soa On Oracle Ebusiness
15/22
In the Create Generic Project page, enter the project name such as 'JAX-WSSAML Tester'. Click Finish.4.
Locate the generic project name (such as 'JAX-WSSAML Tester') you just created from the project li st in theApplication Navigator tab. Right click on the project name and click New.
5.
Create a Web service proxy by selecting Web Services under the Business Tier node from the Categories region, andthe Web Service Proxyicon from the Items region. Click OK.
6.
ment 1144313.1 https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLo
22 8/18/2015 1
-
7/24/2019 Configure Soa On Oracle Ebusiness
16/22
-
7/24/2019 Configure Soa On Oracle Ebusiness
17/22
Click Nextin the Create Web Service Proxy - Specify Default Mapping Options page.10.
Click Nextin the Create Web Service Proxy - Port Endpoints page to leave the current Endpoint URL unchanged.11.
In the Create Web Service Proxy - Asynchronous Methods page, ensure the Generate asynchronous methods
where specified by the JAX-WS bindingradio button is selected. Click Next.
12.
ment 1144313.1 https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLo
22 8/18/2015 1
-
7/24/2019 Configure Soa On Oracle Ebusiness
18/22
In the Create Web Service Proxy - Policy page, sel ect theoracle/wss10_saml_token_with_message_protection_client_policycheck box from the Policies list. Cl ickNext.
13.
Note:If Username Token security policy is used, then select theoracle/wss_username_token_client_policycheck box from the list instead.
Click Nextin the Create Web Service Proxy - Defined Handlers page.14.
ment 1144313.1 https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLo
22 8/18/2015 1
-
7/24/2019 Configure Soa On Oracle Ebusiness
19/22
Click Finishin the Create Web Service Proxy - Finish page. This generates all the service endpoints for your deployedservice including all methods within the service.
15.
Please note that the FND_USER_PKG_PortClient.java file is opened by fault in Oracle JDeveloper.
ment 1144313.1 https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLo
22 8/18/2015 1
-
7/24/2019 Configure Soa On Oracle Ebusiness
20/22
-
7/24/2019 Configure Soa On Oracle Ebusiness
21/22
com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.testusername.InputParametersof1.createInputParameters();body.setXUSERNAME(user);com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.testusername.OutputParametersof1.createOutputParameters();out = fND_USER_PKG_PortType.testusername(header, body);JAXBElement output = out.getTESTUSERNAME();Integer retVal = output.getValue();System.out.println("Output is : "+retVal);
Additionally, ensure that you modify the following code snippet with actual values for Username (such as sysadmin
Password.credProviders.add(new ClientUNTCredentialProvider("sysadmin".getBytes(),"sysadmin".getrc.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);rc.put(BindingProvider.USERNAME_PROPERTY, "sysadmin");rc.put(BindingProvider.PASSWORD_PROPERTY, "password");
After adding the above code in the main method of the FND_USER_PKG_PortClient.java file, you will be able toinvoke TESTUSERNAME operation wi thin the FND_USER_PKG service by running theFND_USER_PKG_PortClient.java file. Please note that you need to change keystore location and key/aliases
according to your keystore location and aliases.
19.
Notice the response in the message log.
CHANGE RECORD
Date Description
October 3,2014
Updated section 2.3, step 4 and step 5.
April 9, 2013 Updated the first Note in section 2 and added deployment information in step 1, section 3.
February 5,2013
Updated step 9 in section 2.3.
December 19,2012
Updated SAML setup modification steps with Patch 14749963for policy file.
October 15,
2012
Added My Oracle Support Knowledge Document 1494997.1 reference in the second Note.
June 8, 2012 Added a Note and updated steps 7 and 8 in section 2.3.
June 5, 2012 Added step 4 in Server Side Setup, section 1: SAML Setup Steps for Oracle E-Business Suite IntegratedSOA Gateway Release 12.1.3.
May 30, 2012 Added section 3: Steps to Test a Web Service Deployed with SAML Token Policy Using JAX-WS Client.
July 9, 2010 Publ ished document.
Oracle
Copyright NoticeCopyright 2010, 2014 Oracle. All rights reserved.
Trademark Notice
ment 1144313.1 https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLo
22 8/18/2015 1
-
7/24/2019 Configure Soa On Oracle Ebusiness
22/22
Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporationand/or its affiliates. Other names may be trademarks of their respective owners.
Didn't find what you are looking for? Ask in Community...
Attachments
encryption (99.41 KB)
Policy (94.1 KB)
signature (97.46 KB)
Timestamp (74.16 KB)
addsamlentity.gif (227.37 KB)
applyowss.gif (209.38 KB)
applyowss1 (208.11 KB)
applywss1 (72.27 KB)
client1 (46.23 KB)
configurekeystore.gif(130.1 KB)
configureowss.gif(144.85 KB)
decrypt (65.17 KB)
deploy.gif(254.13 KB)
encrentity.gif(192.26 KB)
finish (170.75 KB)
javafile (228.91 KB)log1 (160.05 KB)
method (90.81 KB)
point1 (76.44 KB)
project (40.93 KB)
projectname (55.3 KB)
request (91 KB)
response (138.23 KB)
signentity.gif(182.39 KB)
soapproject.gif (52.14 KB)
Related
Products
Oracle E-Business Suite>Applications Technology> Integration> Oracle E-Business Suite Integrated SOA Gateway> Documentation> Documentation
Back to Top
Copyright (c) 2015, Oracle. All rights reserved.
Legal Notices and Terms of Use
Privacy Statement
ment 1144313.1 https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLo