Tuesday, June 23, 2009

OWSM setup for signature verification

Setup OWSM to perform signature validation


Step 1: Getting the wsdl URL for the service to be secured.
  1. Login to the BPEL console. 
  2. Select the process to be secured and copy the wsdl url.
  3. Move to the WSDL tab.
  4. Remove the version from the wsdl location. http://server:port/orabpel/domain/BPELProcess1/1.1/BPELProcess1?wsdl to http://server:port/orabpel/domain/BPELProcess1/BPELProcess1?wsdl and copy the new wsdl url. This will ensure the OWSM is always pointing to the latest version of process deployed.
  5. Remove the version from the endpoint location. http://server:port/orabpel/domain/BPELProcess1/1.1 to http://server:port/orabpel/domain/BPELProcess1 and copy the new endpoint location. This will ensure the OWSM is always pointing to the latest version of process deployed.

To secure a java web service (or any other web service), get the correct web service wsdl URL.

Step 2: Register the web service in
  1. Login to OWSM.
  2. Go to PolicyManager --> Register Services. Click on Services.
  3. Click add new service.
  4. Insert the required details. Please note enter the correct wsdl URL from step 1.4 without the version and then click next.

    5.  Click Finish and then commit. 
    6.  Go back to RegisterSerices --> List Of Services, find the service created and click on edit.

Note the Service URL and the Service Endpoint URL. These will be provided to the client and also used for testing.
  7.  Click on Modify Policy
  8. In the Request pipeline, click on 'Add Step Below' in the Log step and click OK.

 9.  Click on configure in the VerifySignature step. Fill in the appropriate values. Use serverpass for the value while creating the keystore and the alias as the value while importing the client certificate.

  10.  Click OK and the commit the changes. The update to the signature are done.

No comments: