Thursday Jun 26, 2014

FMW 12.1.3 released!

FMW 12.1.3 was just released! This release build on top of the FMW 12.1.2 release. The biggest difference b/w FMW 12.1.3 and FMW 12.1.2 - is the addition of SOA, BPM, ODI product suites. 

Here are some quick links for people to get started:

  • You can download SOA 12.1.3 from here
  • OWSM 12.1.3 documentation can be found here

 The key features in OWSM 12.1.3 include:

  1. Ability to secure SOA/OSB REST services and clients.
  2. Some of the security enhancements we introduced in 12.1.2 are now applicable to SOA as well. This includes - better Kerberos support, SPNEGO support, SecureConversation support, etc
  3. Fine grained Authorization support (via integration with OES)
  4. Support for securing SOA/OSB JCA bindings.
  5. PII support for SOA/OSB.
  6. Global Policy Attachments are now supported for OSB and WLS WS as well. 
  7. Added support for ESS based Web Services
  8. Monitoring of OWSM Policies in the context of OSB

You can find more details in the what's new section of the OWSM doc

You can find more details on OSB-OWSM integration in the OSB doc in EM and there is also greater support for OSB-OWSM integration in JDeveloper.

Wednesday Dec 18, 2013

Newbie to SOA/OWSM

Just came across this blog post that provides a one minute overview in Q&A form that I thought would be useful for those who are new to Oracle SOA Suite and OWSM.

You can find other posts on SOA, BPM, OSB, etc as well on the blog:

Thursday Jul 11, 2013

How To - OWSM 12.1.2 Installation

As I mentioned in my previous blog post FMW 12.1.2 was released today. There are a few things that are different in terms of installation for OWSM in 12.1.2 compared to 11g. So I have created a fairly detailed Install How-To with screen shots. This complements the 12.1.2 Install guide.

Note: The How To does not describe all scenarios/topologies. It is mainly intended for demo installs and to give you a quick overview of key steps.

Wednesday Apr 03, 2013

OWSM Mobile Agent for ADF Mobile

Oracle released Mobile Application development framework - called Oracle ADF Mobile sometime back. More details about the Oracle ADF Mobile framework can be found here.

In order to secure the REST/SOAP communication b/w the ADF Mobile App and the backend services - OWSM team has developed an OWSM Mobile Agent.

The capabilities right now are fairly limited - especially when you consider what is supported in the Non-Mobile case! The OWSM Mobile Agent only supports Basic Auth and Basic Auth over SSL and WS-Security Username Token and WS-Security Username Token over SSL policies.

More details about the policies supported can be found here. The good news is building a Mobile client to backend REST/SOAP web service is very similar to how you do in the "Big ADF" world i.e. you use Web Service Data Controls!

Here is the revised layered Service security diagram that I discussed initially in this post:

layered service security

P.S:I didn't see an example of how to build a Mobile App that can make Web Service calls on the Oracle ADF Mobile page; if time permits - I will post some How To's on this front...

Update: Some folks pointed me to this blog post on ADF Mobile Introduction that actually covers how to build and secure web service clients. There is also an official ADF Mobile blog for more details...

Tuesday Apr 02, 2013

OSB and OWSM integration enhancements - 11g

In my previous post, I described one of the key features that we added in OWSM for PS6 was support for securing REST services. I forgot to mention that another key addition in PS6 relates to the OSB/OWSM integration. The integration has been enhanced to address some of the more common issues that were raised by customers.

Two key enhancements in this area include:

a) Support for securing OSB REST services with OWSM Policies.

Note: OSB has not certified all the REST security policies OWSM supports in PS6.

b) Support for Attachments (MTOM, SwA) and OWSM security policies

More details on what is supported in OSB in PS6 can be found here.

Sunday Jul 29, 2012

OPSS vs. OWSM 11g

Have been a bit busy and so blogging has been slow - but I recently came across this blog entry and I thought it would be worth clarifying about the relationship between OPSS and OWSM.

OPSS - Oracle Platform Security Services - provides a security framework and acts as the underlying security layer that addresses both FMW security requirements as well as the base for all the Identity and Access Management products.

Details can be found here.

There is a nice white paper accompanying the recent IDM 11gR2 release - that describes the foundational nature of OPSS. (Yet more material on IDM 11gR2 can be found here.)

The primary security services provided by OPSS include:

a) Authentication Services via Login Modules

b) Keystore Service

c) Credential Store Service - used for storing secrets like passwords (credentials).

d) Audit service

e) Authorization

OWSM is primarily focused on security for Web Services and provides a policy based security model. OWSM implements the various WS-* standards and  leverages OPSS authentication service, Keystore service, Audit service, credential store service, authorization service, etc.

Sunday Mar 18, 2012

How To - Securing a JAX-WS with OWSM Message Protection Policy in JDeveloper - 11g

As promised in this post, here is a How-To that describes how to secure a simple HelloWorld JAX-WS with OWSM message protection policy and test it with SOAP UI.

The How-To reuses the picture I posted earlier about the relationship and interplay b/w Keystore, Credential store, jps-config.xml ,etc.

One of the other more frequent requests I hear from folks within Oracle and customers is how to test OWSM with SOAP UI. SOAP UI in general works very well as testing tool for web services secure with wss10 policies.


In this blog I will discuss mainly features supported by Oracle Web Service Manager (OWSM).


« February 2015