Saturday, August 20, 2011

OSB PKI credential mapper provider

There is no PKI credential mapper provider configured in your security realm. Service key provider management will be disabled. Configure a PKI credential mapper provider if you need service provider support. This is typically the case if you have Oracle Service Bus proxy services with web service security enabled or outbound 2-way SSL connections.


http://download.oracle.com/docs/cd/E17904_01/doc.1111/e15866/model.htm Security in OSB.


"If a proxy service uses public key infrastructure (PKI) technology for digital signatures, encryption, or SSL authentication, create a service key provider to provide private keys paired with certificates."

http://download.oracle.com/docs/cd/E17904_01/doc.1111/e15867/service_key_providers.htm#OSBAG982 Service Key Providers.

http://download.oracle.com/docs/cd/E17904_01/doc.1111/e15866/model.htm#OSBDV1498 how to create a PKI credential mapper in WLS

see this nice post http://tim.blackamber.org.uk/?p=831

First, use keytool to generate a JKS store. keytool.exe is in your JAVA_HOME/bin directory (example: C:\Oracle2\Middleware\jdk160_21\bin)

keytool -genkey -keystore keystorename -storepass keystorepassword
(enter all information, it will generate a keystorename file)
(default keystore type is "jks")

In WL console, go to your myrealm security realm, tab "Providers", "Credential Mappings",

there is a "DefaultCredentialMapper" "WebLogic Credential Mapping Provider".
Create a new one, of type "PKICredentialMapper", edit and go to "Provider Specific"
enter the name of the file you created with keytool (it should have been moved to the DOMAIN_HOME directory), and the password you assigned with keytool

RESTART THE SERVERS NOW

Now in OSB you can create a new Service Key Provider, and enter the 3 keys
Encryption Key , Digital Signature Key, SSL Client Authentication Key
providing the relative password.





No comments: