Tuesday, September 9, 2014

Oracle® Fusion Middleware Identity Governance Framework Initialize and Obtain Identity Directory Handle from JPS Context

The Identity Governance Framework (IGF) initiative enables secure exchange of identity-related information between users and applications and service providers. It provides privacy and governance semantics to applications and services infrastructure.


The following code sample initializes and obtains the identity directory handle from JPS context.
import oracle.igf.ids.UserManager;
import oracle.igf.ids.GroupManager;
import oracle.igf.ids.config.OperationalConfig;
import oracle.igf.ids.IdentityDirectoryFactory;
import oracle.igf.ids.IdentityDirectory;
import oracle.igf.ids.IDSException;

import oracle.security.jps.JpsContext;
import oracle.security.jps.JpsContextFactory;
import oracle.security.jps.service.idstore.IdentityStoreService;

public class IdsSample {

    private IdentityDirectory ids;
    private UserManager uMgr;
    private GroupManager gMgr;

    public IdsSample() throws IDSException {

        // Get IdentityDirectory from JpsContext
        try {
            JpsContext context =
JpsContextFactory.getContextFactory().getContext();
            IdentityStoreService idstore = (IdentityStoreService)
context.getServiceInstance(IdentityStoreService.class);
            ids = idstore.getIdentityStore();
        } catch (Exception e) {
            throw new IDSException(e);
        }        

 // Get UserManager and GroupManager handles
        uMgr = ids.getUserManager();
        gMgr = ids.getGroupManager();
    }
}

Monday, September 8, 2014

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0)-Configure Oracle Entitlements Server WebLogic Security Module High Availability

 


1. Run OESCLIENT_HOME/oessm/bin/config.sh to create a WebLogic Security Module and a WebLogic Server domain.
   For example: ./config.sh -smType wls -smConfigId <wls_name> -serverLocation <wls_home> -pdServer <oes_admin_server> -pdPort <oes_admin_ssl_port>
2. On the Welcome screen, select Create a WebLogic Domain then click Next.

3. On the Select Domain Source screen, select Generate a domain configured automatically to support the following added products. From the list, select Oracle Entitlements Server WebLogic Security Module on Weblogic For Managed Server.

4. On the Specify Domain Name and Location screen, enter the name and location for the domain and all its applications.

5. On the Configure Administration Server Username and Password screen, enter the admin user name and password

6. On the Configure Server Start Mode and JDK screen, select Production Mode and JDK.

7. On the Configure Administration Server screen, enter the following:
    Name: AdminServer
    Listen address: All Local Addresses
    Listen port: 7001
    SSL listen port: 7002
    Select SSL Enabled then click Next.

8. Create two managed servers as the following:
    Name           Listen Address      Port     SSL
   wlssm_server1  All Local Addresses  14610   14611  
   wlssm_server2  All Local Addresses  14612   14613

9. Create a cluster and add wlssm_server1, wlssm_server2 to the cluster.

10. Finish to create the domain.

11. Start the admin Server,  wlssm_server1 and wlssm_server2, make sure to have Node Manager Running, 
having StartScriptEnabled=true

12. Check in deployments => oracle.oes.client.pd.ssl (11.1.1.3.0) Active

13. You will see "PDP registration succeeded".

Thursday, September 4, 2014

Oracle API Gateway 11.1.2.3 Virtualizing a Service in API Service Manager

Oracle API Gateway 11.1.2.3 Virtualizing a Service in API Service Manager

You can use the API Services tab in API Service Manager to virtualize services with the API Gateway. The Business Services repository stores service URLs, definitions and related information such as XML schemas. Clients can query this repository for service information (for example, URLs or WSDL files), and use it to send messages to the service through the API Gateway.


Step 1—Basic Information

The first step in the New API Service wizard enables you to virtualize a service with or without a Web Services Definition Language (WSDL) file.
Virtualizing a REST API-based Service
To virtualize a REST API-based service without a WSDL file, perform the following steps:
  1. Click No, my Service will be defined manually, and enter the details for your service, for example:
    • NameMyService
    • Destination URLhttp://www.example.com/my_service
  2. Click Next to specify how service is exposed.
Virtualizing a Web Service
To virtualize an example Web service using the API Service Manager, perform the following steps:
  1. Click Yes, I know a URL from which to get a WSDL, and enter a URL in the WSDL URL field, for example:
    http://localhost:7070/axis/services/urn:xmltoday-delayed-quotes?wsdl
  2. Click Next to view a WSDL import summary.
  3. Click Next to specify how the service is exposed.

