C8ILL 11g Acnon Iramework Peak Indicators Limited 7 Acnon Iramework ! Acuon lramework ls an exclung new feaLure of C8lLL 11g LhaL provldes Lhe faclllLy Lo lnvoke a wlde varleLy of acuons or processes dlrecLly wlLhln Lhe ul ! 1hls ls a ma[or enhancemenL, slnce C8lLL 10g ls greaL for analysls buL has llmlLed capablllLy for performlng acuons once your analysls ls compleLe ! C8lLL 11g Acuon lramework enables you Lo: " navlgaLe Lo relaLed Cracle 8l conLenL " lnvoke operauons, funcuons, or processes ln exLernal sysLems ! Acuons can be lnluaLed from: " Analyses " uashboard pages " AgenLs (l8oLs ln 10g) " 8alanced Scorecard ob[ecuves" and lnluauves" " kls
Peak Indicators Limited 8 Creanng Acnons ! Acuons can be creaLed as re-usable ob[ecLs: ! Cr you can creaLe lnllne" acuons: " lf you only wanL Lo use an Acuon once, you can dene lL dlrecLly wlLhln an analysls, dashboard page, agenL, scorecard ob[ecuve, scorecard lnluauve, or kl. 1hese lnllne acuons are noL re-usable Peak Indicators Limited 9 Acnons ! 1here are varlous Lhlngs an Acuon can do! 1ypes of Acnon noLe: When lnLegraLed wlLh Slebel C8M lL ls also posslble Lo navlgaLe Lo Slebel C8M" Peak Indicators Limited 10 Lxamp|es ! 1hls supersedes navlgauon" ln C8lLL 10g: Nav|gate to 8I Content Peak Indicators Limited 11 Lxamp|es ! lL ls posslble Lo congure Acuon Llnks Lo appear condluonally " e.g. vlew Sales Crder ueLalls" only appears lf Lhere are <300 Crders Cond|nons vlslon nordlcs has >300 orders so lL ls only posslble Lo navlgaLe Lo a summary" analysls vlslon uk and lreland has <300 orders so lL ls posslble Lo navlgaLe Lo a deLall" analysls Peak Indicators Limited 12 Lxamp|es ! ?ou can also congure Acuon Llnks Lo requesL conrmauon before lnvoklng Lhe acuon: Conhrmanon Peak Indicators Limited 13 Lxamp|es ! uashboard ages can conslsL of Acuon Llnks" and Acuon Llnk Menus" Cn Dashboards Peak Indicators Limited 14 Lxamp|es ! An Acuon Llnk" dashboard ob[ecL wlll show an lndlvldual Acuon Cn Dashboards: Acnon L|nks nC1L: 1he Acuon Llnk can be dlsplayed condluonally Peak Indicators Limited 15 Lxamp|es ! An Acuon Llnk Menu" dashboard ob[ecL allows you Lo dlsplay a menu of muluple Acuon Llnks: Cn Dashboards: Acnon L|nk Menus Peak Indicators Limited 16 Lxamp|es ! kls can be congured wlLh muluple Acuon Llnks " 1he kl SLaLus" can be used Lo deLermlne whlch Acuon Llnks appear Cn kIs Peak Indicators Limited 17 ! 8alanced Scorecards can also be congured wlLh muluple Acuon Llnks " 1he Cb[ecuve or kl SLaLus" can be used Lo deLermlne whlch Acuon Llnks appear Lxamp|es Cn 8a|anced Scorecards Peak Indicators Limited 18 Lxamp|es ! ?ou can lnluaLe muluple Acuons once a uellvers AgenL has compleLed: " 1he Acuons can be lnluaLed for every row reLurned by Lhe AgenL! De||vers Agents ?ou can map Lhe columns reLurned by Lhe AgenL Lo each of Lhe Acuon's parameLers Peak Indicators Limited 19 ! Iurther Lxamp|es Peak Indicators Limited 20 Lxamp|e 1 : Nav|gate to a Web age ! ln Lhls example, we wlll demonsLraLe how Lo lnluaLe an Acuon Lo navlgaLe Lo a web page and run a Coogle search for a cusLomer! " 1hls ume, we wlll creaLe an lnllne" Acuon Peak Indicators Limited 21 Lxamp|e 2 : Invoke a Web Serv|ce ! ln Lhls example, we wlll demonsLraLe Lo how Lo creaLe a named" AcLon LhaL wlll lnvoke a web servlce dlrecLly from a uashboard " 1he Acuon wlll be called Ad[usL Sales lorecasL" wlll lnvoke a web servlce Lo modlfy a Sales 8ep's forecasL LargeL: Peak Indicators Limited 22 Lxamp|e 2 : Invoke a Web Serv|ce ! ln order Lo lnvoke a web servlce, you Lyplcally need Lhe u8L for lLs Web Servlce uescrlpuon Language (WSuL) " 1he owner of Lhe slLe hosung Lhe web servlce should be able Lo provlde you wlLh hls ! 1he WSuL reLurns an xML le provldlng deLalls on all Lhe web servlces LhaL are avallable, such as Lhe operauons avallable and Lhe parameLers LhaL need Lo be passed ! lor example, our web servlce has Lhe followlng WSuL: " hup://oblee11g:7001/Ad[usL_Sales_lorecasL-Ad[usL_Sales_lorecasL-conLexL-rooL/ Ad[usL_Sales_lorecasLorL?WSuL ! NC1L: " lL ls posslble for Lhe C8lLL admlnlsLraLor Lo seL up a 8eglsLry" conLalnlng a llsL of avallable web servlces, Lhls means you don'L need Lo provlde Lhe WSuL u8L " Semng up of Lhls 8eglsLry wlll be dlscussed durlng a laLer Loplc Notes Peak Indicators Limited 23 ! ln Lhls example, a CeL ulrecuons" Acuon wlll be used Lo lnvoke a plece of browser scrlpL (!avascrlpL) LhaL wlll open Coogle Maps and show you Lhe dlrecuons beLween your chosen locauon and Lhe cusLomer! Lxamp|e 3 : Invoke a 8rowser Scr|pt Peak Indicators Limited 24 Lxamp|e 3 : Invoke a 8rowser Scr|pt ! 1he followlng u8L can be generaLed Lo geL dlrecuons uslng Coogle Maps: " hup://maps.google.co.uk/maps?&saddr={p1}&daddr={p2} ! arameLers p1 and p2 can be anyLhlng such as a posLcode or a seL of Lang/ Long co-ordlnaLes (ln Lhe formaL LaL,Long") ! ln our example, we wlll pass 3 parameLers Lo our [avascrlpL funcuon: " ?our locauon " LauLude of cusLomer " LonglLude of cusLomer ! 1he [avascrlpL funcuon wlll concaLenaLe Lhe LaL/Long coordlnaLes LogeLher and pass Lhem Lo Coogle Maps as a slngle parameLer Notes Peak Indicators Limited 25 Lxamp|e 3 : Invoke a 8rowser Scr|pt ! 1here ls a UserScr|pt.[s" le provlded on Lhe C8lLL server ln whlch you musL place your cusLom !avascrlpL funcuons ! userScrlpL.[s ls locaLed ln Lhe followlng locauon on Lhe C8lLL server:
