OWSM user name token service policy Authentication for a proxy service at OSB

      Keystore file will be used to provide secured transaction between the client and server. The keytool command is used to create the key store file which contains the public/private key. This document shows how to create Keystore file and use the same keystore in weblogic Enterprise manager to achieve the OWSM user name token service policy Authentication for a proxy service at OSB.

Authentication with an Oracle Web Services Manager Client Agent

1. Generate a private key in keystore file
2. Verify the newly created keystore file
3. Configure the keystore file in weblogic EM console.

Step 1 - Generate a private key in keystore file
Java Keytool stores the keys and certificates in the keystore file. If you are a “Linux” user, the Keytool command should be executed in the Java bin directory. In my case the directory is “C:\Program Files\Java\jdk1.6.0_12″ and the following command should be executed,

keytool -genkeypair -alias certificatekey -keyalg RSA -validity 365 -keystore keystore.jks

Once the preceding command is executed, you will be asked for the password, for this article, let us give the password as “welcome1”. Once you give the password, you will be asking for the details as specified in the image below

Next we should verify the newly created key store file.
Step 2 – Verify the newly created keystore file
let us verify the newly created keystore.jks file using the following command,
keytool -list -v -keystore keystore.jks
After executing the above command, you will get the details as specified in the image below,

Step 3 – Configure the keystore file in weblogic EM console

Next we should copy the generated Mykeystore.jks to /charter/apps/user_projects/domains/soaosb_domain/config/fmwconfig directory.

Now we have to login into Enterprise Manager (EM) console. The URL for the EM console is http://localhost:7001/em. In my case the login details for this EM console is weblogic/weblogic2. Then we have to navigate to security provider configuration the OSB domain. You will get the details as specified in the image below,

In the security provider configuration page we have navigate to key store section and expand that. Inside the key store section we have a configure button and then click that button. You will get the details as specified in the image below,

It will open a new configure key store page. In that page the Java key store (JKS) as the default key store and in the access attributes we have to specify our Mykeystore.jks.it will refer the default key store path and Let us give the password and confirm password field as ‘welcome1’ which we mentioned at the time of creating the keystore.

 Next we should fill signature key and Encryption key with key Alias as ‘certificatekey’ and same password which we mentioned at access Attributes. Then we have to fill click on ‘Ok’. You will get the details as specified in the image below,

Next we will get the message like the key store is created successfully. You will get the details as specified in the image below,

We have to restart the weblgoic server and then come back to EM console.  In the EM console we have to navigate to Credentials from Soaosb_domain > weblogic Domain > Security > Credentials. You will get the details as specified in the image below,

There is a Create Key Active button inside the Credentials page. You will get the details as specified in the image below,

When you click on the Create Key, there will be a popup will come and we have to give the mandatory fields with proper values. You will get the details as specified in the image below,

In this case I used soa_key as key, user Name as hari and password as welcome1. That user should be available in realm at weblogic admin console. You will get the details as specified in the images below,

Once you click Ok, confirmation for the key will appear in the left side top corner. You will get the details as specified in the images below,

Next we have to login into the OSB console. The URL for this OSB is http://localhost:7001/sbconsole navigate the resource borwser and click on Activate button and choose your proxy service. You will get the details as specified in the images below,

Next choose the ploicies tab for that proxy service and select the From OWSM Policy Store radio button from OWSM Policies at service policy configuration. Click on Add button in service level policies at your proxy service. will get the details as specified in the images below,

Next we have to select the oracle/wss_username_token_service_policy which will be available at very last in the send page of Select OWSM pllicy page and click submit button. will get the details as specified in the images below,

You can see the below proxy service with attached oracle/wss_username_token_service_policy.

Then we have to Activate all changes. will get the details as specified in the images below,

While teste the proxy servie we have to choose our key at Override Value filed. will get the details as specified in the images below,

User Creation

To create the user in the realm we have to login in to the Admin console. The URL of the Admin console is http://localhost:7001/console after login into the admin you have to navigate to my realm from Security Realms. You will get the details as specified in the images below,

Once you click on myrealm settings for myrealm page will open. In that page you have to choose Users and Groups. In the Users and Groups we have to create the user. You will get the details as specified in the images below,