Sie sind auf Seite 1von 22

Document 1144313.

1 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

PowerView is Off
Dashboard

Knowledge

Service Requests

(0)

Tuli (Available)

Contact Us

Help

Patches & Updates


Give Feedback...

Setting Up SAML Token Security for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3 (Doc ID
1144313.1)

Setting Up SAML Token Security for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3
See Change Record

Overview

To Bottom

Was this document helpful?


Yes
No

Document Details

Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3 supports Username Token and SAML Token security options
for authenticating inbound requests. This document describes the setup steps required to configure SAML Token security on
Oracle E-Business Suite 12.1.3 installation.
The following topics are included in this document:
Section 1: SAML Setup Steps for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3
Section 1.1: Steps to be Followed at Run Time by Client While Sending Web Service Request with SAML Token
Section 1.2: How to Work With Java 7 Keytool
Section 2: Steps to Test an Oracle E-Business Suite Integrated SOA Gateway Web Service Using soapUI with SAML
Token
Section 2.1: Deploying a Web Service from Oracle E-Business Suite Integrated SOA Gateway
Section 2.2: Creating a Project in soapUI 3.5 Using WSDL
Section 2.3: Configuring and Testing an Outgoing Web Service
Section 3: Steps to Test a Web Service Deployed with SAML Token Policy Using JAX-WS Client

Note: For more information about Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3, see the following
Knowledge Documents on My Oracle Support (formerly OracleMetaLink):
1494997.1: Oracle E-Business Suite Release 12.1.3: Integration Products and Technologies Primer
1096553.1: Oracle E-Business Suite Integrated SOA Gateway Release Notes for Release 12.1.3
556540.1: Installing Oracle E-Business Suite Integrated SOA Gateway, Release 12
726414.1: Oracle E-Business Suite Integrated SOA Gateway Troubleshooting Guide, Release 12

Section 1: SAML Setup Steps for Oracle E-Business Suite Integrated SOA
Gateway Release 12.1.3
Perform the following steps to set up SAML Token security for Oracle E-Business Suite Integrated SOA Gateway release
12.1.3:
1. Ensure patch 7366746 (WLP: Enabling "Use SAML Authorization: Verify Signature" Doesn't Require SAML Token) is
applied.
2. Perform the following setup tasks both on the client side and server side to ensure SAML Token security works
properly:
Client Side: Web service client which intends to send SAML token with the Web service request.
Server Side: Oracle E-Business Suite middle tier which has the Web Service Provider (Server).

Client Side Setup:

Type:
Status:
Last Major
Update:
Last Update:

REFERENCE
PUBLISHED
Oct 4, 2014
Jul 23, 2015

Related Products
Oracle E-Business Suite
Integrated SOA Gateway
Information Centers
E-Business Suite Product
Information Center Index
[444.2]

Document References
No References available for
this document.
Recently Viewed
Setting Up SAML Token
Security for Oracle
E-Business Suite Integrated
SOA Gateway Release
12.1.3 [1144313.1]
Configuring Oracle
E-Business Suite Integrated
SOA Gateway Release
12.1.2 and Release 12.1.3 in
a Multinode Environment
[1081100.1]
Lease Management R12.1.3
Rup3 - Delta 30 patch (July /
2015) [2035996.1]
WS: 15: Automatically
Spread Unapplied Cash
Receipts and Credits to Real
Estate (Property)
Management Invoices
[626850.1]
Is JDeveloper 10g Certified
Against Windows 7 ?
[1099913.1]
Show More

Perform the following steps to set up trusted node on the client side using Public Key
Infrastructure (PKI):
1. Create or obtain a Keypair for the client.
The client needs to either create or obtain from a CA, a V3 Certificate which has a
Subject Key Identifier (SKI). See the Section 1.2: How to Work With Java 7 Keytool
to create a sample Keypair.
2. Send the public key to Oracle E-Business Suite server administrator.
The client administrator needs to export the client's public key from the client key
store and sends the key to the Oracle E-Business Suite administrator. The trusted
client node public key must reside and be imported into the Oracle E-Business Suite
middle tier keystore. See the Section 1.2: How to Work With Java 7 Keytool to
export a client public key from a keystore.

8/18/2015 10:46 AM

Document 1144313.1

2 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

3. The client administrator should communicate to the server administrator, an identifier,


indicating the name of the provider generating the SAML assertion. This identifier is used in
the SAML assertion and sent to server with Web service request. The server administrator
needs to configure this identifier on server. This identifier can be the domain name of the
trusted node. See Step 2 in the Server Side Setup section.
4. Import the public key of server side keystore to client side keystore.

Server Side Setup:


Oracle E-Business Suite system administrator needs to perform the following steps on the server
side:
1. Create a keystore and key-pair or obtain from a CA.
The server needs to have a keystore where the public keys for all the trusted nodes
are maintained and also its own key-pair is stored. See the Section 1.2: How to
Work With Java 7 Keytool to create a sample Keypair. The path to this keystore
needs to be mentioned in $INST_TOP/ora/10.1.3/j2ee/oafm/config
/wsmgmt.xml. Use the following xml to mention the keystore details, inbound and
outbound signature and encryption configuration. Find the intended port (service)
which is deployed with SAML Token. Replace everything in between
<security>
...
</security>
with following xml:
<key-store store-pass="<keystore_pass>" path="<path_to_keystore>"/>
<signature-key alias="<server_key>" key-pass="<server_key_pass>"/>
<encryption-key alias="<server_key>" key-pass="<server_key_pass>"/>
<inbound>
<verify-saml-token/>
<verify-signature>
<signature-methods>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>
<element name-space="http://schemas.xmlsoap.org/soap/e
</tbs-elements>
</verify-signature>
<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
</encryption-methods>
<tbe-elements>
<element name-space="http://schemas.xmlsoap.org/soap/e
<element name-space="urn:oasis:names:tc:SAML:1.0:asser
</tbe-elements>
</decrypt>
</inbound>
<outbound>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://sche
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<use-request-cert>true</use-request-cert>
<encryption-method>AES-128</encryption-method>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://sch
</tbe-elements>
</encrypt>
</outbound>
Note: This configuration is port (service) specific and will have its effect for only one
service. Following is a sample configuration for service FND_USER_PKG_Service
which is deployed with SAML token security:
<port app="oafm" web="webservices" service="FND_USER_PKG_Service" port="FND_USER_PK
<runtime enabled="security">
<security>
<key-store store-pass="welcome" path="/slot/ems3482/appmgr/rajeevkk/new/server.jk
<signature-key alias="server_key" key-pass="welcome"/>
<encryption-key alias="server_key" key-pass="welcome"/>
<inbound>
<verify-saml-token/>
<verify-signature>
<signature-methods>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>

8/18/2015 10:46 AM

Document 1144313.1

3 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

<element name-space="http://schemas.xmlsoap.org/soap/envelope/"
</tbs-elements>
</verify-signature>

loca

<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
</encryption-methods>
<tbe-elements>
<element name-space="http://schemas.xmlsoap.org/soap/envelope/" local<element name-space="urn:oasis:names:tc:SAML:1.0:assertion" local-part
</tbe-elements>
</decrypt>
</inbound>
<outbound>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://schemas.xmlsoap.o
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<use-request-cert>true</use-request-cert>
<encryption-method>AES-128</encryption-method>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://schemas.xmlsoap.or
</tbe-elements>
</encrypt>
</outbound>
</security>
</runtime>
</port>
2. Import the exported client public key into server keystore. See the Section 1.2: How to
Work With Java 7 Keytool to import client's public key in server keystore.
3. Update $INST_TOP/ora/10.1.3/j2ee/oafm/config/system-jazn-data.xml for
OAFM with the trusted node issuer identifier.
Locate the loginmodule
oracle.security.jazn.login.module.saml.SAMLLoginModule under
application OAFM. Create a new entry for the trusted node, for example:
<login-module>
<class>oracle.security.jazn.login.module.saml.SAMLLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>issuer.name.1</name>
<value>www.oracle.com</value>
</option>
<option>
<name>issuer.name.2</name>
<value>www.trustednodedomain.com</value>
</option>
<option>
<name>issuer.name.3</name>
<value>www.domain.com</value>
</option>
<option>
<name>addAllRoles</name>
<value>true</value>
</option>
</options>
</login-module>
4. Stop and restart OAFM server using the following commands:
$ADMIN_SCRIPTS_HOME/adoafmctl.sh stop
$ADMIN_SCRIPTS_HOME/adoafmctl.sh start

Section 1.1: Steps to be Followed at Run Time by Client While Sending Web Service Request
with SAML Token
1.
2.
3.
4.
5.

Create a Web service SOAP request as per the service definition.


Add SAML Token to the Web service request.
Digitally sign the Web service request using client's public key.
Encrypt the Web service request using client's private (server's public) key.
Send the SOAP request to server.

Section 1.2: How to Work With Java 7 Keytool

8/18/2015 10:46 AM

Document 1144313.1

4 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

jdk1.7 has an option to create V3 certificates with SKI.


Command to create a keypair:
<jre1.7.0>/bin/keytool -genkeypair -alias client_alias -keyalg "RSA" -sigalg
"SHA1withRSA" -dname "cn=xxx, ou=ATG, o=Oracle, c=US" -keypass <new password for
private key> -keystore client.jks -storepass <new password for keystore> -validity
5000
Command to export client's public key:
<jre1.7.0>/bin/keytool -export -alias client_alias -file public_key.cer -keystore
client.jks
Command to import a public key in a keystore on server side:
<jre1.7.0>/bin/keytool -import -alias some_alias -file public_key.cer -trustcacerts
-keystore server.jks
For more information on Java keytool utility, see: http://docs.oracle.com/javase/6/docs/technotes/tools/windows
/keytool.html.

Section 2: Steps to Test an Oracle E-Business Suite Integrated SOA Gateway


Web Service Using soapUI with SAML Token
Note: SoapUI is an open source SOA-based Web service testing tool. Oracle E-Business Suite Integrated SOA Gateway
release 12.1.3 uses soapUI 3.5 to test services with SAML Token security. After obtaining and installing soapUI 3.5, you
need to perform some setup tasks before using it. For these setup tasks, see Section 2.3: Configuring and Testing an
Outgoing Web Service for details.

This section includes the following topics:


Section 2.1: Deploying a Web Service from Oracle E-Business Suite Integrated SOA Gateway
Section 2.2: Creating a Project in soapUI 3.5 Using WSDL
Section 2.3: Configuring and Testing an Outgoing Web Service

Section 2.1: Deploying a Web Service from Oracle E-Business Suite Integrated SOA Gateway
Perform the following steps to deploy a Web service enabled through Oracle E-Business Suite Integrated SOA Gateway:
1. Log on to Oracle Integration Repository with the integration repository administrator role through the Integrated
SOA Gateway responsibility. Select the Integration Repository link.
2. In the Integration Repository tab, select 'Interface Type' from the View By drop-down list.
3. Expand an interface type node to locate your desired service that you want to deploy. For example, locate the
'FND_USER_PKG' service.
4. Click the interface definition name link to open the Interface Details page.
5. From the Web Service - SOA Provider region, select the SAML Token (Sender Vouches) check box and click the Deploy
button to deploy the service from the Integration Repository user interface. Once the generated service is successfully
deployed, the 'Deployed' Web Service Status appears along with the Redeploy and Undeploy buttons allowing you
to redeploy or undeploy the service.