nC1L: Lhe !"#$%&'(&')* paLh ls Lhe followlng locauon:
[Mlddleware Pome]\user_pro[ecLs\domalns\blfoundauon_domaln\servers\bl_server1 Notes Peak Indicators Limited 26 Lxamp|e 3 : Invoke a 8rowser Scr|pt ! 1here ls a speclal synLax for Lhe userScrlpL.[s le " lor each Acuon you acLually provlde Lwo separaLe !avascrlpL funcuons! ! 1he 1 sL funcuon conLalns Lhe acLual code: Notes USERSCRIPT.getdirections = function(params) { var googleURL = "http://maps.google.co.uk/maps?&saddr=" + params.your_loc + "&daddr=" + params.dest_lat + "," + params.dest_long;
window.open(googleURL,"GetDirections"); }; luncuon name musL be prexed wlLh uSL8SC8l1." 1he funcuon accepLs a slngle array of lnpuL parameLers ?our refer Lo lnpuL parameLers ln Lhe formaL: array.parameter Peak Indicators Limited 27 Lxamp|e 3 : Invoke a 8rowser Scr|pt ! 1he 2 nd funcuon ls used Lo dene your lnpuL parameLers " C8lLL uses Lhls Lo auLomaucally know whlch parameLers are requlred ! lL has Lhe followlng formaL (ln Lhls case we are denlng 3 lnpuL parameLers): Notes
USERSCRIPT.getdirections.publish = { parameters:[ new USERSCRIPT.parameter("your_loc" , "Your Location" ,""), new USERSCRIPT.parameter("dest_lat" , "Latitude Destination" ,""), new USERSCRIPT.parameter("dest_long", "Longitude Destination",""), ] }; 1he funcuon has Lhe same name as before, buL has Lhe posulx .publlsh" Lach parameLer has 3 elemenLs: 1) varlable name 2) uescrlpuon 3) uefaulL value Peak Indicators Limited 28 ! What |s SCA? Peak Indicators Limited 29 Serv|ce Cr|ented Arch|tectures ! lf you read any l1 paper or look aL C1n, you wlll be hlL wlLh many success sLorles abouL SCA: Many Success Stor|es ,,,, %-(#./% 01 "&23&&. 456 -.7 846 3#99 .03 "& -:;#&(&7< ,,,, 846 '&7=:>0. #. >?& 20 ?-'@&2 10' .&3 %&'(#:&%< ,,,, 7'#(#./ /'&-2&' A&B#"#9#2CD &.7E20E&.7 #.2&/'->0. -.7 #.10'?&7 7&:#%#0. ?-@#./< ,,,, F(&' >?& GFH 3#99 %;0'2&. >?&E20E?-'@&2 -.7 '&7=:& 0I&'->./ &BI&.7#2='&< ,,,, J;& %09=>0. ;-% 903&'&7 :0%2% 10' I'0:&%%#./ .&3 :=%20?&'%< ,,,, GFH 3#99 I'0(#7& /'&-2&' A&B#"#9#2C -'0=.7 0=' 2&:;.090/C %C%2&?%< ,,,, K& -'& '0=/;9C 23#:& -% 1-%2 20 ?-'@&2 < ,,,,K& -:;#&(&7 %I&&7E20E?-'@&2 /-#.% 01 ?0'& 2;-. 456< Peak Indicators Limited 30 What |s SCA? ! uesplLe all Lhe success sLorles", Lhere sull remalns a loL of confuslon abouL whaL exacLly SCA ls ! Cne problem ls LhaL SCA ls an -':;#2&:2='&, so lL ls noL necessarlly someLhlng whlch ls easy Lo demonsLraLe or explaln ! AnoLher problem ls Lhe amounL of [argon - Lhere are so many sLandards and Lechnologles lnvolved lL ls dlmculL Lo know where Lo begln " Cracle SCA SulLe 11g comprlses of no less Lhan 13 producLs! Peak Indicators Limited 31 What |s SCA? ! A Servlce CrlenLed ArchlLecLure (SCA) ls an enLerprlse archlLecLure conslsung of modular web based servlces LhaL can be easlly lnLegraLed and reused, creaung a Lruly exlble and adapLable l1 lnfrasLrucLure ! Lach servlce serves as a bulldlng block formlng an archlLecLure LhaL supporLs muluple connecLed enLerprlse appllcauons worklng LogeLher Lo provlde sLreamllned soluuons Lo buslness problems
Peak Indicators Limited 32 What |s SCA? ! 8ehlnd Lhe scenes, a SCA lmplemenLauon can conslsL of a comblnauon of Lechnologles, producLs and supporL lnfrasLrucLure elemenLs ! Powever, Lhe key facLor ls LhaL Lhey all lnLegraLe vla a common seL of sLandards - how each bulldlng block ls lmplemenLed aL Lhe back end ls lrrelevanL
CkM Crder rocess|ng nk Consumer Intranet ] Internet 8us|ness Inte|||gence Peak Indicators Limited 33 What |s SCA? ! ln a SCA lmplemenLauon Lyplcally: " Communlcauon wlll be performed over P11 / P11S " Messages are dellvered ln xML formaL " 8uslness funcuons/processes are presenLed as Web Servlces
9 5/&*+& 6/%&/ 9 7'22 5;0+"@&/ 9 A&# B@C2"4&& 9 !"2'%*4 >&?;&0+ 9 D'0+/'E;+& F&/G"/@*(1& >&C"/+ 9 8(')*+& :2&/+ Peak Indicators Limited 34 What |s SCA? ! Pave you nouced LhaL all Acuons avallable wlLh Acuon lramework are based on P11? ! Acuon lramework puLs C8lLL 11g aL Lhe hearL of a SCA lmplemenLauon Acnon Iramework Acnons Peak Indicators Limited 35 ! What are Web Serv|ces? Peak Indicators Limited 36 What are Web Serv|ces? ! Web servlces are programs LhaL can be access remoLely uslng xML-based languages ! WhaL each program can do ls descrlbed ln a sLandard xML formaL called Web Servlces uescrlpuon Language (WSuL) ! 1he consumer does noL need Lo know how Lhe program ls lmplemenLed and ls only lnLeresLed ln whaL Lhe program can do (as dened ln Lhe WSuL) Web Serv|ce rov|der Intranet ] Internet Consumer WSDL Peak Indicators Limited 37 What are Web Serv|ces? ! 1he Consumer sends a requesL ln Lhe form of a Slmple Cb[ecL Access roLocol (SCA) message (SCA ls an xML messaglng framework deslgned Lo allow heLerogeneous appllcauons Lo exchange sLrucLured lnformauon) ! 1he web servlce provlder processes Lhe requesL and reLurns Lhe response ln xML formaL ! 1he Web servlce provlder may requlre some form of credenuals Lo be passed across, messaglng may be encrypLed Web Serv|ce rov|der Intranet ] Internet Consumer SCA + Credenna|s kML kesponse WSDL Peak Indicators Limited 38 uesnon ! uesnon: Pow do you bulld a Web Servlce? ! Answer: ?ou don'L need Lo know!
