<Insert Picture Here>

OWSM Setup

Oracle Web Services Manager (OWSM)

• Manages security aspects of Web Services

• If you plan to use web services exposed by a product, you need to

setup OWSM

• FCM, ERPI, Profitablity, Essbase Provider Services, HFM, DRM

• Uses of web services:

• FCM uses HFM, ERPI web services

• ERPI uses to interact with 3rd party web services

• Profitability exposes web services for batch clients

• HFM exposes web services for FCM

• When you configure SOA for FCM, these setup steps are taken care of and

does not need to be repeated

• EPM Products use the following OWSM Policy:

• Oracle/wss11_saml_or_username_token_with_message_protection_service_policy

Web Services Security in EPM

WebService CSS

WebLogic

User Store

EPM

User Store

1. Web Service Request 2

. A

uth

en

tic

ate

3. Validate With CSS &

Generate Token

Va

lid

ate

Product 4

. Invo

ke

with

CS

S T

ok

en

WebLogic

Users Roles &

Privileges Enforced

Important they are same

High Level Tasks

• Set up database schema using RCU

• Set up OWSM Policy Manager

• Set up Keystore for Message Protection

• Configure WebLogic to corporate directory

Setup Database Schema with RCU RCU posted on eDelivery

Setup Database Schema with RCU Launch rcuHome/bin/rcu.bat; select Create

Setup Database Schema with RCU Enter database connection details

Setup Database Schema with RCU Enter a prefix; Select metadata Services

Setup Database Schema with RCU Provide passwords to be used for the schemas

created

Setup Database Schema with RCU Use default tablespaces (or manage them)

Setup Database Schema with RCU Click Create to create the schema and the tables

Setup Database Schema with RCU Once done, you will get a Success message

Setup OWSM Policy Manager Launching the WebLogic Configuration Wizard

• This needs to be done on the server where the

WebLogic domain for EPM was created

• This is typically the first Foundation Services server

• Make sure the WebLogic Admin Server is not running

• Launch the WebLogic Config Wizard

Setup OWSM Policy Manager Select Extend an existing WebLogic domain

Setup OWSM Policy Manager Select EPM domain

Setup OWSM Policy Manager Select Oracle WSM Policy Manager

Setup OWSM Policy Manager Next through the EPM data sources

Setup OWSM Policy Manager Enter database credentials created using RCU

Setup OWSM Policy Manager Test data source and ensure it connects correctly;

Next through the panels to setup OWSM-PM

Setup OWSM Policy Manager Start Admin Server and login to WebLogic Admin

Console to enable OWSM-PM

Setup OWSM Policy Manager Start Admin Server and login to WebLogic Admin Console to

enable OWSM-PM

Setting up Keystore for Message Protection Create a keystore – the key alias will be used later on

Setting up Keystore for Message Protection Login to Enterprise Manager (EM); Setup Security Provider

Configuration for the domain

Setting up Keystore for Message Protection Expand Keystore; Click on Configure

Setting up Keystore for Message Protection Setup the Keystore; The alias is the alias created in keystore

Alias created in Keystore Alias created in Keystore

Keystore you created

Setting up Keystore for Message Protection Click on a key and Edit to verify the alias

Setting up Keystore for Message Protection Add users for EPM Native Users

Recommended: Setup External Directories

Setting up Keystore for Message Protection Needed for HPCM Sample Client – Setup a key to store EPM

user; Same key is passed in the client

Setting up Keystore for Message Protection When done, restart all the managed servers

Running HPCM Sample Client Ensure the keystore is the first provider

• Move as first provider <jpsContexts default="default">

<jpsContext name="default">

<serviceInstanceRef ref="keystore.inst.0"/>

<serviceInstanceRef ref="credstore"/>

<serviceInstanceRef ref="policystore.xml"/>

<serviceInstanceRef ref="audit"/>

<serviceInstanceRef ref="idstore.ldap"/>

<serviceInstanceRef ref="trust"/>

<serviceInstanceRef ref="pdp.service"/>

<serviceInstanceRef ref="attribute"/>

<serviceInstanceRef ref="idstore.loginmodule"/>

</jpsContext>

Running HPCM Sample Client Updates to hpm_ws_client.properties

# Full Path of the jps-config.xml file in use.

jps.config.file=C:/work/jps-config.xml

#WSS Recipient key alias name used.

wss.recipient.key.alias=epm

# WSS Credential Store Framework key used.

wss.csf.key=hpcm.security

# HPCM WSDL URL which is to be accessed. Eg:

http://localhost:19000/profitability/ProfitabilityService?WSDL (or)

{DRIVE_LETTER}:/{FILE_PATH}/FILE_NAME.wsdl

hpcm.wsdl.url=http://localhost:9500/profitability/ProfitabilityService?WSDL

Key created to store EPM user

Alias created in Keystore

Running HPCM Sample Client Using username/password directly

private void initialize() throws MalformedURLException {

setSystemProperties();

URL hpcmWsdlUrl = new URL(System.getProperty("hpcm.wsdl.url"));

QName qname = new QName("http://profitability.webservices.epm.oracle",

"ProfitabilityService");

hpmServiceProvider = new ProfitabilityService_Service(hpcmWsdlUrl, qname);

SecurityPolicyFeature[] securityFeatures = new SecurityPolicyFeature[] {

new

SecurityPolicyFeature("oracle/wss11_username_token_with_message_protection_client_policy"),

new

SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy") };

hpmWS = hpmServiceProvider.getProfitabilityServicePortType(securityFeatures);

System.setProperty("oracle.security.jps.config", System.getProperty("jps.config.file"));

//((BindingProvider)hpmWS).getRequestContext().put(SecurityConstants.ClientConstants.WSS_RECIPIEN

T_KEY_ALIAS, System.getProperty("wss.recipient.key.alias"));

//((BindingProvider)hpmWS).getRequestContext().put(SecurityConstants.ClientConstants.WSS_CSF_KEY,

System.getProperty("wss.csf.key"));

Map<String, Object> reqContext = ((BindingProvider) hpmWS).getRequestContext();

reqContext.put(BindingProvider.USERNAME_PROPERTY,"admin");

reqContext.put(BindingProvider.PASSWORD_PROPERTY,"password1");

}

Additional ERPI Steps

Use with standalone ERPI server

THANK YOU