8/18/2015 10:46 AM

Document 1144313.1

5 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

Section 2.2: Creating a Project in soapUI 3.5 using WSDL


Perform the following steps to create a project in soapUI 3.5:

8/18/2015 10:46 AM

Document 1144313.1

6 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

1. Create a project in soapUI using WSDL of the deployed service.

2. Configure soapUI for keystore by adding a new keystore.

Section 2.3: Configuring and Testing an Outgoing Web Service


Perform the following steps to configure and test an outgoing Web service:

8/18/2015 10:46 AM

Document 1144313.1

7 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

1. In the project, configure outgoing WS-Configuration by creating a new configuration, for example,
ISG_FND_USER_PKG_CONF.

2. Add SAML Entry to outgoing WS-Configuration ISG_FND_USER_PKG_CONF


Enter Sample Assertion:
<Assertion AssertionID="be7d9814c36381c27fefa89d8f27e126" IssueInstant="2009-10-05T07:51:57.374Z"
Issuer="www.oracle.com" MajorVersion="1" MinorVersion="1" xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"><Conditions NotBefore="2009-10-05T07:51:57.374Z"
NotOnOrAfter="2015-10-15T17:51:57.374Z"/>
<AuthenticationStatement AuthenticationInstant="2009-10-05T07:51:57.374Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
<Subject>
<NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
NameQualifier="notRelevant">SYSADMIN</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
</SubjectConfirmation>
</Subject>
</AuthenticationStatement>
</Assertion>

Note: Ensure that the username (such as SYSADMIN) mentioned in the <NameIdentifier> element of
the SAML assertion has the security grants on the operations to be invoked using SAML Token.
Add SAML Entity as shown in the following screenshot:

8/18/2015 10:46 AM

Document 1144313.1

8 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

3. Configure Timestamp entry for Outgoing WS-Configuration ISG_FND_USER_PKG_CONF as follows:

8/18/2015 10:46 AM

Document 1144313.1

9 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

4. Use the following steps to add Signature Entry to Outgoing WS-Configuration ISG_FND_USER_PKG_CONF:
1. Choose the correct client keystore from the drop-down menu.
2. Select the correct alias of the client keypair from the drop-down menu.
3. Enter password for client keystore.
4. Select Key Identifier Type as 'Subject Key Identifier'.
5. Select Signature Algorithm and Signature Canonicalization as shown in the image.
6. Make sure that Use Single Certificate checkbox is unchecked.
7. Add the following parts:
Name

Namespace

Encode

Body

http://schemas.xmlsoap.org/soap/envelope/

Element

Timestamp

http://docs.oasis-open.org/wss/2004/01/oasis-200401wss-wssecurity-utility-1.0.xsd

Element

8/18/2015 10:46 AM

Document 1144313.1

10 of 22

Assertion

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

urn:oasis:names:tc:SAML:1.0:assertion

Element

5. Use the following steps to add Encryption Entry to outgoing WS-Configuration ISG_FND_USER_PKG_CONF:
1. Choose the correct client keystore from the drop-down menu.
2. Select the correct alias of the server keypair from the drop-down menu.
3. Enter password for client keystore.
4. Select Key Identifier Type as 'Subject Key Identifier'.
5. Select Symmetric Encoding Algorithm, Key Encryption Algorithm and Encryption Canonicalization as shown
in image.
6. Make sure that Create Encrypted Key checkbox is checked.
7. Add following parts:Name

Namespace

Encode

Body

http://schemas.xmlsoap.org
/soap/envelope/

Content

Assertion

urn:oasis:names:tc:SAML:1.0:assertionContent

8/18/2015 10:46 AM

Document 1144313.1

11 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

6. Adding Incoming WS-Security Configurations


Click on plus (+) sign.
Enter a name and click OK.
Select Decrypt Keystore and Signature Keystore and provide the keystore password.

8/18/2015 10:46 AM

Document 1144313.1

12 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

7. Save the project.


8. For an operation (Testusername) enter all necessary fields in the request. Click the Authentication and securityrelated settings tab at the bottom of the request panel in soapUI. In the Outgoing WSS field, select
ISG_FND_USER_PKG_CONF for the Outgoing WS-Security Configuration from the drop-down selection and Select
ISG_FND_USER_PKG_IN_CONF for the Incoming WSS drop down.