L'07=:2% %=:; -% F'-:9& MN&(&90I&' "=#97 -.7 7&I90C 3&" %&'(#:&% 10' C0=O Peak Indicators Limited 39 Demonstranon ! We shall now demonsLraLe how Lo bulld a L/SCL web servlce uslng Cracle !ueveloper ! !developer has a wlzard Lo qulckly enable you Lo presenL a L/SCL package as a web servlce ! ln our example, Lhe L/SCL package wlll be used Lo updaLe a Sales lorecasL amounL for a Sales 8ep 8u||d|ng a Web Serv|ce 1he L/SCL package procedure pr_updaLe_forecasL" accepLs 6 parameLers Peak Indicators Limited 40 Demonstranon ! 1he alm wlll be Lo execuLe Lhe L/SCL web servlce wlLhln C8lLL uslng an Acuon Llnk! 8u||d|ng a Web Serv|ce Peak Indicators Limited 41 ! C8I LL Web Serv|ces Peak Indicators Limited 42 C8ILL Web Serv|ces ! C8lLL 11g comes equlpped wlLh a wlde range of web servlces ! 1here are Lwo dlerenL Lypes: " Sesslon based" web servlces " Web servlces for SCA (new wlLh C8lLL 11g) ! 8efer Lo Lhe C8lLL 11g lnLegraLor's Culde for deLalled lnformauon: " hup://download.oracle.com/docs/cd/L14371_01/bl.1111/e16364/Loc.hLm Peak Indicators Limited 43 Sess|on 8ased C8ILL Web Serv|ces ! 1here are a varleLy of C8lLL sesslon based" web servlces are avallable: " PLmlvlewServlce - obLaln P1ML Lo render 8l dashboards/reporLs " l8oLServlce - lnluaLe l8oLs " MeLadaLaServlce - 8eLrleve lnfo on Sub[ecL Areas, 1ables, Columns " 8epllcauonServlce - 8epllcauon beLween resenLauon CaLalogues " 8eporLLdlungServlce - Add lLer and oLher condluons Lo 8l requesLs " SAWSesslonServlce - Logln, Logo, lmpersonaLe auLhenucauon funcuons " SecurlLyServlce - ldenufy 8l LL accounLs and prlvlleges " WebCaLalogServlce - 8rowslng and Managlng Lhe resenLauon CaLalogue " xMLvlewServlce - 8eLrleve Cracle 8l query resulLs ln xML formaL ! Lach of Lhese web servlces conLaln one or more meLhods ! 1hey are referred Lo as sesslon based" because you have Lo esLabllsh a sesslon wlLh C8lLL rsL before you can use Lhem (you need Lo pass ln a valld Sesslon ld) ! 1he Web Servlce uenluon Language (WSuL) formaL for Cracle 8l web servlces can be obLalned uslng Lhe followlng example u8L: " hup://localhosL:9704/analyucs/saw.dll?WSuL Peak Indicators Limited 44 Sess|on 8ased C8ILL Web Serv|ces ! When reLurnlng resulLs ln xML formaL, Lhe sLrucLure ls as follows: ! lL ls also posslble Lo speclfy a parameLer Lo reLurn Lhe meLa-daLa for each column of daLa reLurned e.g. name, daLa formaL, lengLh eLc kML kesu|ts Peak Indicators Limited 45 Sess|on 8ased C8ILL Web Serv|ces ! 1o sausfy a parucular requlremenL, normally a number of 8l LL web servlces wlll have Lo be called ln sequence e.g. " Log ln / AuLhenucaLe (SAWSesslonServlce) " CbLaln resulLs ln xML formaL (xMLvlewServlce) " Log o (SAWSesslonServlce) ! 1hls means you have Lo programmaucally call Lhe web servlces one aer Lhe oLher " ?ou log ln Lo obLaln Lhe Sesslon ld " ?ou call Lhe nexL web servlce and pass Lhe Sesslon ld ln as a parameLer " ?ou call Lhe nexL web servlce .. ! 1hese sesslon based web servlces are Lherefore noL Loo compauble wlLh Acuon lramework on Lhelr own " Acuon lramework lnluaLes lndlvldual Acuons wlLh no connecuon beLween Lhem Lncapsu|anng |nto Workows Peak Indicators Limited 46 Sess|on 8ased C8ILL Web Serv|ces ! lL could be advlsable Lherefore Lo encapsulaLe" Lhe sequence lnLo a 8LL workow: " 8LL workow wlll orchesLraLe Lhe lnluauon of Lhe 8l LL web servlces ! 1he 8LL workow wlll lLself Lhen be presenLed as a web servlce " Acuon lramework can Lhen lnluaLe Lhls slngle Acuon" ! 1hls ls where Cracle 8LL and SCA SulLe come lnLo play....we wlll dlscuss more abouL Lhls laLer.. Lncapsu|anng |nto Workows Peak Indicators Limited 47 C8ILL Web Serv|ces for SCA ! C8lLL Web Servlces for SCA" are qulLe dlerenL Lo Lhe Sesslon 8ased" web servlces. 1here are Lhree acuons avallable: " LxecuLe AgenL " LxecuLe Condluon " LxecuLe Analysls ! ?ou don'L need Lo pass ln a valld Sesslon ld Lo use Lhem " 1hey are sull secured uslng a username/password ln Lhe credenual sLore ! rompLed lLers and presenLauon varlables lncluded ln Lhe buslness lnLelllgence ob[ecLs are supporLed " lor example: lf your Analysls has 3 ls rompLed" lLers Lhen you can pass values ln for Lhese aL run-ume
! Cnly xML resulLs are reLurned Peak Indicators Limited 48 C8ILL Web Serv|ces for SCA ! lnsLead of belng provlded wlLh a WSuL u8L, you are ln facL provlded wlLh a WSlL (Web Servlce lnspecuon Language) u8L: " hup://localhosL:9704/blservlces/lnspecuon?wsll ! 1hls allows C8lLL Lo dynamlcally bulld up Lhe seL of web servlces avallable based upon Lhe ob[ecLs ln Lhe 8l resenLauon CaLalogue. lf you open up Lhe WSlL u8L ln a browser, you can see LhaL you are able Lo browse Lhrough Lhe caLalogue sLrucLure and you'll nd a web servlce for each Analysls, Condluon and AgenL! WSIL...not WSDL Peak Indicators Limited 49 C8ILL Web Serv|ces for SCA ! Conslder Lhls example where we have an AgenL called Sales PlsLory AgenL" ! We wanL Lo use Acuon lramework Lo lnvoke lL. Lxamp|e Peak Indicators Limited 50 C8ILL Web Serv|ces for SCA ! CreaLe a new Acuon of Lype lnvoke a Web Servlce" ! ?ou can Lhen browse Lhrough Lhe caLalog and lnvoke Lhe web servlce assoclaLed wlLh your AgenL! Create Acnon : Invoke a Web Serv|ce 1he paLh Lo our AgenL ls: /shared/AgenLs/Sales PlsLory AgenL Pere ls Lhe web servlce assoclaLed wlLh Lhe AgenL Peak Indicators Limited 51 C8ILL Web Serv|ces for SCA ! 1here are Lwo parameLers Lo congure, you can leave Lhem Cpuonal": " Sesslon CounLry " Sesslon Language Conhgure arameters Peak Indicators Limited 52 C8ILL Web Serv|ces for SCA ! LxecuLe Lhe Acuon and see Lhe AlerLs!" llnk appear: Lxecute the Acnon! Peak Indicators Limited 53 C8ILL Web Serv|ces for SCA ! 