Configuring OSB server for OWSM

After installing the OWSM component to our WebLogic domain, we will be configuring the OSB server for OWSM. For this, we need to generate a custom Java keystore which contains the server certificates and configure it in Enterprise Manager (EM).

How to do it...

First, let's create a Java keystore which will be used by OWSM. On the command line, perform the following steps:

  1. Navigate to the bin folder of the JDK used by the OSB:
    cd c:[FMWHome]jrockit-jdk1.6.0_20-R28.1in
  2. Generate a new Java keystore with a self-signed server key:
    keytool -genkey -alias serverKey -keyalg "RSA" -sigalg "SHA1withRSA" -dname "CN=server, C=US" -keypass welcome -keystore c:server.jks -storepass welcome
  3. Copy the Java keystore server.jks located at c: to the configfmwconfig folder of the OSB domain:
    cd .... cd user_projectsdomainsosb_cookbook_domainconfigfmwconfigcopy c:server.jks .

    Next, we have to import the Java keystore into Enterprise Manager. Open Enterprise Manager in a browser window (http://localhost:7001/em) and perform the following steps:

  4. Login with the weblogic user account.
  5. In the tree to the left, expand the WebLogic Domain tree node.
  6. Click on osb_cookbook_domain.
  7. In the right window, click on the WebLogic Domain to open the drop-down menu.
  8. Select Security | Security Provider onfiguration.
    How to do it...
  9. In the Security Provider Configuration page, expand the Keystore option.
  10. Click Configure....
    How to do it...
  11. Enter ./server.jks into the Keystore Path field.
  12. Enter welcome into the Password and Confirm Password field.
  13. Enter serverKey into the Key Alias field in the Signature Key section.
  14. Enter welcome into the Signature Password and Confirm Password field.
  15. Enter serverKey into the Crypt Alias field in the Encryption Key section.
  16. Enter welcome into the Crypt Password and Confirm Password feld.
  17. Click OK.
    How to do it...
  18. Restart the server.

    We have successfully created a Java keystore and configured it for our OSB domain.

    Now, let's create a user we will use for the authentication later. In the Service Bus console, perform the following steps:

  19. Navigate to the Security Configuration using the menu on the left side.
  20. Select the Users menu item and click Add New.
  21. Enter osbbook into the User Name field and welcome1 into the New Password and Confirm Password fields.
  22. Leave DefaultAuthenticator for the Authentication Provider and click Save.

    Adding a new user through the Service Bus console can be done outside a change session.

    Next we need to add the osbbook user to the domain credential store. A credential store is a repository of security data. The credential is used later by the Service Bus test console in order to look up the username and password. In Enterprise Manager, perform the following steps to add a credential to the credential store:

  23. In the tree to the left, expand the WebLogic Domain entry and select the domain.
  24. From the WebLogic Domain drop-down list, select Security | Credentials.
    How to do it...
  25. In the Credentials page, expand the oracle.wsm.security node.
  26. Click Create Key and the Create Key pop-up window will be shown.
    How to do it...
  27. Enter osbbook-key into the Key field
  28. Enter osbbook into the User Name field and welcome1 into the Password and Confirm Password field.
  29. Click OK.
    How to do it...

We have now set up the OSB server to work with OWSM and also created and configured the osbbook user which we will use later.

How it works...

In this recipe, we created a Java keystore and this keystore contains a self-signed Server Key which will be used by OWSM. For production it is better to use a certificate which is signed by a known Certificate Authority (CA). The Server Key consists of two parts: the private key part will be used by the receiver to decrypt the incoming messages and to sign the messages and the public key part is used by the sender to encrypt the message and to check the signature.

Enterprise Manager uses the Credential Store Framework (CSF) to store the credentials, such as username/password combinations, tickets, and public key certificates. The configuration of the CSF is maintained in the jps-config.xml file in the domain folder.

There's more...

A credential can also be created from the command line using Web Logic Scripting Toolkit (WLST). In a command window, performthe following steps:

  1. Run wlst.cmd located in the [FMWHome]oracle_commoncommonin folder.
  2. Connect to the domain:
    connect('weblogic','welcome1','t3://localhost:7001')
  3. Create the osbbook-key credential:
    createCred(map="oracle.wsm.security", key="osbbook-key", user="osbbook", password="welcome1",desc="osbbook-key")
  4. Disconnect from WLST:
    disconnect()exit()
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset