This content has been marked as final. Show 3 replies
Have you read all of these:
Hi Tanks gfor your post.
Yep, I red all three of them. (altough I must admit that I did not fully red the api reference...)
The relation between the different necessary installations is confusing me.
To make use of DRM api adapter:
1) I need HSS installed and configured. (did that, its working, at least I can log on to DRM with my windows network account)
2a) download and run RCU found it on the support site and ran it succesfully against a msql2005 database (the only one available which I could reboot for step 2b)
2b) install en configure and start Oracle Web Services Manager: done that succesfully (I think) had some issues with extended procedures (XA) but solved that.
3) configured api-adapter (quite easy part of the configuration)
4) added MSAD provider to weblogic: done that sucesfully (at least I can see MSAD users and groups in weblogic console)
5) deployed the oracle-epm-drm-webservices.ear in a new managed weblogic server (on port 8050 since default 8001 was used for soa_server1 during the configuration of OWSM)
6) started 4!!! weblogic servers (adminserver, soa_server1, bam_server1, DRM-API (just the name I gave to the managed server)
7) tested http://server:8001/wsm-pm/validator could only login with weblogic native account (not with weblogic/MSAD provider imported accounts????) But I can see 88 policies there.
8) browsed to http://server:8050/oracle-epm-drm-webservice/Drmservice?WSDL and got response
9) browsed to http://server:5240:/Oracle/DrmAPIAdapter?wsdl: getsucecsfull response from wsdl
Now I am a bit stuck I think.
First question: As far as I can follow the several manuals I am left with implementing security policies. Is that mandatory to get it working. Or only "best practice"for a production environment?
Second question: Is it normal behaviour that i cannot login to em/ console or wsm-pm/validator with the MSAD credentials? (I can only login to them with the weblogic native account)
Third question: is the BAM server mandatory to run?
Perhaps I get it worknig one of these days....
Edited by: Detlev on Jan 31, 2012 11:43 AM
Edited by: Detlev on Jan 31, 2012 1:48 PM
Q: As far as I can follow the several manuals I am left with implementing security policies. Is that mandatory to get it working?
- Yes, you will need to attach a owsm policy; the documentation recommends attaching the oracle/wss11_saml_or_username_token_with_message_protection_service_policy policy which will require some extended setup with the keystore and credential store in the WLS domain. For a less secure environment you could setup a Non Message protection policy such as :
If you did this you wouldn't need to setup the keystore and the credential store and you could test this easily in Enterprise Managers Web Service test console.
Q: Is it normal behaviour that i cannot login to em/ console or wsm-pm/validator with the MSAD credentials? (I can only login to them with the weblogic native account)
- I think you are may be missing some configuration settings of the MSAD Auth provider in the Weblogic realm that is preventing you from logging in to the wls console with the a MSAD id. This should be ok though for authenticating for the drm api purposes.
Q: is the BAM server mandatory to run?
- It is not required to run for the drm api.