Thursday Apr 04, 2013

Identity Context support in OWSM - 11g

Here is another quick post about yet another new feature in PS6. As many of you know we have supported identity propagation for a long time. However as things have evolved - it is clear that propagating just identities is not sufficient. We need to propagate additional contextual information - this may include for ex:

a) In the Mobile world - for example this can include whether the user is using a device that is jail broken or not

b) In the Banking space - the geo-location from where an ATM debit card or credit card might be getting used by the user.

In fact Marc Boroditsky spoke about this in Oracle Open World 2012.

This sets up the need for propagating not just the identity but the entire context! In PS6 we have taken a step in this direction.

Note: There are still some limitations - SOA Suite/OSB - for example don't yet support the ability to propagate the entire identity context.

Friday Feb 15, 2013

Dynamic Policy Selection among alternatives - 11g - follow up

Just a couple of quick follow up points to my blog post on Dynamic Policy Selection.

First a shout out to Chris's blog post on this topic - I missed it since he blogged about it more than 2.5 years back! He is a doing a lot of creative things in that blog post. My post was more around what is supported by OWSM out of the box.

Second - a clarification - the Dynamic Policy Selection is supported only on the service side currently.

Wednesday Nov 14, 2012

Cloud Integration Using Oracle SOA Suite - 11g

There is a very good blog post by Rajesh Raheja on how you can use Oracle SOA Suite for Cloud Integration. He also has a link to white paper on his blog as well.

In a future blog post I will describe some of the security challenges and how to address them using OWSM for Web Services.

Thursday Apr 12, 2012

OEG integration with OSB/OWSM - 11g

This is a follow up to my post on Oracle's layered SOA Security vision. There is a very nice article from Fabio Mazanatti & co describing How to integrate OEG with OSB/OWSM

Check it out!

Friday Mar 30, 2012

OSB Security using OWSM - 11g

Here is a very nice video showing how OWSM can be used to secure OSB from Oracle.

Wednesday Mar 21, 2012

OWSM vs. OEG - When to use which component - 11g

A lot of people both internal to Oracle and customers keep asking about when should OWSM be used vs. OEG. Sometime back I posted Oracle's vision for layered SOA security

Here is a quick summary:

Use OWSM in Green Zone

Use OEG in Red Zone (DMZ)

If you need end-to-end security in which case they will want both OWSM and OEG. This is the topology I would recommend for most customers.

If you need only Green Zone security - then use OWSM in conjunction with Oracle FMW products like SOA Suite, OSB, ADF, WLS, BI, etc both on the Client Side and Service Side (assuming you are using FMW technologies for both Clients and Services).

If you need only Red Zone security - then use OEG on the Service Side. You can use OWSM for the Client Side if you are using FMW to build your clients.

Sunday Mar 18, 2012

How To - Securing a JAX-WS with OWSM Message Protection Policy in JDeveloper - 11g

As promised in this post, here is a How-To that describes how to secure a simple HelloWorld JAX-WS with OWSM message protection policy and test it with SOAP UI.

The How-To reuses the picture I posted earlier about the relationship and interplay b/w Keystore, Credential store, jps-config.xml ,etc.

One of the other more frequent requests I hear from folks within Oracle and customers is how to test OWSM with SOAP UI. SOAP UI in general works very well as testing tool for web services secure with wss10 policies.

Saturday Mar 17, 2012

Podcast on SOA Governance and OWSM - 11g

Anand Kothari the Product Manager for OWSM has a great podcast on SOA Governance and how OWSM, OEG help the SOA Governance story.

Friday Mar 16, 2012

OWSM Policy Repository in JDeveloper - Tips & Tricks - 11g

In this blog post I discussed about the OWSM Policy Repository that is embedded in JDeveloper. However some times people may run into issues with the embedded repository. Here is screen snapshot that shows the error you may run into (click on the image for larger image):

If you run into "java.lang.IllegalArgumentException: WSM-04694 : An invalid directory was provided to connect to a file-base MDS repository." this caused due to spaces in the folder name. Here is a quick way to workaround this issue by running "Jdeveloper.exe - su".

Hope people find this useful!

Friday Feb 24, 2012

OWSM 11gR1 PS5 ( released!!!

Haven't had a chance to blog in quite sometime - but this is a quick post to note that - FMW 11gR1 PS5 was released a few days back and that includes OWSM 11gR1 PS5.

The OWSM documentation lists what is new in 11gR1 PS5 at:

I hope to blog more on some of the new features in 11gR1 PS5 and the use-cases driving the support for these features.

Tuesday Dec 13, 2011

Time travel for OWSM Administrators - 11g

I liked the title of this post from Antony Reynolds so much that I borrowed it for my post! Antony's post talks about the versioning support in OWSM 10g. This post is about the versioning support in OWSM 11g.

Here I will take a simple example, let's say a customer has decided to standardize on Basic192 as the algorithm suite to be used for all message protection policies. The customer can do so by editing - let's say the oracle/wss10_saml_token_with_message_protection_service_policy.

The default value is Basic128 for the OOTB policy that ships with OWSM. Now we have two versions of the oracle/wss10_saml_token_with_message_protection_service_policy.

This is illustrated in the picture below (Click on the images for a larger image):

You can view the version history for any policy by clicking on the "version history" link.

The version history page looks as shown below:

policy version history

You can view the individual versions by clicking on the "view" button in the above image. Below is the version#1 of the oracle/wss10_saml_token_with_message_protection_service_policy.

 Version#2 of the oracle/wss10_saml_token_with_message_protection_service_policy is shown below:

Like in OWSM 10g - you can revert or activate an older version if you realize that the changes that were made were not satisfactory for any reason.


It is important to note some of the limitations that exist in terms of the versioning support in OWSM 11g.

  1. Enforcement does not take policy version into consideration i.e. enforcement is always based on the latest version (in the above case version#2).
  2. While OWSM maintains the version history it does not provide any tooling to view the differences b/w the two versions. However for each version OWSM does maintain information about who edited the policy and when - hence once can talk to person who edited the policy to find out the changes.
  3. Currently versioning is supported only for policies. Versioning is not supported for Assertion templates and Global Policies.
Detailed documentation on the OWSM 11g versioning support can be found here in the Security and Administrators Guide for Web Services.

Monday Nov 28, 2011

Running OWSM WLST commands - 11g

It has been sometime since I posted some materials. I hope to have more tips, best practices - but here is a quick thing that people seem to trip up on..."How to Run OWSM related WLST commands"

The most common issue people seem to run into is trying to run the OWSM WLST commands from the wrong location. You need to run the WLST commands from "oracle_common/common/bin/" (ex: /home/Oracle/Middleware/oracle_common/common/bin/

This is documented in the OWSM doc (Security And Administrator's Guide) under the section "Accessing the Web Services Custom WLST Commands".

Note: This location is different from the location from where you run the SOA WLST commands.

If you try to run the OWSM WLST command from the wrong location - you will see errors like the following: "The MBean ,@ oracle.wsm:*,name=WSMDocumentManager,type=Repository was not found"


In this blog I will discuss mainly features supported by Oracle Web Service Manager (OWSM).


« April 2014