Oracle AIA Recommendations for Policies
26.4 Deploying Security Policies
AIA recommends applying policies globally rather than constraining policy attachment at the individual service level. The global policies are applied when the Foundation Pack is installed. In some cases, it is imperative to override the globally attached client policies with directly attached local policies. General guidelines are given below. ■ Global Authentication Policies are delivered – Eliminates the need to define policies at the composite level. – Global Service Policy applied: oracleaia_wss_saml_or_username_token_ service_policy_OPT_ON. This is a cloned copy of oraclewss_saml_or_username_token_service_policy with Local Optimization set to ON. – Global Service Client Policy applied: oracleaia_wss10_saml_token_client_ policy_OPT_ON This is a cloned copy of oraclewss10_saml_token_client_policy with Local Optimization set to ON. ■ Assess your individual flow needs and harden the services if necessary. Further hardening can be done by associating local policies. ■ Applications invoking secured AIA Web Services need to send credentials. ■ Inter-AIA communication is handled by the Global Service Client Policy.26.4.1 Oracle AIA Recommendations for Policies
In general, determining which policies to use depends on the basic requirements of your organizations security policy. The following questions help determine which policies can be used. ■ Is there a need only to authenticate users? ■ Is there a need for message protection? ■ Will the token be inserted in the transport layer or in a SOAP header? ■ Do you need to use a particular type of token? The following policies should be attached globally to the AIA Services: ■ oracleaia_wss_saml_or_username_token_service_policy_OPT_ON ■ aia_wss_saml_or_username_or_http_token_service_policy_OPT_ON ■ oracleaia_wss10_saml_token_client_policy_OPT_ON oracleaia_wss_saml_or_username_token_service_policy_OPT_ON This is a cloned copy of oraclewss_saml_or_username_token_service_policy with Local Optimization set to ON. This is needed for local optimization to work when both client and service composite are co-located. This policy authenticates users using credentials provided either in SAML tokens in the WS-Security SOAP header or in the UsernameToken WS-Security SOAP header. The credentials in a SAML token are authenticated against a SAML login module, while the credentials in a UsernameToken are authenticated against the configured Working with Security 26-7 identity store. Only plain text mechanism is supported for the UsernameToken. This policy can be applied to any SOAP-based endpoint. aia_wss_saml_or_username_or_http_token_service_policy_OPT_ON This is a cloned copy of oraclewss_saml_or_username_token_service_policy with Local Optimization set to ON and http basic authentication added as an additional option. Clients such as ODI that do not have the infrastructure to use webservices security can call this service using http basic authentication. This is only attached to AIAAsyncErrorHandlerBPEL service. oracleaia_wss10_saml_token_client_policy_OPT_ON This is a cloned copy of oraclewss10_saml_token_client_policy with Local Optimization set to ON. This is needed for local optimization to work when both client and service composite are co-located. This policy includes SAML tokens in outbound SOAP request messages.26.5 Policy Naming Conventions
Parts
» Oracle Fusion Middleware Online Documentation Library
» How to Use the AIA Development Guide Introduction to Project Lifecycle Workbench
» Select a Service Type value: Requestor ABCS, Provider ABCS, Enterprise
» Use the query criteria in the Search area to locate the service solution component
» How to Set Up Environments to Enable Design-Time Harvesting
» Introduction to Bills of Material
» How to Generate a Bill of Material for an AIA Lifecycle Project
» How to View a Bill of Material for an AIA Lifecycle Project
» Introducing Project Lifecycle Workbench Seed Data
» Introduction Oracle Fusion Middleware Online Documentation Library
» Input for Deployment Plan Generator Executing Deployment Plan Generator
» Deploying New or Custom Built Artifacts
» Undeploying Services Oracle Fusion Middleware Online Documentation Library
» Understanding the ODIBOM.xml File
» Understanding the ODI Deployment Plan
» Understanding the Service Annotation Element
» Understanding the Reference Annotation Element Understanding the TransportDetails Element
» How to Annotate the Service Element in a Requester ABCS Composite
» How to Annotate the Service Element in Composite Business Process Composite
» Understanding EBS Types Working with the Enterprise Business Service Library
