You are on page 1of 34

<Insert Picture Here>

OWSM Setup

Oracle Web Services Manager (OWSM)


Manages security aspects of Web Services If you plan to use web services exposed by a product, you need to setup OWSM
FCM, ERPI, Profitablity, Essbase Provider Services, HFM, DRM Uses of web services: FCM uses HFM, ERPI web services ERPI uses to interact with 3rd party web services Profitability exposes web services for batch clients HFM exposes web services for FCM When you configure SOA for FCM, these setup steps are taken care of and does not need to be repeated

EPM Products use the following OWSM Policy:


Oracle/wss11_saml_or_username_token_with_message_protection_service_policy

Web Services Security in EPM


WebLogic
Important they are same

EPM User Store

User Store
2. Authenticate

1. Web Service Request

WebService
4. Invoke with CSS Token

3. Validate With CSS & Generate Token

CSS

Users Roles & Privileges Enforced

Product

WebLogic

Validate

High Level Tasks


Set up database schema using RCU Set up OWSM Policy Manager Set up Keystore for Message Protection Configure WebLogic to corporate directory

Setup Database Schema with RCU


RCU posted on eDelivery

Setup Database Schema with RCU


Launch rcuHome/bin/rcu.bat; select Create

Setup Database Schema with RCU


Enter database connection details

Setup Database Schema with RCU


Enter a prefix; Select metadata Services

Setup Database Schema with RCU


Provide passwords to be used for the schemas created

Setup Database Schema with RCU


Use default tablespaces (or manage them)

Setup Database Schema with RCU


Click Create to create the schema and the tables

Setup Database Schema with RCU


Once done, you will get a Success message

Setup OWSM Policy Manager


Launching the WebLogic Configuration Wizard This needs to be done on the server where the WebLogic domain for EPM was created
This is typically the first Foundation Services server

Make sure the WebLogic Admin Server is not running Launch the WebLogic Config Wizard

Setup OWSM Policy Manager


Select Extend an existing WebLogic domain

Setup OWSM Policy Manager


Select EPM domain

Setup OWSM Policy Manager


Select Oracle WSM Policy Manager

Setup OWSM Policy Manager


Next through the EPM data sources

Setup OWSM Policy Manager


Enter database credentials created using RCU

Setup OWSM Policy Manager


Test data source and ensure it connects correctly; Next through the panels to setup OWSM-PM

Setup OWSM Policy Manager


Start Admin Server and login to WebLogic Admin Console to enable OWSM-PM

Setup OWSM Policy Manager


Start Admin Server and login to WebLogic Admin Console to enable OWSM-PM

Setting up Keystore for Message Protection


Create a keystore the key alias will be used later on

Setting up Keystore for Message Protection


Login to Enterprise Manager (EM); Setup Security Provider Configuration for the domain

Setting up Keystore for Message Protection


Expand Keystore; Click on Configure

Setting up Keystore for Message Protection


Setup the Keystore; The alias is the alias created in keystore

Keystore you created

Alias created in Keystore

Alias created in Keystore

Setting up Keystore for Message Protection


Click on a key and Edit to verify the alias

Setting up Keystore for Message Protection


Add users for EPM Native Users Recommended: Setup External Directories

Setting up Keystore for Message Protection


Needed for HPCM Sample Client Setup a key to store EPM user; Same key is passed in the client

Setting up Keystore for Message Protection


When done, restart all the managed servers

Running HPCM Sample Client


Ensure the keystore is the first provider Move as first provider
<jpsContexts default="default"> <jpsContext name="default"> <serviceInstanceRef ref="keystore.inst.0"/> <serviceInstanceRef ref="credstore"/> <serviceInstanceRef ref="policystore.xml"/> <serviceInstanceRef ref="audit"/> <serviceInstanceRef ref="idstore.ldap"/> <serviceInstanceRef ref="trust"/> <serviceInstanceRef ref="pdp.service"/> <serviceInstanceRef ref="attribute"/> <serviceInstanceRef ref="idstore.loginmodule"/> </jpsContext>

Running HPCM Sample Client


Updates to hpm_ws_client.properties
# Full Path of the jps-config.xml file in use. jps.config.file=C:/work/jps-config.xml #WSS Recipient key alias name used. wss.recipient.key.alias=epm # WSS Credential Store Framework key used. wss.csf.key=hpcm.security

Alias created in Keystore

Key created to store EPM user

# HPCM WSDL URL which is to be accessed. Eg: http://localhost:19000/profitability/ProfitabilityService?WSDL (or) {DRIVE_LETTER}:/{FILE_PATH}/FILE_NAME.wsdl hpcm.wsdl.url=http://localhost:9500/profitability/ProfitabilityService?WSDL

Running HPCM Sample Client


Using username/password directly
private void initialize() throws MalformedURLException { setSystemProperties(); URL hpcmWsdlUrl = new URL(System.getProperty("hpcm.wsdl.url")); QName qname = new QName("http://profitability.webservices.epm.oracle", "ProfitabilityService"); hpmServiceProvider = new ProfitabilityService_Service(hpcmWsdlUrl, qname); SecurityPolicyFeature[] securityFeatures = new SecurityPolicyFeature[] { new SecurityPolicyFeature("oracle/wss11_username_token_with_message_protection_client_policy"), new SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy") }; hpmWS = hpmServiceProvider.getProfitabilityServicePortType(securityFeatures); System.setProperty("oracle.security.jps.config", System.getProperty("jps.config.file"));

//((BindingProvider)hpmWS).getRequestContext().put(SecurityConstants.ClientConstants.WSS_RECIPIEN T_KEY_ALIAS, System.getProperty("wss.recipient.key.alias")); //((BindingProvider)hpmWS).getRequestContext().put(SecurityConstants.ClientConstants.WSS_CSF_KEY, System.getProperty("wss.csf.key")); Map<String, Object> reqContext = ((BindingProvider) hpmWS).getRequestContext(); reqContext.put(BindingProvider.USERNAME_PROPERTY,"admin"); reqContext.put(BindingProvider.PASSWORD_PROPERTY,"password1"); }

Additional ERPI Steps Use with standalone ERPI server

THANK YOU