<Insert Picture Here>
OWSM Setup
�Oracle Web Services Manager (OWSM)
Manages security aspects of Web Services If you plan to use web services exposed by a product, you need to setup OWSM
FCM, ERPI, Profitablity, Essbase Provider Services, HFM, DRM Uses of web services: FCM uses HFM, ERPI web services ERPI uses to interact with 3rd party web services Profitability exposes web services for batch clients HFM exposes web services for FCM When you configure SOA for FCM, these setup steps are taken care of and does not need to be repeated
EPM Products use the following OWSM Policy:
Oracle/wss11_saml_or_username_token_with_message_protection_service_policy
�Web Services Security in EPM
WebLogic
Important they are same
EPM User Store
User Store
2. Authenticate
1. Web Service Request
WebService
4. Invoke with CSS Token
3. Validate With CSS & Generate Token
CSS
Users Roles & Privileges Enforced
Product
WebLogic
Validate
�High Level Tasks
Set up database schema using RCU Set up OWSM Policy Manager Set up Keystore for Message Protection Configure WebLogic to corporate directory
�Setup Database Schema with RCU
RCU posted on eDelivery
�Setup Database Schema with RCU
Launch rcuHome/bin/rcu.bat; select Create
�Setup Database Schema with RCU
Enter database connection details
�Setup Database Schema with RCU
Enter a prefix; Select metadata Services
�Setup Database Schema with RCU
Provide passwords to be used for the schemas created
�Setup Database Schema with RCU
Use default tablespaces (or manage them)
�Setup Database Schema with RCU
Click Create to create the schema and the tables
�Setup Database Schema with RCU
Once done, you will get a Success message
�Setup OWSM Policy Manager
Launching the WebLogic Configuration Wizard This needs to be done on the server where the WebLogic domain for EPM was created
This is typically the first Foundation Services server
Make sure the WebLogic Admin Server is not running Launch the WebLogic Config Wizard
�Setup OWSM Policy Manager
Select Extend an existing WebLogic domain
�Setup OWSM Policy Manager
Select EPM domain
�Setup OWSM Policy Manager
Select Oracle WSM Policy Manager
�Setup OWSM Policy Manager
Next through the EPM data sources
�Setup OWSM Policy Manager
Enter database credentials created using RCU
�Setup OWSM Policy Manager
Test data source and ensure it connects correctly; Next through the panels to setup OWSM-PM
�Setup OWSM Policy Manager
Start Admin Server and login to WebLogic Admin Console to enable OWSM-PM
�Setup OWSM Policy Manager
Start Admin Server and login to WebLogic Admin Console to enable OWSM-PM
�Setting up Keystore for Message Protection
Create a keystore the key alias will be used later on
�Setting up Keystore for Message Protection
Login to Enterprise Manager (EM); Setup Security Provider Configuration for the domain
�Setting up Keystore for Message Protection
Expand Keystore; Click on Configure
�Setting up Keystore for Message Protection
Setup the Keystore; The alias is the alias created in keystore
Keystore you created
Alias created in Keystore
Alias created in Keystore
�Setting up Keystore for Message Protection
Click on a key and Edit to verify the alias
�Setting up Keystore for Message Protection
Add users for EPM Native Users Recommended: Setup External Directories
�Setting up Keystore for Message Protection
Needed for HPCM Sample Client Setup a key to store EPM user; Same key is passed in the client
�Setting up Keystore for Message Protection
When done, restart all the managed servers
�Running HPCM Sample Client
Ensure the keystore is the first provider Move as first provider
<jpsContexts default="default"> <jpsContext name="default"> <serviceInstanceRef ref="keystore.inst.0"/> <serviceInstanceRef ref="credstore"/> <serviceInstanceRef ref="policystore.xml"/> <serviceInstanceRef ref="audit"/> <serviceInstanceRef ref="idstore.ldap"/> <serviceInstanceRef ref="trust"/> <serviceInstanceRef ref="pdp.service"/> <serviceInstanceRef ref="attribute"/> <serviceInstanceRef ref="idstore.loginmodule"/> </jpsContext>
�Running HPCM Sample Client
Updates to hpm_ws_client.properties
# Full Path of the jps-config.xml file in use. jps.config.file=C:/work/jps-config.xml #WSS Recipient key alias name used. wss.recipient.key.alias=epm # WSS Credential Store Framework key used. wss.csf.key=hpcm.security
Alias created in Keystore
Key created to store EPM user
# HPCM WSDL URL which is to be accessed. Eg: http://localhost:19000/profitability/ProfitabilityService?WSDL (or) {DRIVE_LETTER}:/{FILE_PATH}/FILE_NAME.wsdl hpcm.wsdl.url=http://localhost:9500/profitability/ProfitabilityService?WSDL
�Running HPCM Sample Client
Using username/password directly
private void initialize() throws MalformedURLException { setSystemProperties(); URL hpcmWsdlUrl = new URL(System.getProperty("hpcm.wsdl.url")); QName qname = new QName("http://profitability.webservices.epm.oracle", "ProfitabilityService"); hpmServiceProvider = new ProfitabilityService_Service(hpcmWsdlUrl, qname); SecurityPolicyFeature[] securityFeatures = new SecurityPolicyFeature[] { new SecurityPolicyFeature("oracle/wss11_username_token_with_message_protection_client_policy"), new SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy") }; hpmWS = hpmServiceProvider.getProfitabilityServicePortType(securityFeatures); System.setProperty("oracle.security.jps.config", System.getProperty("jps.config.file"));
//((BindingProvider)hpmWS).getRequestContext().put(SecurityConstants.ClientConstants.WSS_RECIPIEN T_KEY_ALIAS, System.getProperty("wss.recipient.key.alias")); //((BindingProvider)hpmWS).getRequestContext().put(SecurityConstants.ClientConstants.WSS_CSF_KEY, System.getProperty("wss.csf.key")); Map<String, Object> reqContext = ((BindingProvider) hpmWS).getRequestContext(); reqContext.put(BindingProvider.USERNAME_PROPERTY,"admin"); reqContext.put(BindingProvider.PASSWORD_PROPERTY,"password1"); }
�Additional ERPI Steps Use with standalone ERPI server
�THANK YOU
