Professional Documents
Culture Documents
BPM11g11117 Lab SecuringServices
BPM11g11117 Lab SecuringServices
12
Table of Contents
3
Objective ...................................................................................................... 1
3.2
3.3
3.4
Exercise Instructions.................................................................................... 5
3.4.1 First Pass ............................................................................................ 5
3.4.2 Second Pass ....................................................................................... 6
3.5
3.6
12.1 Objective
The objective of this exercise is to understand how to apply and
configure Oracle Web Service Manager (OWSM) policies to secure
SOA composite services and references. Specifically
Overview
The scenario uses a simple BPM process (SecuredProcess) exposed
as a service with a single synchronous WhoAmI operation. The
Page 1 of 8
operation returns the current user from the perspective of the called
process.
There is also a CallingProccess that records the local user and also
the result of the call to WhoAmI on the SecuredProcess.
12.2.2
Page 2 of 8
12.2.3
Service Policy
wss10_saml_token_service_policy
wss10_saml_token_service_policy
wss_http_token_service_policy
12.3.1
The name of the Credential Mapper key that contains the user
and password for HTTP Basic Authorization (plan uses
basic.credentials.ps6Pilot)
The only value that must be changed is the host and port. The
remaining values must match the deployment environment.
Page 3 of 8
12.3.2
12.3.3
Page 4 of 8
12.4.1
First Pass
The steps for the first pass:
Reference Policy
Service Policy
SAML-Propagation
wss10_saml_token_client_policy
wss10_saml_token_service_policy
SAML-Impersonation
wss10_saml_token_client_policy
wss10_saml_token_service_policy
Http-CredentialMapper
wss_http_token_client_policy
wss_http_token_service_policy
Page 5 of 8
12.4.2
Second Pass
The only change in this pass is to add the
wss_http_token_service_policy to the CallingProcess. This will result
in a Subject being associated with the calling service and will illustrate
an important point about how policies and message optimization are
related.
In the first pass, the policies were attached at design time using
JDeveloper. Its also possible to attach policies at runtime using EM.
In pass 2 you will use EM to attach the policy and then run the same
set of scenarios again (without redeploying), but this time with a user id
provided via HTTP basic authentication.
In EM go to the Policies tab for the CallingProcess service. Note that
the policies bound to the service references at design time are already
there. Use the Attach/Detach menu to select CallingProcess.service.
Page 6 of 8
You should now see the new policy attached to the service:
Now run the scenarios again using a valid user, for example mwtain.
You should the local user as the local subject as well as the subject
returned in the service response.
Look carefully at the scenario for identity assertion with SAML. If its
not working as expected, review the notes on policy and local
optimization.
Page 7 of 8
Page 8 of 8