Tuesday, December 23, 2014

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) - Secure the XACML Authorization Web Service

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) - Secure the XACML Authorization Web Service 


To associate a WS-Policy file with a Web service:
  • If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit  
  • In the left pane of the Administration Console, select Deployments.
  • In the right pane, navigate within the Deployments table until you find the Web service for which you want to configure a WS-Policy file.Note: Web services are deployed as part of an Enterprise application, Web application, or EJB. To understand how Web services are displayed in the Administration Console.
  • In the Deployments table, click the name of the Web service.




  • Select Configuration -> WS-Policy.The table lists the WS-Policy files that are currently associated with the Web service. The top level lists all the ports of the Web service. Click the + next to a Web service port to see its operations and associated WS-Policy files.


  • To associate a WS-Policy file with an entire Web service endpoint (port):
    • Click the name of the Web service port. A page appears which includes two columns: one labelled Available Endpoint Policies that lists the names of the WS-Policy files that you can attach to a Web service endpoint and one labelled Chosen Endpoint Policies that lists the WS-Policy files that are currently configured for this endpoint.
    • Use the arrows to move WS-Policy files between the available and chosen columns. The WS-Policy files that are in the Chosen column are attached to the Web service endpoint.
    • Click OK.If your Web service already has a deployment plan associated to it, then the newly attached WS-Policy files are displayed in the Policies column in the table.
      If the J2EE module of which the Web service is a part does not currently have a deployment plan associated with it, the assistant asks you for the directory that should contain the deployment plan. Use the navigation tree to specify a directory, then click Finish.


  • To associate a WS-Policy file with a Web service operation:
    • Click the name of the operation. A page appears which includes two columns: one labeled Available Message Policies that lists the names of the WS-Policy files that are available to attach to the inbound (request) and outbound (response) SOAP message of the operation invoke and one labeled Chosen Message Policies that lists the WS-Policy files that are currently attached to the inbound and outbound SOAP message of the operation invoke.
    • Use the arrows to move WS-Policy files between the available and chosen columns. The WS-Policy files that are in the Chosen column are the ones that are attached to the inbound and outbound SOAP message when this operation is invoked by a client application.
    • Click Next.
    • A page appears which includes two columns: one labeled Available Inbound Message Policies that lists the names of the WS-Policy files that are available to attach to the inbound (request) SOAP message of the operation invoke and one labeled Chosen Outbound Message Policies that lists the WS-Policy files that are currently attached to the inbound SOAP message of the operation invoke.
    • Use the arrows to move WS-Policy files between the available and chosen columns. The WS-Policy files that are in the Chosen column are the ones that are attached to the inbound (request) SOAP message when this operation is invoked by a client application.
    • Click Next.
    • A page appears which includes two columns: one labeled Available Outbound Message Policies that lists the names of the WS-Policy files that are available to attach to the outbound (response) SOAP message of the operation invoke and one labeled Chosen Outbound Message Policies that lists the WS-Policy files that are currently attached to the outbound SOAP message of the operation invoke.
    • Use the arrows to move WS-Policy files between the available and chosen columns. The WS-Policy files that are in the Chosen column are the ones that are attached to the outbound (response) SOAP message when this operation is invoked by a client application.
    • Click Finish.If your Web service already has a deployment plan associated with it, the attached WS-Policy files are displayed in the Policies column in the table.
      If the J2EE module of which the Web service is a part does not currently have a deployment plan associated with it, the assistant asks you for the directory that should contain the deployment plan. Use the navigation tree to specify a directory, then click Finish.

  • To activate these changes, in the Change Center of the Administration Console, click Activate Changes.




at
Labels:

Friday, December 19, 2014

Oracle® Fusion Middleware SOA-11g Release 2 (11.1.1.7.0) XML Gateway Integration (Inbound) Part 2. Steps to build Oracle Apps Adapter connection from JDeveloper

Oracle® Fusion Middleware SOA-11g  XML Gateway Integration (Inbound) Part  2. Steps to build Oracle Apps Adapter connection from JDeveloper
  • Open JDeveloper and create a new SOA Project




























  • On the composite design screen, click on Oracle Applications. This will bring up the Adapter Configuration Screen. Click Next.


  • Enter the Service Name and press Next.


  • Enter the DB Connection Name and the JNDI Connection Name that was created using Post  http://oraclesoaandoim.blogspot.com/2014/12/oracle-fusion-middleware-soa-11g.html
  • Press Next



  • Navigate to Other Interfaces Custom Objects and Choose XML Gateway as an option and select the desired Map in XML Gateway




  • Choose the specific schema tied to XML Gateway.