8/18/2015 10:46 AM

Document 1144313.1

13 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

9. Invoke the service. Upon prompt for "Password required for WSS Processing" enter the password for the client
keystore. Make sure the valid response received does not have security error.

8/18/2015 10:46 AM

Document 1144313.1

14 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

Section 3: Steps to Test a Web Service Deployed with SAML Token Policy
Using JAX-WS Client
Perform the following steps to create a JAX-WS client and test a Web service deployed with SAML Token policy:
1. Deploy the service (for example, FND_USER_PKG) with SAML Token security that you want to perform the test. For
information on how to deploy a service, see Section 2.1: Deploying a Web Service from Oracle E-Business Suite
Integrated SOA Gateway.
2. Open Oracle JDeveloper 11g to create a JAX-WS client.
3. Select File > New to open the New Gallery page. In the All Technologies tab, select the Generic Project icon from the
Items region in the right pane of the page. Click OK.

8/18/2015 10:46 AM

Document 1144313.1

15 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

4. In the Create Generic Project page, enter the project name such as 'JAX-WSSAML Tester'. Click Finish.

5. Locate the generic project name (such as 'JAX-WSSAML Tester') you just created from the project list in the
Application Navigator tab. Right click on the project name and click New.
6. Create a Web service proxy by selecting Web Services under the Business Tier node from the Categories region, and
the Web Service Proxy icon from the Items region. Click OK.

8/18/2015 10:46 AM

Document 1144313.1

16 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

7. The Create Web Service Proxy wizard is displayed. Click Next.


8. Select the JAX-WS Style radio button from the Create Web Service Proxy - Select Client Style page. Click Next.

9. Select the deployed service WSDL URL that you want to test from the WSDL Document URL drop-down list. Select the
Copy WSDL Into Project check box and click Next.

8/18/2015 10:46 AM

Document 1144313.1

17 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

10. Click Next in the Create Web Service Proxy - Specify Default Mapping Options page.
11. Click Next in the Create Web Service Proxy - Port Endpoints page to leave the current Endpoint URL unchanged.

12. In the Create Web Service Proxy - Asynchronous Methods page, ensure the Generate asynchronous methods
where specified by the JAX-WS binding radio button is selected. Click Next.

8/18/2015 10:46 AM

Document 1144313.1

18 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

13. In the Create Web Service Proxy - Policy page, select the
oracle/wss10_saml_token_with_message_protection_client_policy check box from the Policies list. Click
Next.

Note: If Username Token security policy is used, then select the


oracle/wss_username_token_client_policy check box from the list instead.
14. Click Next in the Create Web Service Proxy - Defined Handlers page.

8/18/2015 10:46 AM

Document 1144313.1

19 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

15. Click Finish in the Create Web Service Proxy - Finish page. This generates all the service endpoints for your deployed
service including all methods within the service.

Please note that the FND_USER_PKG_PortClient.java file is opened by fault in Oracle JDeveloper.

8/18/2015 10:46 AM

Document 1144313.1

20 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

16. Add the following import statement to the FND_USER_PKG_PortClient.java file:


import
import
import
import
import
import

java.util.Map;
javax.xml.bind.JAXBElement;
javax.xml.ws.BindingProvider;
javax.xml.ws.WebServiceRef;
oracle.wsm.security.util.SecurityConstants;
weblogic.wsee.jws.jaxws.owsm.SecurityPolicyFeature;

Note: If Username Token security policy is used, then add the following additional import statement to
FND_USER_PKG_PortClient.java file:
import
import
import
import
import

java.util.ArrayList;
java.util.List;
weblogic.wsee.security.unt.ClientUNTCredentialProvider;
weblogic.xml.crypto.wss.WSSecurityContext;
weblogic.xml.crypto.wss.provider.CredentialProvider;

