<Insert Picture Here>
OWSM Setup
Oracle Web Services Manager (OWSM)
• Manages security aspects of Web Services
• If you plan to use web services exposed by a product, you need to
setup OWSM
• FCM, ERPI, Profitablity, Essbase Provider Services, HFM, DRM
• Uses of web services:
• FCM uses HFM, ERPI web services
• ERPI uses to interact with 3rd party web services
• Profitability exposes web services for batch clients
• HFM exposes web services for FCM
• When you configure SOA for FCM, these setup steps are taken care of and
does not need to be repeated
• EPM Products use the following OWSM Policy:
• Oracle/wss11_saml_or_username_token_with_message_protection_service_policy
Web Services Security in EPM
WebService CSS
WebLogic
User Store
EPM
User Store
1. Web Service Request 2
. A
uth
en
tic
ate
3. Validate With CSS &
Generate Token
Va
lid
ate
Product 4
. Invo
ke
with
CS
S T
ok
en
WebLogic
Users Roles &
Privileges Enforced
Important they are same
High Level Tasks
• Set up database schema using RCU
• Set up OWSM Policy Manager
• Set up Keystore for Message Protection
• Configure WebLogic to corporate directory
Setup Database Schema with RCU RCU posted on eDelivery
Setup Database Schema with RCU Launch rcuHome/bin/rcu.bat; select Create
Setup Database Schema with RCU Enter database connection details
Setup Database Schema with RCU Enter a prefix; Select metadata Services
Setup Database Schema with RCU Provide passwords to be used for the schemas
created
Setup Database Schema with RCU Use default tablespaces (or manage them)
Setup Database Schema with RCU Click Create to create the schema and the tables
Setup Database Schema with RCU Once done, you will get a Success message
Setup OWSM Policy Manager Launching the WebLogic Configuration Wizard
• This needs to be done on the server where the
WebLogic domain for EPM was created
• This is typically the first Foundation Services server
• Make sure the WebLogic Admin Server is not running
• Launch the WebLogic Config Wizard
Setup OWSM Policy Manager Select Extend an existing WebLogic domain
Setup OWSM Policy Manager Select EPM domain
Setup OWSM Policy Manager Select Oracle WSM Policy Manager
Setup OWSM Policy Manager Next through the EPM data sources
Setup OWSM Policy Manager Enter database credentials created using RCU
Setup OWSM Policy Manager Test data source and ensure it connects correctly;
Next through the panels to setup OWSM-PM
Setup OWSM Policy Manager Start Admin Server and login to WebLogic Admin
Console to enable OWSM-PM
Setup OWSM Policy Manager Start Admin Server and login to WebLogic Admin Console to
enable OWSM-PM
Setting up Keystore for Message Protection Create a keystore – the key alias will be used later on
Setting up Keystore for Message Protection Login to Enterprise Manager (EM); Setup Security Provider
Configuration for the domain
Setting up Keystore for Message Protection Expand Keystore; Click on Configure
Setting up Keystore for Message Protection Setup the Keystore; The alias is the alias created in keystore
Alias created in Keystore Alias created in Keystore
Keystore you created
Setting up Keystore for Message Protection Click on a key and Edit to verify the alias
Setting up Keystore for Message Protection Add users for EPM Native Users
Recommended: Setup External Directories
Setting up Keystore for Message Protection Needed for HPCM Sample Client – Setup a key to store EPM
user; Same key is passed in the client
Setting up Keystore for Message Protection When done, restart all the managed servers
Running HPCM Sample Client Ensure the keystore is the first provider
• Move as first provider <jpsContexts default="default">
<jpsContext name="default">
<serviceInstanceRef ref="keystore.inst.0"/>
<serviceInstanceRef ref="credstore"/>
<serviceInstanceRef ref="policystore.xml"/>
<serviceInstanceRef ref="audit"/>
<serviceInstanceRef ref="idstore.ldap"/>
<serviceInstanceRef ref="trust"/>
<serviceInstanceRef ref="pdp.service"/>
<serviceInstanceRef ref="attribute"/>
<serviceInstanceRef ref="idstore.loginmodule"/>
</jpsContext>
Running HPCM Sample Client Updates to hpm_ws_client.properties
# Full Path of the jps-config.xml file in use.
jps.config.file=C:/work/jps-config.xml
#WSS Recipient key alias name used.
wss.recipient.key.alias=epm
# WSS Credential Store Framework key used.
wss.csf.key=hpcm.security
# HPCM WSDL URL which is to be accessed. Eg:
http://localhost:19000/profitability/ProfitabilityService?WSDL (or)
{DRIVE_LETTER}:/{FILE_PATH}/FILE_NAME.wsdl
hpcm.wsdl.url=http://localhost:9500/profitability/ProfitabilityService?WSDL
Key created to store EPM user
Alias created in Keystore
Running HPCM Sample Client Using username/password directly
private void initialize() throws MalformedURLException {
setSystemProperties();
URL hpcmWsdlUrl = new URL(System.getProperty("hpcm.wsdl.url"));
QName qname = new QName("http://profitability.webservices.epm.oracle",
"ProfitabilityService");
hpmServiceProvider = new ProfitabilityService_Service(hpcmWsdlUrl, qname);
SecurityPolicyFeature[] securityFeatures = new SecurityPolicyFeature[] {
new
SecurityPolicyFeature("oracle/wss11_username_token_with_message_protection_client_policy"),
new
SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy") };
hpmWS = hpmServiceProvider.getProfitabilityServicePortType(securityFeatures);
System.setProperty("oracle.security.jps.config", System.getProperty("jps.config.file"));
//((BindingProvider)hpmWS).getRequestContext().put(SecurityConstants.ClientConstants.WSS_RECIPIEN
T_KEY_ALIAS, System.getProperty("wss.recipient.key.alias"));
//((BindingProvider)hpmWS).getRequestContext().put(SecurityConstants.ClientConstants.WSS_CSF_KEY,
System.getProperty("wss.csf.key"));
Map<String, Object> reqContext = ((BindingProvider) hpmWS).getRequestContext();
reqContext.put(BindingProvider.USERNAME_PROPERTY,"admin");
reqContext.put(BindingProvider.PASSWORD_PROPERTY,"password1");
}
Additional ERPI Steps
Use with standalone ERPI server
THANK YOU
Top Related