» Understanding Design Guidelines Understanding Design Considerations
» Creating Routing Rules Working with Message Routing
» Routing at the EBS Guidelines for EBS Routing Rules
» How to Implement Fire-and-Forget Pattern with EBS One-Way Calls Creating EBS WSDLs
» How to Implement the Request-Delayed Response Pattern with the Two One-Way Calls of the EBS
» ABCS Types Introduction to ABCS
» Defining the Role of the ABCS
» Constructing ABM Schemas Analyzing the Participating Application Integration Capabilities
» Introduction to MEPs Choosing the Appropriate MEP
» Outbound Interaction with the Application
» Using BPEL for Building ABCS
» Prerequisites Constructing an ABCS
» ABCS as a Composite Application How Many Components Need to Be Built
» How to Construct the ABCS Composite Using JDeveloper Developing the BPEL Process
» How to Create References, Services, and Components Moving Abstract Service WSDLs in MDS
» Setting Correlation for the Asynchronous Request-Delayed Response MEP
» Using the Programming Models for the Request-Delayed Response Pattern
» Create Invoking Enterprise Business Services
» Update Invoking Enterprise Business Services
» Delete Sync Invoking Enterprise Business Services
» Validate Invoking Enterprise Business Services
» Process Invoking Enterprise Business Services
» Query Invoking Enterprise Business Services
» Introduction to Enabling Requester ABCS for Extension
» Introduction to Enabling Provider ABCS for Extension
» How to Design Extensions-Aware ABCS
» Designing an ABCS Composite with Extension Defining Service at Extension Points
» How to Specify a Concrete WSDL at Deployment Time
» Interfacing with Transport Adapters
» How to Develop Transport Adapters When to Put Adapters in a Single Composite
» How to CAVS Enable the Requester ABCS Introduction to the CAVSEndpointURL Value Designation
» How to Ensure Transactions in AIA Services
» Transactions in Oracle Mediator Transactions in BPEL
» Developing ABCS to Participate in a Global Transaction How to Transaction-Enable AIA Services
» Guidelines for Versioning Versioning ABCS
» Introduction to Enterprise Business Flows
» How to Implement the EBF as a BPEL Service Overview of B2B Integration Using AIA
» B2B Support in AIA Error Handling Framework
» How to Identify the B2B Document Protocol
» How to Identify the B2B Document Type and Definition
» How to Identify the EBO, EBS, and EBM to Be Used How to Design Mappings for the B2B Document
» Introduction to a Provider B2B Connector Service How to Identify the Message Exchange Pattern
» How to Develop a B2BCS Service Contract
» How to Annotate B2B Connector Services
» How to Support Trading Partner-Specific Variants
» How to Enable Error Handling
» How to Route Based on Trading Partner B2B Preferences
» How to Test Using CAVS How to Test Using Dummy Trading Partner Endpoints
» Monitoring Using Oracle B2B Reports Monitoring Using Oracle Enterprise Manager Console
» How to Support Trading Partner-Specific Variants How to Enable Error Handling
» If an additional target is needed, click the Additional Target button on the Service
» Optionally, click the Save As button to save a service solution component request Click Finish.
» Updating SOA MDS with AIA MetaData Using MDS in AIA Content of AIA_HOMEAIAMetaData
» Working with AIA Components Content in AIA_HOMEAIAMetaData
» How to Change an Existing File How to Create a New File
» Introduction to the Tools Used
» Understanding Integration Styles with Integration Framework
» Bulk Data Processing Integration Style Choice Matrix
» Identifying the EBO Designing an Oracle AIA Integration Flow
» Enter your search criteria and click Search to execute a search for a particular
» Inbound Connectivity Outbound Connectivity
» When to Use Web Services with SOAPHTTP
» Session Management for Web Services with SOAPHTTP
» Error Handling for Web Services with SOAPHTTP
» Security for Web Services with SOAPHTTP Message Propagation Using Queues or Topics
» Ensuring Guaranteed Message Delivery When to Use JCA Adapters
» Outbound - Siebel Application Interaction with AIA Services Web Services with SOAPHTTP
» Inbound: E-Business Suite Application Interaction with AIA Services Concurrent Program Executable
» Business Event Subscription JCA Connectivity Using OAPPS Adapter
» Outbound: Oracle E-Business Suite Application Interaction with AIA Services
» Testing an Oracle AIA Integration Flow Design Guidelines
» Initial Data Loads High Volume Transactions with Xref Table Intermittent High Volume Transactions
» Using Error Handling Oracle Fusion Middleware Online Documentation Library
» Click OK to save your changes. Click the Generate and Deploy tab to deploy it on the OC4J server.