Step 2—Service Exposure

The second step in the wizard enables you to specify how the service is exposed. Perform the following steps:
  1. Enter or select the protocol. Defaults to HTTP. You can also click Show Details to view the default port address (${env.PORT.TRAFFIC} defaults to 8080).
  2. Enter or select the services group. Defaults to Default Services.
  3. Enter the relative path. Defaults to the path after the service domain name (for example, my_service). You may wish to virtualize the service on a different relative path.
  4. Click Next.

Step 3—Request Processing

The third step in the wizard enables you to specify policy packages used for request processing. (for example, an OAuth policy package for authentication. Perform the following steps:
  1. Click the green plus icon, and select a policy package from the list.
  2. Select whether this policy package is Required or Optional. Defaults to Required.
  3. Click the Edit Parameters icon to specify any policy parameters (for example, the value of a message attribute selector such as ${http.request.uri}).
  4. Repeat these steps to add more request processing policy packages.
  5. Click Next when finished.
[Note]Note
You can use the Policy Studio to create reusabe policy packages that can be applied to services in API Service Manager.  

Step 4—Routing

The fourth step in the wizard enables you to specify policy packages used for routing (for example, JMS). Perform the following steps:
  1. Click the green plus icon, and select a policy package from the list.
  2. Select whether this policy package is Required or Optional. Defaults to Required.
  3. Click the Edit Parameters icon to specify any policy parameters (for example, the value of a message attribute selector such as ${http.headers}).
  4. Repeat these steps to add more routing policy packages.
  5. Click Next when finished.

Step 5—Response Processing

The fifth step in the wizard enables you to specify policy packages used for response processing (for example, a policy package that removes sensitive information such as credit card details from the message). Perform the following steps:
  1. Click the green plus icon, and select a policy package from the list.
  2. Select whether this policy package is Required or Optional. Defaults to Required.
  3. Click the Edit Parameters icon to specify any policy parameters (for example, the value of a message attribute selector such as ${content.body}).
  4. Repeat these steps to add more repsonse processing policy packages.
  5. Click Next when finished.

Step 6—Monitoring

The sixth step in the wizard enables you to select the following monitoring options for the service:
  • Monitor API Service usage:
    Specifies whether to store message metrics for this service. This is selected by default.
  • Monitor API Service usage per client:
    Specifies whether to generate reports monitoring which authenticated clients are calling which services. This is selected by default.
  • Monitor client usage:
    If you want to generate reports on authenticated clients, but are not interested in which services they are calling, select this option and deselectMonitoring service usage per client.
  • Message Attribute:
    Enter the message attribute to use to identify authenticated clients. The default authentication.subject.id attribute stores the identifier of the authenticated user (for example, the username or user's X.509 Distinguished Name).
Click Next when finished.

Step 7—Tags

The final step in the wizard enables you to specify tags for this service. Tags are user-friendly names to help organize, search, and browse API Gateways and services in API Gateway Manager and Policy Studio. Perform the following steps:
  1. Click the green plus icon to add a tag.
  2. Enter a Tag name (for example, Dept).
  3. Enter a Value (for example, QA).
  4. Click Finish.
To view services by tag in API Gateway Manager, perform the following steps:
  1. Click the Show Columns button on the right in the API Services toolbar.
  2. Select the tag that you wish to display.
  3. Click Apply to view tag in the list.
The virtualized service is displayed on the API Services tab:
Registered Service

Deploying to a Group

When you have completed the steps in the wizard, you must deploy the updated configuration to a API Gateway group, or a subset of API Gateways in a group, as follows:
  1. Click Actions -> Deploy on the left in the API Services tab.
  2. In the Deployment Wizard, select the group and API Gateway instance(s) to which you wish to deploy the current working configuration, and click theNext.
  3. Enter a comment for this deployment (for example, registering google search service).
  4. Click Deploy.
  5. Click Finish.


OCI Knowledge Series: OCI Infrastructure components

  Oracle Cloud Infrastructure (OCI) provides a comprehensive set of infrastructure services that enable you to build and run a wide range of...