1here ls some congurauon requlred ln order Lo use C8lLL Web Servlces for SCA ! llrsLly, you have Lo congure Lhe lMW credenual sLore" wlLh Lhe username/password LhaL wlll be used Lo browse Lhe web servlces avallable " 1hls accounL wlll always be used for browslng Lhe web servlces, so users can only execuLe Acuons on ob[ecLs sLored ln Shared" folders ! Secondly we wlll congure Lhe AcuonlrameworkCong.xml" le wlLh deLalls such as: " 1he WSlL u8L Lo use for browslng Lhe web servlces " 1he auLhenucauon pollcy Lo deLermlne whaL credenuals eLc are requlred Lo lnvoke Lhe web servlces Conhguranon Peak Indicators Limited 54 C8ILL Web Serv|ces for SCA ! Cpen up LnLerprlse Manager and navlgaLe Lo: " WebLoglc uomaln > blfoundauon_domaln ! 1hen choose Lhe menu opuon SecurlLy > CredenLalls" Conhguranon : Step 1 Peak Indicators Limited 55 C8ILL Web Serv|ces for SCA ! WlLhln Lhe oracle.bl.enLerprlse" map, creaLe a new credenual key: " key: wsll.browslng " username: webloglc } 10' &B-?I9& " assword: welcome1 } Conhguranon : Step 2 Peak Indicators Limited 56 C8ILL Web Serv|ces for SCA ! CreaLe a new le called wss_username_Loken_pollcy.xml" and pasLe ln Lhe followlng conLenLs: ! Save Lhe le ln Lhe followlng locauon: " [Mlddleware Pome]\user_pro[ecLs\domalns\blfoundauon_domaln\cong\fmwcong\bllnsLances\coreappllcauon Conhguranon : Step 3 <?xml version="1.0" encoding="UTF-8"?> <oracle-webservice-clients> <webservice-client> <port-info> <policy-references> <policy-reference uri="oracle/log_policy" category="management"/> <policy-reference uri="oracle/wss_username_token_client_policy" category="security"/> </policy-references> </port-info> </webservice-client> </oracle-webservice-clients> Peak Indicators Limited 57 C8ILL Web Serv|ces for SCA ! WlLhln Lhe same folder, open up Lhe AcuonlrameworkCong.xml" le for edlung ! Congure Lhe <8eglsLrles>" Lags Lo conLaln Lhe followlng reglsLry: " ?ou should ensure Lhe ?WSlL paLh ls correcL Conhguranon : Step 4 <registries> <registry> <id>WS4SOA</id> <name>OBIEE Web Services for SOA</name> <content-type>webservices</content-type> <provider-class>oracle.bi.action.registry.wsil.WSILRegistry</provider-class> <description></description> <location> <path>http://localhost:9704/biservices/inspection?wsil</path> </location> <service-access> <account>wsil.browsing</account> <policy>wss_username_token_policy</policy> <propagateIdentity>false</propagateIdentity> </service-access> </registry> </registries> Peak Indicators Limited 58 C8ILL Web Serv|ces for SCA ! 1hen congure Lhe <AccounLs>" and <ollcles>" Lags Lo conLaln Lhe followlng congurauon " ?ou should noL need Lo edlL anyLhlng Conhguranon : Step S <accounts> <account> <name>wsil.browsing</name> <description>Account for BI WS for SOA</description> <adminonly>false</adminonly> <credentialkey>wsil.browsing</credentialkey> <credentialmap>oracle.bi.enterprise</credentialmap> </account> </accounts>
<policies> <policy> <name>wss_username_token_policy</name> <policyfile>wss_username_token_policy.xml</policyfile> </policy> </policies> Peak Indicators Limited 59 C8ILL Web Serv|ces for SCA ! Save Lhe AcuonlrameworkCong.xml" le ! 8esLarL Lhe followlng processes: " 8l resenLauon Servlces " Webloglc managed server bl_server1" Conhguranon : Step 6 Peak Indicators Limited 60 C8ILL Web Serv|ces for SCA ! 1esL! ?ou should now be able Lo creaLe an Acuon and see LhaL Lhe web servlces are auLomaucally avallable for you Lo choose and execuLe: Conhguranon : Step 7 Peak Indicators Limited 61 C8ILL Web Serv|ces for SCA ! WlLhouL furLher congurauon, all Lhe Web Servlces for SCA wlll be lnvoked as Lhe same wsll.browslng" accounL " Lveryone has Lhe same vlslblllLy of Lhe common Shared lolders" area " Lveryone has Lhe same vlslblllLy of Lhe user's own My lolders" area " Common daLa vlslblllLy for all users ! Powever, wlLh furLher congurauon lL ls posslble Lo secure" Lhe web servlces Lo run as Lhe user who ls lnvoklng Lhe web servlce raLher Lhan Lhe common wsll.browslng" accounL ! We wlll be deallng wlLh securlng web servlces ln a laLer Loplc.. Important Note! Peak Indicators Limited 62 ! Crac|e 8LL Peak Indicators Limited 63 Crac|e 8LL ! Cracle 8LL rocess Manager ls a componenL of Cracle SCA SulLe ! 8LL enables you Lo bulld workows LhaL orchesLraLe synchronous and asynchronous buslness processes Peak Indicators Limited 64 Crac|e 8LL ! 8LL ls deslgned Lo slL ln Lhe mlddle of your enLerprlse, coordlnaung and sequenclng Lhe lnLeracuons beLween varlous exLernal servlces (known as parLner llnks) Lo form slngle workows LhaL dellver end-Lo-end buslness processes ! ?ou can lnLegraLe muluple Lechnology adapLers and servlces wlLhln each workow, such as human Lasks, Lransformauons, noucauons, and buslness rules Peak Indicators Limited 65 Crac|e 8LL ! 