  • This creates Oracle Apps Adapter for the use within the composite.
  • Please ensure that the following header properties are set from withing Invoke of BPEL process 

    <invoke name="InvokeWriteToECXQueue"
                  inputVariable="InvokeWriteToECXQueue_Enqueue_InputVariable"
                  partnerLink="WriteToECXQueue" portType="ns7:Enqueue_ptt"
                  operation="Enqueue" bpelx:invokeAsDetail="no">
            <bpelx:inputProperty name="jca.apps.ecx.TransactionType"
                                 expression='"MINDTELLIGENT"'/>
            <bpelx:inputProperty name="jca.apps.ecx.TransactionSubtype"
                                 expression='"MINDTELLIGENT_RECV"'/>
            <bpelx:inputProperty name="jca.apps.ecx.PartySiteId"
                                 expression='"112233"'/>
            <bpelx:inputProperty name="jca.apps.ecx.MessageType"
                                 expression='"XML"'/>
            <bpelx:inputProperty name="jca.apps.ecx.MessageStandard"
                                 expression='"OAG"'/>
            <bpelx:inputProperty name="jca.apps.ecx.DocumentNumber"
                                 expression='"1234"'/>
          </invoke>
        </sequence>


at
Labels:

Oracle® Fusion Middleware SOA-11g Release 2 (11.1.1.7.0) INBOUND XML Gateway Integration (Inbound) Part 1. Create Oracle Apps Adapter Connection Pool


Oracle® Fusion Middleware SOA-11g   (11.1.1.7.0) XML Gateway Integration (Inbound) Part 1. Create Oracle Apps Adapter Connection Pool

This thread discusses steps to build a SOA composite with Oracle Applications Adapter using JDeveloper.


  • Using the Admin Console, navigate to Deployments-> OracleAppsAdapter





  • Click on Configuration->Outbound Connection Pools -> New-> Choose  javax.resource.cci.ConnectionFactory


















  • Enter JNDI Name and press finish. 














  • Ensure XA Data Source Name is created correctly and press Save.










  • Go Back To Deployments->OracleAppsAdapter. Click on the Check Box and Press Update.


























  • Restart the Server

at
Labels:

Monday, December 15, 2014

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) Create delegated administrator

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) Create delegated administrator 


  • Expand the Applications node in the Navigation Panel.
  • Select the Application to modify.
  • Right-click the Application name and select Open from the menu. The General, Delegated Administrators, Policy Distribution and Simulation tabs are all active.
  • Click the Delegated Administrators tab. The Application name is listed in the displayed table. Click the arrow next to the Application name to see the default ApplicationPolicyAdmin created when the Application object was created. Click the Administrator Role name to display its details, in tabs, below the Delegated Administrators table. 
    • Role Details
    • External Role Mapping
    •  External User Mapping
  • Click New to create a new Administrator Role. Be sure to select the name of the Application to activate New. Alternately, select the Application and select New from the Actions menu. A New Administrator Role dialog is displayed.



  • Provide the following values for the new Administrator Role and click OK. Delegating Application Administration  Name: The entry must be a unique.  Display Name and  Description



  • Select the new Administrator Role to activate its configuration tabs. The Role Details tab is active.
  • Click Edit to define the role details. An Edit Administrator Role dialog is displayed.
  •  Grant View or Manage privileges for the appropriate policy objects and click Save.

Select View or Manage for the listed policy objects. For example, Admin Policy allows the administrator to assign new permissions to an Admin Role. Admin Role, however, allows the administrator to assign members to an Admin Role. 


  • Click the External Role Mapping tab to grant the Administrator Role to members of External Roles. User and groups displayed are from the first LDAP provider with sufficient flag defined in WebLogic Server.
  • Click Add to display the Search Principals dialog.
  •  Complete the query fields in the External Roles search box and click Search. Empty strings fetch all roles. The results display in the Search Results table.
  • Select the external role to map to by clicking its name in the table. Use Ctrl+click to select multiple roles.
  • Click Add Principals. The selected roles display in the External Role Mapping tab.


at
Labels:

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) Steps to create an obligation

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) Steps to create an obligation


The Security Module PDP evaluates the request and returns a response (and applicable obligations) to the PEP in the form of an authorization decision to grant or deny access. 

 The PEP fulfills any obligations, if applicable. An obligation is information returned with the decision upon which the PEP may or may not act. For example, an obligation may contain additional information concerning a decision to deny. The PEP entity is responsible for obligation fulfillment based on its settings. Oracle Entitlements Server is only responsible for forwarding the obligation based on policy configuration.

 This thread discusses steps to create an Obligation for a policy.
  • Create an attribute as shown in the examples getChildPersons. The attribute should of Category: Dynamic; Input Values:  Multiple; Type: String

  • Navigate to the authorization policy and create a new obligation by choosing the getChildPersons from the List of Attributes from the window.

  •        In the PIP AttributeRetriever code populate the attribute to return the obligation "getChildPersons" 
            } else if ("getChildPersons".equals(string)) {            return ( ............);
            }













at
Labels:

Sunday, December 14, 2014

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) Add the PIP JAR files to CLASSPATH

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) Add the PIP JAR files to CLASSPATH


  • Build the directories where the JAR files will be stored.
  • Copy necessary .jar files that are needed to by the attribute retrievers/PIP.
  • Add the following lines to the $DOMAIN_HOME/bin/setDomainEnv.sh file.  Setting of the CLASSPPATH variable is toward the bottom of the file, these line should be added immediately following the definition of the variable.