17. Create directory policies/oracle under META_INF directory of Project Output Directory (classes folder). Copy
policy file wss10_saml_token_with_message_protection_client_policy to
<Project_Output_Directory>/META_INF/policies/oracle. Policy file is shipped through Patch 14749963.
18. Add the following statement in the main method of FND_USER_PKG_PortClient.java file:
BindingProvider bindingProvider = (BindingProvider) fND_USER_PKG_PortType;
Map<String,Object> context = (Map<String,Object>)bindingProvider.getRequestContext();
context.put(BindingProvider.USERNAME_PROPERTY,"sysadmin");
String keystoreLoc = "D:\\WorkSpace\\JAXWSClientTest\\PKTESTPKGTest\\SAMLFILES\\client.jks";
context.put(SecurityConstants.ClientConstants.WSS_KEYSTORE_LOCATION, keystoreLoc);
context.put(SecurityConstants.ClientConstants.WSS_KEYSTORE_PASSWORD, "password" );
context.put(SecurityConstants.ClientConstants.WSS_KEYSTORE_TYPE, "JKS" );
context.put(SecurityConstants.ClientConstants.WSS_SIG_KEY_ALIAS, "client_key" );
context.put(SecurityConstants.ClientConstants.WSS_SIG_KEY_PASSWORD, "password" );
context.put(SecurityConstants.ClientConstants.WSS_ENC_KEY_ALIAS, "client_key" );
context.put(SecurityConstants.ClientConstants.WSS_ENC_KEY_PASSWORD, "password" );
context.put(SecurityConstants.ClientConstants.WSS_RECIPIENT_KEY_ALIAS, "server_key");
com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.ObjectFactory of =
new com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.ObjectFactory();
com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.SOAHeader header = of.createSOAHeader();
header.setResponsibility("SYSTEM_ADMINISTRATOR");
com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.testusername.ObjectFactory of1 =
new com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.testusername.ObjectFactory();
JAXBElement<String> user = of1.createInputParametersXUSERNAME("SYSADMIN");
com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.testusername.InputParameters body =of1.createInp
body.setXUSERNAME(user);
com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.testusername.OutputParameters out = of1.createOu
out = fND_USER_PKG_PortType.testusername(header, body);
JAXBElement<Integer> output = out.getTESTUSERNAME();
Integer retVal = output.getValue();
System.out.println("Output is : "+retVal);
Ensure that you modify the keystore location, key aliases, and passwords in the following code snippet for SAML
Token security:
String keystoreLoc = "D:\\WorkSpace\\JAXWSClientTest\\PKTESTPKGTest\\SAMLFILES\\client.jks";
context.put(SecurityConstants.ClientConstants.WSS_KEYSTORE_LOCATION, keystoreLoc);
context.put(SecurityConstants.ClientConstants.WSS_KEYSTORE_PASSWORD, "password" );
context.put(SecurityConstants.ClientConstants.WSS_KEYSTORE_TYPE, "JKS" );
context.put(SecurityConstants.ClientConstants.WSS_SIG_KEY_ALIAS, "client_key" );
context.put(SecurityConstants.ClientConstants.WSS_SIG_KEY_PASSWORD, "password" );
context.put(SecurityConstants.ClientConstants.WSS_ENC_KEY_ALIAS, "server_key" );
context.put(SecurityConstants.ClientConstants.WSS_ENC_KEY_PASSWORD, "password" );
context.put(SecurityConstants.ClientConstants.WSS_RECIPIENT_KEY_ALIAS, "server_key")

Note: If Username Token security policy is used, then add the following snippet to the method of
FND_USER_PKG_PortClient.java file instead:
BindingProvider bindingProvider = (BindingProvider) fND_USER_PKG_PortType;
Map<String,Object> rc = (Map<String,Object>)bindingProvider.getRequestContext();
List<CredentialProvider> credProviders = new ArrayList<CredentialProvider>();
credProviders.add(new ClientUNTCredentialProvider("sysadmin".getBytes(),"sysadmin".getBytes()));
rc.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
rc.put(BindingProvider.USERNAME_PROPERTY, "sysadmin");
rc.put(BindingProvider.PASSWORD_PROPERTY, "password");
com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.ObjectFactory of =
new com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.ObjectFactory();
com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.SOAHeader header = of.createSOAHeader();
header.setResponsibility("SYSTEM_ADMINISTRATOR");
com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.testusername.ObjectFactory of1 =
new com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.testusername.ObjectFactory();
JAXBElement<String> user = of1.createInputParametersXUSERNAME("SYSADMIN");