» Considerations for Creating Transformation Maps Handling Missing or Empty Elements
» How to Map an Optional Source Node to an Optional Target Node How to Load System IDs Dynamically
» Introduction to DVMs When to Use DVMs Using Cross-Referencing
» Standard Elements Introducing EBM Header Concepts
» Sender Introducing EBM Header Concepts
» Target Introducing EBM Header Concepts
» BusinessScope Introducing EBM Header Concepts
» Use Case: Request-Response Use Case: Asynchronous Process
» Use Case: Synchronous Process with Spawning Child Processes
» EBMTracking Introducing EBM Header Concepts
» Understanding Oracle BPEL Error Handling Understanding Oracle Mediator Error Handling
» What Do I Need to Know About Fault Policy Files
» How to Implement Fault Handling in BPEL Processes
» Guidelines for Defining Fault Policies
» Guidelines for BPEL Catch and Catch-All Blocks in Synchronous Request-Response
» Guidelines for Configuring Mediator for Handling Business Faults
» Overview Implementing Error Handling for the Synchronous Message Exchange Pattern
» Configuring Milestones Implementing Error Handling for the Synchronous Message Exchange Pattern
» Configuring Services Between Milestones
» Describing the EBMReference Element Describing the B2BMReference Element
» Describing the FaultNotification Element
» Introduction to Extending Fault Messages
» In the Error Extension Handler field on the Error Notifications page, enter the
» Introduction to Extending Error Handling Implementing an Error Handling Extension
» Synchronous Request-Reply Pattern: How to get Synchronous Response in AIA
» Asynchronous Fire-and-Forget Pattern AIA Message Processing Patterns
» Guaranteed Delivery Pattern: How to Ensure Guaranteed Delivery in AIA
» Service Routing Pattern: How to Route the Messages to Appropriate Service Provider in AIA
» Extending Existing Schemas in AIA
» Extending AIA Services Extending Existing Transformations in AIA
» Enabling Security for AIA Services
» Overriding Policies Using a Deployment Plan Testing Secured Services using CAVS
» Oracle AIA Recommendations for Policies
» AIA Security Configuration Properties
» Understanding the Structure for Security Context Using Attribute Names
» Interpreting Empty Element Tags in XML Instance Document
» Purging the Completed Composite Instances Syntactic Functional Validation of XML Messages
» Provide Provision for Throttling Capability Artifacts Centralization Separation of Concerns
» Adapters Inside ABCS Composite OR as Separate Composite AIA Governance
» Using BPEL as Glue, Not as a Programming Language
» Avoiding Global Variables Wherever Possible
» How to Use Baselines How to Handle Resource Saturation How to Use Proactive Monitoring
» How to Eliminate Bottlenecks
» How to Tune the Oracle Database Introducing Automatic Workload Repository
» Configuring Performance Related Database Initialization Parameters
» Tuning Redo Logs Location and Sizing Automatic Segment-Space Management ASSM
» Configuring Database Connections and Datasource Statement Caching
» Oracle Metadata Service MDS Performance Tuning
» Configuring SOA Infrastructure Properties
» Configuring BPEL Process Service Engine Properties
» Configuring BPEL Properties Inside a Composite
» Configuring Mediator Service Engine Properties
» How to Tune JMS Adapters How to Tune AQ Adapters
» Overview of AIA Error Handler Framework Purging the Completed Composite Instances
» How to Optimize the JVM Heap - Specifying Heap Size Values
» XML Naming Standards General Guidelines
» Composites Composite Business Process Enterprise Business Services
» Requester Application Business Connector Service Provider Application Business Connector Services
» DVMs DVMs and Cross References
Show more