8LL ls Lhe probably Lhe mosL eecuve Lool when lL comes Lo lnLegrauon wlLh Lhe sesslon based" C8lLL web servlces ! lL enables you Lo bulld a slngle workow LhaL calls Lhe varlous C8lLL web servlces ln Lhe approprlaLe sequence ! ?ou can Lhe deploy Lhe workow as a slngle web servlce whlch can be cenLrally secured and monlLored Integranng w|th C8ILL Peak Indicators Limited 66 Crac|e 8LL ! ln Lhls example, a 8LL workow ls calllng 3 C8lLL web servlces ln sequence: Sesslon Logon lnvoke AgenL Sesslon Logo Integranng w|th C8ILL Peak Indicators Limited 67 Crac|e 8LL # AblllLy Lo encapsulaLe muluple 8l LL web servlce calls lnLo a slngle workow # lasL/slmple developmenL # lasL/slmple deploymenL # Less cllenL-slde [avascrlpL (less worrylng abouL lL / Mozllla supporL) # CenLrallsed processlng, so less cllenL-server communlcauon # Lasy Lo supporL / de-bug (debugglng someone else's cusLom [ava code ls noL easy!) # 8LL deslgner parL of !ueveloper # rocess monlLorlng/performance vla 8LL ConLrol # SLandardlsed developmenL (whereas everyone's cusLom code ls dlerenL) # Lasy Lo orchesLraLe web-servlces and oLher processes/acuons # Cood sLarung polnL for conunued SCA expanslon # uenlng xSu schemas uslng a Cul Lool - don'L need knowledge of xML schema language Advantages of 8LL Peak Indicators Limited 68 Crac|e 8LL ! A Synchronous" 8LL Workow ls Lyplcally used for shorL-runnlng processes where resulLs can be reLurned almosL lmmedlaLely back Lo Lhe lnvoklng cllenL (Lhe cllenL wlll walL unul Lhe resulLs have been reLurned) ! Asynchronous" 8LL Workows are very useful for envlronmenLs ln whlch a process, such as one LhaL lnvolves manual lnLervenuon, can Lake a long ume Lo process a cllenL requesL. 1he lnvoklng cllenL does noL walL for a response, lnsLead Lhe workow wlll use a callback" Lo reLurn Lhe resulLs, lf any, Lo Lhe cllenL aL a laLer daLe/ume ! Asynchronous servlces provlde a more rellable faulL-LoleranL and scalable archlLecLure Lhan synchronous servlces P%20'#./ 2;& I'0:&%% #. - 7-2-"-%& I'&%&'(&% 2;& I'0:&%% -.7 I'&(&.2% -.C 90%% 01 %2-2& 0' '&9#-"#9#2C #1 - %C%2&? %;=2% 703. 0' - .&230'@ I'0"9&? 0::='%, J;#% 1&-2='& #.:'&-%&% "02; QLRS I'0:&%% '&9#-"#9#2C -.7 %:-9-"#9#2C, T0= :-. -9%0 =%& #2 20 %=II0'2 :9=%2&'#./ -.7 1-#90(&'U
Synchronous vs Asynchronous Peak Indicators Limited 69 Crac|e 8LL ! Lach 8LL process ls lnvoked by a cllenL", Lhls could be someone lnvoklng Lhe process manually or parL of a scheduled Lask ! 1he process wlll accepL some lnpuL parameLers and reLurn a seL of ouLpuL ! A Cul Lool allows you Lo deslgn Lhe lnpuL and ouLpuL sLrucLures Invok|ng C||ent We are accepung Lwo lnpuL parameLers: username AgenL 1here ls only one ouLpuL parameLers Peak Indicators Limited 70 Crac|e 8LL ! WlLhln a 8LL workow, you Lyplcally use 3 ob[ecLs Lo lnvoke an exLernal servlce: " A arLner Llnk" : uenes Lhe exLernal llnk e.g. a WSuL u8L " An lnvoke" acuvlLy : uenes Lhe process Lo lnluaLe and Lhe lnpuL/ouLpu " An Asslgn" AcuvlLy : 1o asslgn Lhe lnpuL parameLers Lo Lhe lnvoke acuvlLy Invok|ng a artner L|nk (e.g. Web Serv|ce) ln Lhls case, Lhe lnpuL parameLers Lo our loglnC8lLL" parLner llnk wlll be: username assword
1hese can be passed ln from Lhe cllenL lnvoklng Lhe 8LL process Peak Indicators Limited 71 Crac|e 8LL ! ln Lhe evenL of an error, a CaLchAll" acuvlLy wlll be dlrecL Lhe workow down anoLher paLh of acuons Lrror nand||ng ln Lhls case, Lhe CaLchAll" ls walung for any errors LhaL mlghL occur durlng Lhe logln process Peak Indicators Limited 72 Crac|e 8LL ! ?ou also have Acuvlues LhaL enable you Lo perform loops: " Whlle " 8epeaL unul " lor Lach ! lor example: " lor each record reLurned ln an xML resulLs seL: lnserL Lhe record lnLo Lhe daLabase Loops Peak Indicators Limited 73 Crac|e 8LL ! Cnce your workow ls compleLe, you can deploy lL auLomaucally Lo your appllcauon server " 1he appllcauon server should be runnlng SCA SulLe Dep|oyment Peak Indicators Limited 74 Crac|e 8LL ! Cnce deployed, you use LnLerprlse Manager Lo monlLor and LesL your 8LL process: Lnterpr|se Manager Peak Indicators Limited 75 Crac|e 8LL ! ?ou can LesL your 8LL process from LnLerprlse Manager (by lnluaung Lhe web servlce for Lhe 8LL process): 1esnng noLe Lhe Lwo lnpuL parameLers dened Peak Indicators Limited 76 Crac|e 8LL ! ?ou can Lrack, monlLor and dlagnose lssues dlrecLly wlLhln LnLerprlse Manager: Support]Mon|tor|ng Peak Indicators Limited 77 ! Web Serv|ce Standards Peak Indicators Limited 78 Web Serv|ce Standards ! 1here are Lwo Lypes of web servlce supporLed by Webloglc: " !Ax-WS: !ava Al for xML-based Web Servlces 2.1 " !Ax-8C: !ava Al for xML-8ased 8C 1.1 ! 8ecause !Ax-WS ls Lhe successor Lo Lhe !Ax-8C and lL lmplemenLs many of Lhe new feaLures ln !ava LL 3, Cracle recommends LhaL you develop Web servlces wlLh !Ax-WS ! !Ax-8C ls consldered legacy and Lhe speclcauon ls no longer evolvlng Peak Indicators Limited 79 ! Crac|e Web Serv|ces Manager (CWSM) Peak Indicators Limited 80 Crac|e Web Serv|ces Manager (CWSM) ! CWSM ls Lhe Cracle luslon Mlddleware componenL responslble for Lhe cenLrallsed managemenL and securlLy of web servlces across your enLerprlse " lL ls embedded wlLhln lMW ConLrol (LnLerprlse Manager) " WebLoglc ls auLomaucally congured Lo serve as an CWSM AgenL" CWSM also manages C8lLL web servlces Peak Indicators Limited 81 Crac|e Web Serv|ces Manager (CWSM) ! CWSM has Lhree maln purposes: " CenLrallsed polnL Lo apply pollcles" Lo your web servlces $ ollcles are securlLy rules. lor example, you could lock down a web servlce so LhaL all messaglng musL come from a LrusLed source and Lhe user needs Lo supply boLh a username and password (or some form of SSC Loken) " 1o serve as a web servlce reglsLry" $ When you have web servlces doued everywhere, CWSM can serve as a gaLeway so LhaL all your web servlces can be dlscoverable ln a slngle locauon " CenLrallsed monlLorlng urpose Peak Indicators Limited 82 Crac|e Web Serv|ces Manager (CWSM) ! Cracle luslon Mlddleware 11g currenLly only supporLs Lhe use of !Ax-WS servlces " 1hls means !Ax-8C web servlces cannoL be admlnlsLered ln Cracle LnLerprlse Manager ! WebLoglc however does sull supporL !Ax-8C web servlces " 1herefore, lf you have !Ax-8C web servlces Lhen you have Lo manage Lhem wlLhln WebLoglc Console Support for IAk-WS]kC Peak Indicators Limited 83 Crac|e Web Serv|ces Manager (CWSM) ! CWSM funcuons can be access vla Lhe maln menu for your WebLoglc domaln "Web Serv|ces" Menu Peak Indicators Limited 84 Crac|e Web Serv|ces Manager (CWSM) ! ?ou can use Lhe 8eglsLered Servlces" congurauon screen Lo reglsLer all your web servlces, so LhaL Lhey can be referenced ln a slngle place keg|ster|ng Serv|ces Peak Indicators Limited 85 ! Cllcklng on a WebLoglc server wlll dlsplay varlous performance/usage meLrlcs: Crac|e Web Serv|ces Manager (CWSM) Mon|tor|ng Peak Indicators Limited 86 ! Secur|ng Web Serv|ces Peak Indicators Limited 87 Secur|ng Web Serv|ces ! 