Wednesday, 13 May 2020

OWSM - Basic Understandings

  • Oracle provides a security framework called Oracle Web Service Manager to secure the services across your organization. 


    • We can use OWSM policies to secure 
      • ADF Services.
      • Web Services.
      • RESTFull Services.    



  • Before we use OWSM policies , we need to install OWSM on weblogic server. 
  • OWSM provides Client and Service policies to protect and invoke your secured services. 
  • Service policies are used to secure your exposed services. 
  • Client policies are used to invoke the secured services. 
  • Some of the basic authentication policies are
    • Policy - 1

                             oracle/http_basic_auth_over_ssl_service_policy
                             oracle/http_basic_auth_over_ssl_client_policy

                          This is an authentication only policy for both SOAP and REST service. 

    • Policy -2 

                              oracle/wss_http_token_client_policy
                              oracle/wss_http_token_service_policy

                         This is an authentication only policy for SOAP. It  support transport  authentication. 

    • Policy -3
                           oracle/wss_username_token_client_policy
                            oracle/wss_username_token_service_policy

                          This is an authentication only policy for SOAP. It  support SOAP authentication. 

    • Policy -4 
                               oracle/wss_http_token_over_ssl_client_policy
                               oracle/wss_http_token_over_ssl_service_policy

                      This policy is used authentication as well as message protection . It support transport  authentication.  This will use SSL protection.  Communication happens via HTTPS  port.

    • Policy -5
                             oracle/wss_username_token_over_ssl_client_policy
                             oracle/wss_username_token_over_ssl_service_policy
 
                         This policy is used authentication as well as message protection . It support SOAP     level authentication.  This will use SSL protection.  Communication happens via HTTPS  port.

  • Oracle provide SAML authentication policies for web service.  
  • For more details on other policies refer following oracle link. -  OWSM Policies


Note: 

    If your application is not configured with OWSM then you can use basic authentication to access the services protected using OWSM policies. 

Example : 

      Python :
                     
                   creadentials = base64.encodestring('%s:%s' % (username, password))[:-1]
                   authorization = "Basic %s" % creadentials

     .NET :

              request.Method = "POST";
             request.ContentType = "text/xml;charset=UTF-8";
             request.ContentLength = byteArray.Length;
             request.Headers.Add("Authorization", "Basic " + credentials);



No comments:

Post a Comment