configure soa on oracle ebusiness

7/24/2019 Configure Soa On Oracle Ebusiness

1/22

PowerView is Off (0)Tuli (Available) Contact Us Help

Setting Up SAML Token Security for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3

See Change Record

Overview

Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3 supports Username Token and SAML Token security options

for authenticating inbound requests. This document describes the setup steps required to configure SAML Token security onOracle E-Business Suite 12.1.3 installation.

The following topics are included in this document:

Section 1: SAML Setup Steps for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3Section 1.1: Steps to be Followed at Run Time by Client While Sending Web Service Request with SAML TokenSection 1.2: How to Work With Java 7 Keytool

Section 2: Steps to Test an Oracle E-Business Suite Integrated SOA Gateway Web Service Using soapUI with SAMLToken

Section 2.1: Deploying a Web Service from Oracle E-Business Suite Integrated SOA Gateway

Section 2.2: Creating a Project i n soapUI 3.5 Using WSDLSection 2.3: Configuring and Testing an Outgoing Web Service

Section 3: Steps to Test a Web Service Deployed wi th SAML Token Policy Using JAX-WS Client

Note:For more information about Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3, see the followingKnowledge Documents on My Oracle Support (formerly OracleMetaLink):

1494997.1: Oracle E-Business Suite Release 12.1.3: Integration Products and Technologies Primer1096553.1: Oracle E-Business Suite Integrated SOA Gateway Release Notes for Release 12.1.3556540.1: Installing Oracle E-Business Suite Integrated SOA Gateway, Release 12726414.1: Oracle E-Business Suite Integrated SOA Gateway Troubleshooting Guide, Release 12

Section 1: SAML Setup Steps for Oracle E-Business Suite Integrated SOAGateway Release 12.1.3

Perform the following steps to set up SAML Token security for Oracle E-Business Suite Integrated SOA Gateway release12.1.3:

Ensure patch 7366746(WLP: Enabling "Use SAML Authorization: Verify Signature" Doesn't Require SAML Token) is

applied.

1.

Perform the following setup tasks both on the client side and server side to ensure SAML Token security worksproperly:

2.

Client Side: Web service client which intends to send SAML token with the Web service request.Server Side: Oracle E-Business Suite middle tier which has the Web Service Provider (Server).

Client Side Setup:

Perform the following steps to set up trusted node on the client side using Public KeyInfrastructure (PKI):

Create or obtain a Keypair for the client.1.

The client needs to either create or obtain from a CA, a V3 Certificate which has aSubject Key Identifier (SKI). See the Section 1.2: How to Work With Java 7 Keytoolto create a sample Keypair.

Send the public key to Oracle E-Business Suite server administrator.2.

The client administrator needs to export the client's public key from the client keystore and sends the key to the Oracle E-Business Suite administrator. The trustedclient node public key must reside and be imported into the Oracle E-Business Suitemiddle tier keystore. See the Section 1.2: How to Work With Java 7 Keytooltoexport a client public key from a keystore.

Was this document helpful

Document Details

Type:

Status:

Last Major

Update:

Last Update:

REFERENC

PUBLISHED

Oct 4, 2014

Jul 23, 2015

Related Products

Oracle E-Business Suite

Integrated SOA Gateway

Information Centers

E-Business Suite ProductInformation Center Index

[444.2]

Document References

No References available for

this document.

Recently Viewed

Setting Up SAML Token Security for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3 (Doc ID1144313.1)

To Bottom

YesNo

Setting Up SAML Token

Security for Oracle

E-Business Suite Integrated

SOA Gateway Release

12.1.3 [1144313.1]Configuring Oracle

E-Business Suite Integrated

SOA Gateway Release

12.1.2 and Release 12.1.3 in

a Multinode Environment

[1081100.1]

Lease Management R12.1.3

Rup3 - Delta 30 patch (July /

2015) [2035996.1]

WS: 15: Automatically

Spread Unapplied Cash

Receipts and Credits to Real

Estate (Property)

Management Invoices

[626850.1]

Is JDeveloper 10g CertifiedAgainst Windows 7 ?

[1099913.1]Show More

Dashboard Service Requests Patches & UpdatesKnowledge

Give Feedback...

ment 1144313.1 https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLo

2 8/18/2015 1


2/22

The client administrator should communicate to the server administrator, an identifier,indicating the name of the provider generating the SAML assertion. This identifier is used inthe SAML assertion and sent to server with Web service request. The server administratorneeds to configure this identifier on server. This identi fier can be the domain name of thetrusted node. See Step 2 in the Server Side Setupsection.

3.

Import the public key of server side keystore to client side keystore.4.

Server Side Setup:

Oracle E-Business Suite system administrator needs to perform the following steps on the server

side:

Create a keystore and key-pair or obtain from a CA.1.