1he securlng of web servlces ls obvlously a very lmporLanL Loplc " lf you're noL careful, by defaulL your cusLom web servlces wlll have no securlLy so anyone can lnvoke Lhem from anywhere! ! ?ou can secure web servlces wlLhln CWSM or wlLhln WebLoglc. ?ou secure a web servlce by asslgnlng one or more WS ollcles" ! ln Lhe example below, Lhe LxecuLeAgenL" web servlce has a securlLy pollcy whlch enforces auLhenucauon uslng a username and password (1oken): Peak Indicators Limited 88 Secur|ng Web Serv|ces ! 1here are Lwo Lypes of pollcy LhaL can be auached Lo web servlces: " Crac|e Web Serv|ces Manager (WSM) o||cy $ ollcy provlded by Lhe CWSM $ ?ou can only auach CWSM securlLy pollcles Lo !Ax-WS Web servlces $ ?ou manage CWSM pollcles from wlLh Cracle LnLerprlse Manager luslon Mlddleware ConLrol " WebLog|c Web Serv|ce o||cy $ ollcy provlded by WebLoglc Server $ A subseL of WebLoglc Web servlce pollcles lnLeroperaLe wlLh Cracle WSM pollcles $ ?ou manage WebLoglc Web servlce pollcles from Lhe WebLoglc Admln Console ! nC1L: " lL ls recommended LhaL you use CWSM pollcles over WebLoglc pollcles whenever posslble. ?ou cannoL mlx your use of Cracle WSM and WebLoglc Web servlce pollcles on Lhe same web servlce o||c|es Peak Indicators Limited 89 Secur|ng Web Serv|ces ! CWSM and WebLoglc come wlLh many predened pollcles! 1he one Lo use largely depends on Lhe cusLomer's needs: ! As a general rule Lhough you can slmply conslder Lhe pollcles menuoned on Lhe prevlous slldes redehned o||c|es Peak Indicators Limited 90 Secur|ng Web Serv|ces ! 8y defaulL, all Lhe C8lLL Web Servlces for SCA" are congured wlLh a pollcy LhaL requlres a valld username / assword credenuals Lo be passed Lhrough: ! 1he credenuals are checked agalnsL whaLever ldenuLy rovlder(s) ls congured ln WebLoglc (by defaulL, lL wlll be lLs own embedded LuA sLore) ! ln Lhe case of C8lLL 11g, Lhe credenuals passed are sLored ln Lhe Credenual SLore" admlnlsLered wlLhln LnLerprlse Manager (WebLoglc uomaln > SecurlLy > Credenuals): Username ] assword (1oken) Peak Indicators Limited 91 Secur|ng Web Serv|ces ! AlLhough Lhe pollcy wss_username_Loken_servlce_pollcy" secures auLhenucauon, lL does noL cover all securlLy aspecLs: " Conhdenna||ty: $ 1here ls no use of publlc/prlvaLe keys so Lhe messages are noL encrypLed (usernames/ passwords are noL even encrypLed) " Integr|ty: $ 1he messages are noL dlglLally slgned, so you cannoL guaranLee Lhe auLhenuclLy of Lhe messages
nC1L: a prlvaLe key ls acLually used Lo dlglLally slgn messages Username ] assword (1oken) Peak Indicators Limited 92 Secur|ng Web Serv|ces ! CWSM provldes anoLher pollcy wss_username_Loken_wlLh message_proLecuon_servlce_pollcy": ! 1hls securlLy pollcy ls much more secure: " username/password credenuals musL be supplled " xML Messages are encrypLed uslng publlc/prlvaLe key " xML Messages are dlglLally slgned uslng Lhe prlvaLe key ! 1he downslde ls LhaL you always have Lo supply a password! " ?ou can use Lhe Credenual SLore" for Lhls purpose, buL lL means you are always passlng over Lhe same credenuals no mauer whlch user ls lnvoklng Lhe servlce
Username ] assword (1oken) w|th Message rotecnon Peak Indicators Limited 93 Secur|ng Web Serv|ces ! CWSM provldes alLernauve pollcy wss11_saml_Loken_wlLh message_proLecuon_servlce_pollcy": ! lnsLead of requlrlng a password, Lhe cllenL passes over a cerucaLe whlch ls Lhen verled by Lhe server (Lhe server has a key sLore conLalnlng all Lhe valld cerucaLes) ! 1hls securlLy pollcy ls also very secure: " Cnly cllenLs wlLh a LrusLed" cerucaLe are allowed " xML Messages are encrypLed uslng publlc/prlvaLe key " xML Messages are dlglLally slgned uslng Lhe prlvaLe key ! 1he beneL ls LhaL Lhe username of Lhe lnvoklng user ls propagaLed, so Lhls pollcy supporLs Lhe need for a servlce Lo run as dlerenL users. 1he downslde ls LhaL Lhe server has Lo LrusL LhaL Lhe user ls valld. 1hls meLhod ls commonly used by parLners" who need Lo lnLegraLe across Lhe web and can LrusL each oLher ! nC1L: 1he propagaLed user musL have an enLry ln Lhe reclplenL's LuA sLore
SAML 1oken w|th Message rotecnon Peak Indicators Limited 94 Secur|ng Web Serv|ces ! CWSM provldes alLernauve pollcy wss11_saml_Loken_wlLh message_proLecuon_servlce_pollcy": ! lnsLead of requlrlng a password, an x.309 cerucaLe ls passed over Lo Lhe server Lo verlfy LhaL Lhe user has been auLhenucaLed and can be LrusLed (x.309 ls commonly used ln SSC appllcauons) ! 1hls securlLy pollcy ls also very secure: " Cnly cllenLs wlLh a valld x.309 cerucaLe allowed " xML Messages are encrypLed uslng publlc/prlvaLe key " xML Messages are dlglLally slgned uslng Lhe prlvaLe key
! 1he username of Lhe lnvoklng user ls propagaLed, so Lhls pollcy supporLs Lhe need for a servlce Lo run as dlerenL users. x.309 ls a sLronger and more secure form of SSC compared Lo SAML. Lach user has a cerucaLe whlch ls ued Lo an lndlvldual enLry ln Lhe company's LuA sLore