MIND_DOMAIN_APP_DIR=/u01/app/oracle/admin/PIP_LIBS
export MIND_DOMAIN_APP_DIR

CLASSPATH=${CLASSPATH}:${MIND_DOMAIN_APP_DIR}/lib/*:${MIND_DOMAIN_APP_DIR}/lib/dependent/
export CLASSPATH

  • Restart the Admin and SM Servers



at
Labels:

Monday, December 1, 2014

Connect ToUrl Using Basic Authentication

Connect ToUrl Using Basic Authentication 


com.util.mindtelligent.util


import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;

import org.apache.commons.codec.binary.Base64;

public class ConnectToUrlUsingBasicAuthentication {

 public static void main(String[] args) {

  try {
   String webPage = "http://192.168.1.1";
   String name = "admin";
   String password = "admin";

   String authString = name + ":" + password;
   System.out.println("auth string: " + authString);
   byte[] authEncBytes = Base64.encodeBase64(authString.getBytes());
   String authStringEnc = new String(authEncBytes);
   System.out.println("Base64 encoded auth string: " + authStringEnc);

   URL url = new URL(webPage);
   URLConnection urlConnection = url.openConnection();
   urlConnection.setRequestProperty("Authorization", "Basic " + authStringEnc);
   InputStream is = urlConnection.getInputStream();
   InputStreamReader isr = new InputStreamReader(is);

   int numCharsRead;
   char[] charArray = new char[1024];
   StringBuffer sb = new StringBuffer();
   while ((numCharsRead = isr.read(charArray)) > 0) {
    sb.append(charArray, 0, numCharsRead);
   }
   String result = sb.toString();

   System.out.println("*** BEGIN ***");
   System.out.println(result);
   System.out.println("*** END ***");
  } catch (MalformedURLException e) {
   e.printStackTrace();
  } catch (IOException e) {
   e.printStackTrace();
  }
 }

}












at






















Labels:

























Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) - Secure the XACML Authorization Web Service












Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) - Secure the XACML Authorization Web Service





Migrating From Database to XML



Following is the procedure to migrate policies from a database to an XML-based



policy store.



Note: The value of the bootstrap.security.principal.key property needs to be populated with the key generated during reassociation of the policy, credential, and key stores from one repository type to another







1. On the OES server  installed box create a folder migration. Eg: /OES/migration



2. Create a file jps-config.xml Eg: /OES/migration/jps-config.xml



3. Copy the content below to the jps-config.xml file create above and edit the DB connection parameters.



4. Copy the bootstrap folder



5. Copy the system-jazn-data.xml from the following location

$ORACLE_HOME/user_projects/domains/oes_domain/config/fmwconfig to /OES/migration







<!-- Source DB-based policy store instance -->

<serviceInstance provider="policystore.provider"

name="policystore.db.source">

<description>DB Based Policy Store Service Instance</description>

<property name="policystore.type" value="DB_ORACLE"/>

<property name="jdbc.url"

value="jdbc:oracle:thin:@sc.domainexample.com:1722:orcl"/>

<property name="jdbc.driver" value="oracle.jdbc.driver.OracleDriver"/>

<property name="bootstrap.security.principal.key"

value="bootstrap_DWgpEJgXwhDIoLYVZ2OWd4R8wOA=" />

<property name="oracle.security.jps.ldap.root.name" value="cn=jpsTestNode"/>

<property name="oracle.security.jps.farm.name" value="cn=view_steph.atz"/>

</serviceInstance>



<!-- Destination XML-based policy store instance -->

<serviceInstance name="dst.xml" provider="policystore.xml.provider"

location="/scratch/divyasin/WithPSR/jazn-data-fscm.xml">

<description>File Based Policy Store Service Instance</description>

</serviceInstance>





<!-- Bootstrap credentials to access source and destination stores -->

<serviceInstance location="./bootstrap" provider="credstoressp"

name="bootstrap.cred">

<description>Replace location with the full path of the directory where

the bootstrap file cwallet.sso is located; typically found in

destinationDomain/config/fmwconfig/</description>



</serviceInstance>



<jpsContext name="sourceContext">

<serviceInstanceRef ref="policystore.db.source"/>



</jpsContext>



<jpsContext name="destinationContext">

<serviceInstanceRef ref="dst.xml"/>

</jpsContext>



<jpsContext name="bootstrap_credstore_context">

<serviceInstanceRef ref="bootstrap.cred"/>



</jpsContext>



6. On the OES server  installed box navigate to the following location $ORACLE_HOME/Oracle_IDM1/common/bin/



7. Run the follwing command ./wlst.sh



8. If you need to migrate entire policystore use this command:

Eg: migrateSecurityStore(type=”policyStore”,src=”sourceContext”,dst=”destinationContext”,configFile=”OES/migration/jps-config.xml”)



If you need to migration only a specific application policy:



 migrateSecurityStore

(type="policyStore", src="sourceContext",

dst="destinationContext",

configFile="/scratch/divyasin/WithPSR/jps-config.xml")











at






















Labels:

















        

      









Subscribe to:
Posts (Atom)









Amazon Bedrock and AWS Rekognition  comparison for Image Recognition



 Both Amazon Bedrock  and AWS Rekognition  are services provided by AWS, but they cater to different use cases, especially when it comes to ...