8/18/2015 10:46 AM

Document 1144313.1

21 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.testusername.InputParameters body =
of1.createInputParameters();
body.setXUSERNAME(user);
com.oracle.xmlns.apps.fnd.soaprovider.plsql.fnd_user_pkg.testusername.OutputParameters out =
of1.createOutputParameters();
out = fND_USER_PKG_PortType.testusername(header, body);
JAXBElement<Integer> output = out.getTESTUSERNAME();
Integer retVal = output.getValue();
System.out.println("Output is : "+retVal);
Additionally, ensure that you modify the following code snippet with actual values for Username (such as sysadmin
Password.
credProviders.add(new ClientUNTCredentialProvider("sysadmin".getBytes(),"sysadmin".getBytes()));
rc.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
rc.put(BindingProvider.USERNAME_PROPERTY, "sysadmin");
rc.put(BindingProvider.PASSWORD_PROPERTY, "password");

19. After adding the above code in the main method of the FND_USER_PKG_PortClient.java file, you will be able to
invoke TESTUSERNAME operation within the FND_USER_PKG service by running the
FND_USER_PKG_PortClient.java file. Please note that you need to change keystore location and key/aliases
according to your keystore location and aliases.
Notice the response in the message log.

CHANGE RECORD
Date

Description

October 3,
2014

Updated section 2.3, step 4 and step 5.

April 9, 2013

Updated the first Note in section 2 and added deployment information in step 1, section 3.

February 5,
2013

Updated step 9 in section 2.3.

December 19,
2012

Updated SAML setup modification steps with Patch 14749963 for policy file.

October 15,
2012

Added My Oracle Support Knowledge Document 1494997.1 reference in the second Note.

June 8, 2012

Added a Note and updated steps 7 and 8 in section 2.3.

June 5, 2012

Added step 4 in Server Side Setup, section 1: SAML Setup Steps for Oracle E-Business Suite Integrated
SOA Gateway Release 12.1.3.

May 30, 2012

Added section 3: Steps to Test a Web Service Deployed with SAML Token Policy Using JAX-WS Client.

July 9, 2010

Published document.

Oracle
Copyright Notice
Copyright 2010, 2014 Oracle. All rights reserved.
Trademark Notice

8/18/2015 10:46 AM

Document 1144313.1

22 of 22

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=251...

Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporation
and/or its affiliates. Other names may be trademarks of their respective owners.

Didn't find what you are looking for?

Ask in Community...

Attachments
encryption (99.41 KB)
Policy (94.1 KB)
signature (97.46 KB)
Timestamp (74.16 KB)
addsamlentity.gif (227.37 KB)
applyowss.gif (209.38 KB)
applyowss1 (208.11 KB)
applywss1 (72.27 KB)
client1 (46.23 KB)
configurekeystore.gif (130.1 KB)
configureowss.gif (144.85 KB)
decrypt (65.17 KB)
deploy.gif (254.13 KB)
encrentity.gif (192.26 KB)
finish (170.75 KB)
javafile (228.91 KB)
log1 (160.05 KB)
method (90.81 KB)
point1 (76.44 KB)
project (40.93 KB)
projectname (55.3 KB)
request (91 KB)
response (138.23 KB)
signentity.gif (182.39 KB)
soapproject.gif (52.14 KB)

Related
Products
Oracle E-Business Suite > Applications Technology > Integration > Oracle E-Business Suite Integrated SOA Gateway > Documentation > Documentation
Back to Top
Copyright (c) 2015, Oracle. All rights reserved.

Legal Notices and Terms of Use

Privacy Statement

8/18/2015 10:46 AM