2 Replies Latest reply: Aug 26, 2010 10:21 AM by 687626 RSS

    How to call https service from OSB

    VibhorRastogi
      hi

      I need to call thirt party https service. Its a secured service with authentication.
      I have Imported ssl certificate in keystore.

      It's one way ssl with authentication and I need to pass wsse token (username/password) from Business service to invoke third party service.

      What steps do I need to follow to call this service?

      I have gone through all other


      Thanks
      Vibhor
        • 1. Re: How to call https service from OSB
          Anuj Dwivedi-Oracle
          Hi Vibhor,
          I need to call thirt party https service. Its a secured service with authentication.
          First of all configure the identity and trust on your weblogic by following below link -

          http://download.oracle.com/docs/cd/E14571_01/web.1111/e13707/identity_trust.htm#i1202182

          Make sure that your trust store has the certificate of your third party service provider.
          I need to pass wsse token (username/password) from Business service to invoke third party service.
          Can you elaborate it a bit more? Are you talking about wsse:UsernameToken?

          Regards,
          Anuj
          • 2. Re: How to call https service from OSB
            687626
            Below note gives the high level steps to be performed for implementing different security requirements with OSB

            OSB - Proxy Service HTTPS one way
            Configure Identity & Trust Keystore

            OSB - Proxy Service HTTPS 2 way     
            Configure Identity Assertion Provider to support X509
            Configure user mapper class for default identity assertion provider
            Change 2 way Client Cert behaviour from default
            ('Client Certificate Not requested”) to “Client Certificate requested but not enforced”

            OSB - Business Service HTTPS one way     
            Add root & intermediate CA certificates of the server to the trust keystore

            OSB - Business Service HTTPS 2 way          
            Add root & intermediate CA certificates of the server to the trust keystore
            Configure PKI Credential Provider containing the client certificate
            Configure a Service Key provider with SSL Client Authentication key
            Associate the service key provider to the proxy service which invokes the business service

            OSB - Proxy Service WS-Security User Name Token     
            Configure Auth.xml or custom username token WS-Security Policy

            OSB - Proxy Service WS-Security X509 Token
            Configure Auth.xml and Sign.xml Policy
            Change UseX509ForIdentity attribute in domain → WS Security → Inbound Mbean Token handlers Page to true
            Ensure Certificate passed by client is present in certificate registry or the root CA in trust keystore depending upon weblogic certification path provider configuration
            Configure Identity Assertion Provider and Username mapper class.

            OSB - Business Service WS-Security User Name Token
            Configure Auth or custom username token WS-Security Policy
            Configure Service account for username provider

            OSB - Business Service WS-Security X509 Token
            Configure Sign.xml and Auth.xml policy ( or custom signing and username token policies) in the business service
            Configure a PKI credential provider and service key provider containing the certificate to be used for signing and authentication
            Associate the service key provider to the proxy service which invokes the business service.

            *OSB - Proxy Service Digital Signature     [ Request Only]*
            Configure Sign.xml or a custom signing policy to the proxy service
            Ensure Certificate passed by client is present in certificate registry or the root CA in trust keystore depending upon weblogic certification path provider configuration


            *OSB – Business Service Digital Signature     [ Request Only]*
            Configure Sign.xml policy ( or custom signing policy) in the business service
            Configure a PKI credential provider and service key provider containing the certificate to be used for signing
            Associate the service key provider to the proxy service which invokes the business service.

            Edited by: atheek1 on Aug 26, 2010 5:17 AM

            Edited by: atheek1 on Aug 26, 2010 8:20 AM