The server needs to have a keystore where the public keys for all the trusted nodesare maintained and also its own key-pair is stored. See the Section 1.2: How toWork With Java 7 Keytoolto create a sample Keypair. The path to this keystoreneeds to be mentioned in $INST_TOP/ora/10.1.3/j2ee/oafm/config/wsmgmt.xml. Use the following xml to mention the keystore details, inbound andoutbound signature and encryption configuration. Find the intended port (service)which is deployed with SAML Token. Replace everything in between

...

with following xml:

RSA-SHA1


3/22


4/22

jdk1.7 has an option to create V3 certificates with SKI.

Command to create a keypair:

/bin/keytool -genkeypair -alias client_alias -keyalg "RSA" -sigalg"SHA1withRSA" -dname "cn=xxx, ou=ATG, o=Oracle, c=US" -keypass -keystore client.jks -storepass -validity5000

Command to export client 's public key:

/bin/keytool -export -alias client_alias -file public_key.cer -keystoreclient.jks

Command to import a public key in a keystore on server side:

/bin/keytool -import -alias some_alias -file public_key.cer -trustcacerts-keystore server.jks

For more information on Java keytool utility, see: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html.

Section 2: Steps to Test an Oracle E-Business Suite Integrated SOA Gateway

Web Service Using soapUI with SAML Token

Note: SoapUI is an open source SOA-based Web service testing tool. Oracle E-Business Suite Integrated SOA Gatewayrelease 12.1.3 uses soapUI 3.5 to test services with SAML Token security. After obtaining and install ing soapUI 3.5, you

need to perform some setup tasks before using it. For these setup tasks, see Section 2.3: Configuring and Testing anOutgoing Web Servicefor details.

This section includes the following topics:

Section 2.1: Deploying a Web Service from Oracle E-Business Suite Integrated SOA GatewaySection 2.2: Creating a Project in soapUI 3.5 Using WSDLSection 2.3: Configuring and Testing an Outgoing Web Service

Section 2.1: Deploying a Web Service from Oracle E-Business Suite Integrated SOA Gateway

Perform the following steps to deploy a Web service enabled through Oracle E-Business Suite Integrated SOA Gateway:

Log on to Oracle Integration Repository with the integration repository administrator role through the IntegratedSOA Gatewayresponsibility. Select the Integration Repository link.

1.

In the Integration Repository tab, select 'Interface Type' from the View By drop-down list.2.Expand an interface type node to locate your desired service that you want to deploy. For example, locate the

'FND_USER_PKG' service.

3.

Click the interface definition name link to open the Interface Details page.4.From the Web Service - SOA Provider region, select the SAML Token (Sender Vouches) check box and click the Deploybutton to deploy the service from the Integrat ion Repository user interface. Once the generated service is successfullydeployed, the 'Deployed' Web Service Status appears along with the Redeployand Undeploybuttons allowing youto redeploy or undeploy the service.

5.


2 8/18/2015 1


5/22


6/22


7/22

In the project, configure outgoing WS-Configuration by creating a new configuration, for example,ISG_FND_USER_PKG_CONF.

1.

Add SAML Entry to outgoing WS-Configuration ISG_FND_USER_PKG_CONF2.

Enter Sample Assertion:


8/22


9/22

Use the following steps to add Signature Entry to Outgoing WS-Configuration ISG_FND_USER_PKG_CONF:Choose the correct client keystore from the drop-down menu.1.

Select the correct alias of the client keypair from the drop-down menu.2.Enter password for client keystore.3.Select Key Identifier Type as 'Subject Key Identifier'.4.Select Signature Algorithmand Signature Canonicalizationas shown in the image.5.Make sure that Use Single Certificatecheckbox is unchecked.6.Add the following parts:7.

4.

Name Namespace Encode

Body http://schemas.xmlsoap.org/soap/envelope/ Element

Timestamp http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd

Element


2 8/18/2015 1


10/22


11/22

Adding Incoming WS-Security Configurations6.

Click on plus (+) sign.Enter a name and click OK.Select Decrypt Keystore and Signature Keystore and provide the keystore password.


22 8/18/2015 1


12/22

Save the project.7.

For an operation (Testusername) enter all necessary fields in the request. Click the Authentication and security-related settingstab at the bottom of the request panel in soapUI. In the Outgoing WSS field, selectISG_FND_USER_PKG_CONFfor the Outgoing WS-Security Configuration from the drop-down selection and SelectISG_FND_USER_PKG_IN_CONFfor the Incoming WSS drop down.

8.


22 8/18/2015 1


13/22


14/22


15/22

In the Create Generic Project page, enter the project name such as 'JAX-WSSAML Tester'. Click Finish.4.

