Friday 26 July 2019

ORACLE SOACS - Invoke a WebService using OAuth


Create a Keystore for OWSM  -- One Time Configuration
  • Go to the WebLogic Domain → Security → Keystores page.
  • Click on “Create Stripe” button
  • Enter the name “owsm”
  • Click on the newly created “owsm” stripe
  • Click on the “Create Keystore” button..
  • Fill in the Keystore name as “keystore”
  • Ensure the Protection type is “Policy”
  • Click on “OK”
Create a credentials map for OWSM  -- One Time Configuration
  • Go to WebLogic Domain → Security → Credentials
  • Click on the “Create Map” button
  • Fill in the name “oracle.wsm.security”
  • Click "OK

Create a Credential Key - csfkey for OAuth
  • Click on the map created in the previous step
  • Click on the “Create Key” button
  • Ensure that the Type field has “Password” selected
  • Enter the OAuth Client ID in the “User Name” field
  • Enter the OAuth Client Secret in the “Password” field
  • Enter the same value in the “Confirm Password” field
  • Click “OK”

Create a composite and attach following policies to the reference/target component.
  • "oracle/oauth2_config_client_policy" (This policy is used to configure the OAuth settings)
    • Edit the policy configurations to update the following values
      • token.uri
      • oauth2.client.csf.key
  • "oracle/http_oauth2_token_client_policy" ( This policy acquires the OAuth Access Token and attaches it to the request )
    • Edit the policy configurations to update the following values. 
      • outh2.client.csf.key
      • set federated.client.token to flase
      • set subject.precedence to false
      • Scope - provide scope name. 
Grant OWSM access to the Keystore for the Composite
  • Go to the WebLogic Domain → Security → System Policies page
  • In the search field, search for Type of “Codebase”
  • Use the Name “Includes” option
  • Enter “wsm-agent-core” in the Name field
  • Press the button to search
  • Click on the policy name to select it
  • Click on the “Edit” button
  • Click the “Add” button to add a new permission
  • Click on the “Select here to enter details for a new permission” check box
  • In the The “Permission Class” field enter “oracle.wsm.security.WSIdentityPermission”
  • In the “Resource Name” enter the SOA Composite name in the following format exactly, substituting your composite name for <composite_name>:“resource=<composite_name>,mapName=oracle.wsm.security”
  • In the “Permission Action” enter “getKey”
  • Click “OK” to create the permission
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

IDCS - Identity Federation with Azure and Google (SAML IDP & Social IDP)

The setup involves Identity Cloud Service (IDCS) acting as the central identity provider, facilitating seamless authentication and authoriza...