kS09 1oken w|th Message rotecnon Peak Indicators Limited 95 ! Generanng a key Store Peak Indicators Limited 96 Generanng a key Store ! Cracle luslon Mlddleware makes use of a key sLore" Lo conLaln: " A rlvaLe/publlc key palr " A CerucaLe " 1he CerucaLes of oLher LrusLed" slLes (for SAML pollcles) ! 1he key sLore should reslde ln Lhe followlng folder: " [Mlddleware Pome]\user_pro[ecLs\domalns\[domaln]\cong\fmwcong ! 8y defaulL, Lhe key sLore has Lhe lename defaulL-keysLore.[ks" ! nC1L: CerucaLes sLore lnformauon such as Crganlzauon name, CounLry eLc " lor producuon use lL ls recommended Lo only use cerucaLes lssued by a CerucaLe AuLhorlLy (CA) such as verlslgn " lL ls posslble Lhough Lo generaLe cerucaLes for developmenL/LesL use Peak Indicators Limited 97 Generanng a key Store ! ?ou need Lo generaLe a key sLore when whenever you have pollcles LhaL lnvolve message proLecuon". ! SeparaLe key sLores should be creaLed on boLh cllenL and server machlnes " 1he cllenL/server should have dlerenL publlc/prlvaLe keys and cerucaLes ! When Lhe web servlce ls lnvoked, Lhe publlc keys are exchanged beLween cllenL and server " 1he cllenL wlll Lhen encrypL messages uslng Lhe server's publlc key and vlce versa " Cnly Lhe recelver who has Lhe correspondlng prlvaLe key can decrypL Lhe message ! 1o ensure auLhenuclLy, Lhe boLh sldes wlll also add a dlglLal slgnaLure Lo Lhelr messages: " 1he sender creaLes a dlglLal slgnaLure by produclng a hashed" copy of Lhe message and Lhen encrypung lL uslng Lhe sender's prlvaLe key " 1he reclplenL can use Lhe sender's publlc key Lo decrypL Lhe hashed" copy and verlfy Lhe auLhenuclLy of Lhe sender (as only Lhe sender has Lhe prlvaLe key LhaL could have generaLed Lhe hashed copy) ub||c]r|vate keys Peak Indicators Limited 98 Generanng a key Store ! lor pollcles lnvolvlng Message roLecuon" and/or SAML asseruon: " 1he server's key sLore wlll need Lo conLaln Lhe cerucaLes from all Lhe LrusLed" cllenL machlnes " 1he key sLore on each cllenL machlne wlll need Lo conLaln Lhe server's cerucaLe ! So you have Lo perform Lhe followlng process on all cllenL and server machlnes " CeneraLe a new key sLore conLalnlng a prlvaLe/publlc key palr and a cerucaLe " LxporL your cerucaLe " Send your cerucaLe (securely!) Lo Lhe oLher server " lmporL your cerucaLe lnLo Lhe oLher server's key sLore Message rotecnon and SAML Assernon Peak Indicators Limited 99 Generanng a key Store ! use Lhe followlng commands Lo generaLe a defaulL key sLore le conLalnlng a publlc/prlvaLe key palr and a cerucaLe: " keyLool -genkeypalr -keyalg 8SA -allas orakey -keypass HC*00C#"/%I -keysLore defaulL-keysLore.[ks -sLorepass HC*00#"/%I -valldlLy 3600 ! ?ou wlll be prompLed for Lhe followlng " WhaL ls your rsL and lasL name? " WhaL ls Lhe name of your organlzauonal unlL? " WhaL ls Lhe name of your organlzauon? " Cracle WhaL ls Lhe name of your ClLy or LocallLy? " WhaL ls Lhe name of your SLaLe or rovlnce? " WhaL ls Lhe Lwo-leuer counLry code for Lhls unlL? Commands - Generate keys Peak Indicators Limited 100 Generanng a key Store ! ?ou can llsL Lhe conLenLs of your key sLore by uslng Lhe followlng command: " keyLool -llsL -v -keysLore defaulL-keysLore.[ks nC1LS: $ ?ou wlll be prompLed for your key sLore password Commands - L|st key Store Contents Peak Indicators Limited 101 Generanng a key Store ! lf you need Lo send your cerucaLe Lo Lhe server (e.g. SAML) Lhen you should exporL your cerucaLe uslng Lhe followlng command: " keyLool -exporLcerL -v -allas orakey -keysLore defaulL-keysLore.[ks -sLorepass [password] nC1LS: $ 1hls wlll creaLe a le ln Lhe formaL [allas].cer" Commands - Lxport Cernhcate Peak Indicators Limited 102 Generanng a key Store ! 1o lmporL your cllenL cerucaLe lnLo anoLher server's key sLore you can use Lhe followlng command: " keyLool -lmporL -allas [cllenL_allas] -le [cerucaLe le] -keysLore defaulL- keysLore.[ks nC1LS: $ ?ou wlll be asked Lo enLer Lhe key sLore passowrd $ ?ou wlll need Lo conrm LhaL you agree LhaL Lhls ls a LrusLed cerucaLe LhaL you are lmporung Commands - Import Cernhcate Peak Indicators Limited 103 Generanng a key Store ! Cnce you have lmporLed your cerucaLe you can do a keysLore llsL" command Lo llsL Lhe conLenLs of your key sLore, whlch should conLaln your own key enLry and cerucaLe as well as your LrusLed cerucaLes: Commands - Import Cernhcate ?our own key enLry and cerucaLe CerucaLe from LrusLed source Peak Indicators Limited 104 ! Conhgur|ng CWSM Peak Indicators Limited 105 Conhgur|ng CWSM ! Whenever you generaLe a new key sLore you wlll need Lo congure lMW ConLrol wlLh Lhe allas and passwords LhaL you used (you'll have Lo do Lhls on all servers) ! WlLhln LnLerprlse Manager, expand your WebLoglc domaln and choose Lhe followlng from Lhe menu: " WebLoglc uomaln > SecurlLy > SecurlLy rovlder Congurauon Secur|ty rov|der Conhguranon Peak Indicators Limited 106 Conhgur|ng CWSM ! Cllck on Lhe key SLore > Congure buuon: ! LnLer Lhe allas (Lyplcally orakey") and Lhen Lhe SlgnaLure" and CrypL" key sLore passwords (e.g. welcome1) LhaL were specled wen generaung Lhe key sLore: Secur|ty rov|der Conhguranon Peak Indicators Limited 107 ! Conhgur|ng AcnonIrameworkConhg.xm| Peak Indicators Limited 108 Conhgur|ng AcnonIrameworkConhg.xm| ! Whenever you wanL C8lLL Lo lnvoke secured web servlces, you have Lo congure C8lLL as follows: " 8eglsLer Lhe web servlces " Speclfy Lhe pollcles " Speclfy accounL deLalls ! 1he congurauon le ls AcuonlrameworkCong.xml" whlch ls locaLed ln Lhe followlng folder: " !V#779&3-'&$W0?