Locate the generic project name (such as 'JAX-WSSAML Tester') you just created from the project li st in theApplication Navigator tab. Right click on the project name and click New.

5.

Create a Web service proxy by selecting Web Services under the Business Tier node from the Categories region, andthe Web Service Proxyicon from the Items region. Click OK.

6.


22 8/18/2015 1


16/22


17/22

Click Nextin the Create Web Service Proxy - Specify Default Mapping Options page.10.

Click Nextin the Create Web Service Proxy - Port Endpoints page to leave the current Endpoint URL unchanged.11.

In the Create Web Service Proxy - Asynchronous Methods page, ensure the Generate asynchronous methods

where specified by the JAX-WS bindingradio button is selected. Click Next.

12.


22 8/18/2015 1


18/22

In the Create Web Service Proxy - Policy page, sel ect theoracle/wss10_saml_token_with_message_protection_client_policycheck box from the Policies list. Cl ickNext.

13.

Note:If Username Token security policy is used, then select theoracle/wss_username_token_client_policycheck box from the list instead.

Click Nextin the Create Web Service Proxy - Defined Handlers page.14.


22 8/18/2015 1


19/22

Click Finishin the Create Web Service Proxy - Finish page. This generates all the service endpoints for your deployedservice including all methods within the service.

15.

Please note that the FND_USER_PKG_PortClient.java file is opened by fault in Oracle JDeveloper.


22 8/18/2015 1


20/22


21/22

com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.testusername.InputParametersof1.createInputParameters();body.setXUSERNAME(user);com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.testusername.OutputParametersof1.createOutputParameters();out = fND_USER_PKG_PortType.testusername(header, body);JAXBElement output = out.getTESTUSERNAME();Integer retVal = output.getValue();System.out.println("Output is : "+retVal);

Additionally, ensure that you modify the following code snippet with actual values for Username (such as sysadmin

Password.credProviders.add(new ClientUNTCredentialProvider("sysadmin".getBytes(),"sysadmin".getrc.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);rc.put(BindingProvider.USERNAME_PROPERTY, "sysadmin");rc.put(BindingProvider.PASSWORD_PROPERTY, "password");

After adding the above code in the main method of the FND_USER_PKG_PortClient.java file, you will be able toinvoke TESTUSERNAME operation wi thin the FND_USER_PKG service by running theFND_USER_PKG_PortClient.java file. Please note that you need to change keystore location and key/aliases

according to your keystore location and aliases.

19.

Notice the response in the message log.

CHANGE RECORD

Date Description

October 3,2014

Updated section 2.3, step 4 and step 5.

April 9, 2013 Updated the first Note in section 2 and added deployment information in step 1, section 3.

February 5,2013

Updated step 9 in section 2.3.

December 19,2012

Updated SAML setup modification steps with Patch 14749963for policy file.

October 15,

2012

Added My Oracle Support Knowledge Document 1494997.1 reference in the second Note.

June 8, 2012 Added a Note and updated steps 7 and 8 in section 2.3.

June 5, 2012 Added step 4 in Server Side Setup, section 1: SAML Setup Steps for Oracle E-Business Suite IntegratedSOA Gateway Release 12.1.3.

May 30, 2012 Added section 3: Steps to Test a Web Service Deployed with SAML Token Policy Using JAX-WS Client.

July 9, 2010 Publ ished document.

Oracle

Copyright NoticeCopyright 2010, 2014 Oracle. All rights reserved.

Trademark Notice


22 8/18/2015 1


22/22

Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporationand/or its affiliates. Other names may be trademarks of their respective owners.

Didn't find what you are looking for? Ask in Community...

Attachments

encryption (99.41 KB)

Policy (94.1 KB)

signature (97.46 KB)

Timestamp (74.16 KB)

addsamlentity.gif (227.37 KB)

applyowss.gif (209.38 KB)

applyowss1 (208.11 KB)

applywss1 (72.27 KB)

client1 (46.23 KB)

configurekeystore.gif(130.1 KB)

configureowss.gif(144.85 KB)

decrypt (65.17 KB)

deploy.gif(254.13 KB)

encrentity.gif(192.26 KB)

finish (170.75 KB)

javafile (228.91 KB)log1 (160.05 KB)

method (90.81 KB)

point1 (76.44 KB)

project (40.93 KB)

projectname (55.3 KB)

request (91 KB)

response (138.23 KB)

signentity.gif(182.39 KB)

soapproject.gif (52.14 KB)

Related

Products

Oracle E-Business Suite>Applications Technology> Integration> Oracle E-Business Suite Integrated SOA Gateway> Documentation> Documentation

Back to Top

Copyright (c) 2015, Oracle. All rights reserved.

Legal Notices and Terms of Use

Privacy Statement