&*\user_pro[ecLs\domalns\!N0?-#.*\cong\fmwcong \bllnsLances\coreappllcauon ! Whenever you make changes Lo AcuonlrameworkCong.xml you need Lo resLarL: " 1he C8lLL managed server (bl_server1) " 8l resenLauon Servlces Peak Indicators Limited 109 Conhgur|ng AcnonIrameworkConhg.xm| ! llrsL of all, you can speclfy a llsL of Allases" wlLhln Lhe <allases> secuon ! 1o faclllLaLe deploymenL and release processes, Lhese Allases mean you don'L have Lo hard code server names/l addresses ln your sysLem. lnsLead you can refer Lo server allases, whlch C8lLL wlll LranslaLe aL run-ume lnLo you're Lhelr acLual server names: <aliases> <location-alias> <alias>obiee11g</alias> <actual>obiee11g-prod</actual> </location-alias> <location-alias> <alias>soasuite</alias> <actual>soasuite-prod</actual> </location-alias> </aliases> <a||ases> Peak Indicators Limited 110 Conhgur|ng AcnonIrameworkConhg.xm| ! lor any username/password pollcles, you wlll need Lo llsL a number of accounL credenuals ln Lhe <accounLs> secuon:
<accounts> <account> <name>wsil.browsing</name> <description>Account for BI WS for SOA</description> <adminonly>false</adminonly> <credentialkey>wsil.browsing</credentialkey> <credentialmap>oracle.bi.enterprise</credentialmap> </account> </accounts>
! nC1LS: " 1he <name> elemenL wlll be used as a reference elsewhere ln Lhe le " 1he <credenualkey> and <credenualmap> elemenLs musL refer Lo a credenual key ln Lhe lMW Credenual SLore" (WebLoglc uomaln > SecurlLy > Credenuals) <accounts> Peak Indicators Limited 111 Conhgur|ng AcnonIrameworkConhg.xm| ! ?ou should llsL all Lhe dlerenL Lypes of pollcles LhaL are ln use wlLhln Lhe <pollcles> secuon
<policies> <policy> <name>SAMLPolicy</name> <policyfile>ActionsSAMLPolicy.xml</policyfile> </policy> <policy> <name>wss_username_token_policy</name> <policyfile>wss_username_token_policy.xml</policyfile> </policy> <policy> <name>wss_username_token_message_protection_policy</name> <policyfile>wss_username_token_message_protection_policy.xml</policyfile> </policy> </policies> ! nC1LS: " 1he <name> elemenL wlll be used as a reference elsewhere ln Lhe le " Lach pollcy wlll have lLs own .xml le separaLely creaLed, Lhe name of Lhe le should be wlLhln Lhe <pollcyle> elemenL (we wlll do Lhls nexL) <po||c|es> Peak Indicators Limited 112 Conhgur|ng AcnonIrameworkConhg.xm| ! CreaLe a separaLe .xml le for each <pollcyle> enLry referenced ln Lhe <pollcles> secuon: <?xml version="1.0" encoding="UTF-8"?> <oracle-webservice-clients> <webservice-client> <port-info> <policy-references> <policy-reference uri="oracle/log_policy" category="management"/> <policy-reference uri="oracle/wss_username_token_client_policy" category="security"/> </policy-references> </port-info> </webservice-client> </oracle-webservice-clients> ! lMC81An1 nC1L: " 1hls le should conLaln Lhe cllenL" pollcy. So lf your pollcy ls wss_username_Loken_serv|ce_pollcy" Lhen ln Lhls le you should sLaLe wss_username_Loken_c||ent_pollcy" Create o||cy I||es name of cllenL" pollcy Peak Indicators Limited 113 Conhgur|ng AcnonIrameworkConhg.xm| ! 1he <reglsLrles> secuon should llsL all Lhe web servlces LhaL you wlsh Lhe C8lLL end users Lo use: " Cnly WSlL u8Ls are supporLed ln Lhe <reglsLry> secuon ! 1hls example ls for a slmple username/password pollcy: <registries> <registry> <id>WS4SOA</id> <name>OBIEE Web Services for SOA</name> <content-type>webservices</content-type> <provider-class>oracle.bi.action.registry.wsil.WSILRegistry</provider-class> <description></description> <location> <path>http://localhost:9704/biservices/inspection?wsil</path> </location> <service-access> <account>wsil.browsing</account> <policy>wss_username_token_policy</policy> <propagateIdentity>false</propagateIdentity> </service-access> </registry> </registries>
<reg|str|es> : Lxamp|e 1 Maps Lo a credenual sLore key and pollcy Peak Indicators Limited 114 Conhgur|ng AcnonIrameworkConhg.xm| ! 1hls example ls for a username/password pollcy wlLh message proLecuon <registries> <registry> <id>WS4SOA</id> <name>OBIEE Web Services for SOA</name> <content-type>webservices</content-type> <provider-class>oracle.bi.action.registry.wsil.WSILRegistry</provider-class> <description></description> <location> <path>http://localhost:9704/biservices/inspection?wsil</path> </location> <service-access> <account>wsil.browsing</account> <policy>wss_username_token_message_protection_policy</policy> <propagateIdentity>false</propagateIdentity> </service-access> </registry> </registries>
<reg|str|es> : Lxamp|e 2 Peak Indicators Limited 115 Conhgur|ng AcnonIrameworkConhg.xm| ! 1hls example ls for a SAML pollcy wlLh message proLecuon: ! <propagaLeldenuLy> ls seL Lo Lrue as we wlll wanL Lo propagaLe Lhe lnvoker's username lnsLead of uslng a xed credenual from Lhe credenual sLore
<registries> <registry> <id>WS4SOA</id> <name>OBIEE Web Services for SOA (SAML)</name> <content-type>webservices</content-type> <provider-class>oracle.bi.action.registry.wsil.WSILRegistry</provider-class> <description></description> <location> <path>http://localhost:9704/biservices/inspection?wsil</path> </location> <service-access> <policy>SAMLPolicy</policy> <propagateIdentity>true</propagateIdentity> </service-access> </registry> </registries>
<reg|str|es> : Lxamp|e 3 As SAML ls based on LrusLed cerucaLes, we won'L need Lo provlde a password for auLhenucauon. So we don'L speclfy a credenual sLore accounL her Peak Indicators Limited ! uesnons? Peak Indicators Limited Helping Your Business Intelligence Journey