Leave a Comment:
42 comments
I’ve a question on this architecture diagram. If the gateways are load balanced (active active), why Oracle suggested to implement active/passive architecture for OWSM Monitor? Is there any specific reason?
Reply see the below oracle doc link
http://download.oracle.com/docs/cd/E10291_01/doc.1013/e10298/depovrvw.htm
Figure 2-1 from the above link says that OWSM monitor is not load balanced. Moreover we have single monitor for the load balanced gateway.
Actually we are upgrading from OWSM 3.5.4 to 10.1.3.3 and from the document we decided to have active/passive model for monitor and active/active model for gateway & policy manager.
however in our current setup (OWSM 3.5.4) gateway, policymanager and monitor are load balanced (active/active)
do you know why Oracle proposed a active/passive model for monitor in OWSM 10.1.3.3
your information in this regard is highly appreciated.
Thanks
Reply 
Hi Awesome,
Yes, you are right as per documentation above it is mentioned that in Oracle Web SErvice manager, you can have only one instance of OWSM monitor and hence you see architetcture diagram shown in 2.1
Check with Oracle Support team (OWSM dev team for justification)
Here is extract from guide
##
However, you can only have one instance of Oracle WSM Monitor in your entire Oracle Web Services environment. Therefore, you must disable the Oracle WSM Monitor on vhost1 and vhost2
##
Thanks for ur quick reply…
Already we had a discussion with Oracle dev team…We didn’t ask why its active/passive but we asked how the monitor is scalable if it is configured active/passive…Oracle suggested some ways to turn Monitor for better scalability (like…increase buffer size [don’t know which buffer size??!!], logically group gateways and have single monitor for each group however they are not load balanced)
So there are two questions
First, why monitor is active/passive?
Second, how monitor can be scalable if it is configured active/passive?
Since we had lot of other architecture related questions to Oracle on that day we had conference with Oracle, I couldn’t take much time to ask theses questions to Oracle dev team…
Can you help me to find out a good forum/site/person to contact to address these questions?? Please share your thoughts also if you have some idea on above questions…
Thanks
Reply Atul,
I need some clarification on OHS installation
in production environment.
Gateway has it own HTTPListener. 1) Shall we use the gateway’s HTTPListener in production environment? 2) If we shouldn’t use Gateway’s HTTPlistener, how OHS should be installed & configured?
Very much appreciated your thoughts or related document any.
Thanks
Reply Awesome,
OWSM Gateway as mentioned above are deployed on OC4J and act as proxy for web service.
If you wish to use OWSM with OHS use 10.1.3.1 OAS version with advanced install (SOA) J2EE, Web Server and SOA Suite.
Do let me know if I have understood your issue correctly and this deployment is fine with your implementation.
Reply Yes, as u said, we planned to deploy OWSM gateway on OC4J instance where gateway act as a proxy for the web services which do authentications, logging as predefined and custom policy steps.
My doubt here is, in our current OWSM 3.5.4 implementation, gateway deployed in Weblogic instance. A load balancer (Virtual IP Hardware) will redirect the request to the load balanced gateways (Weblogic instance). So here we don’t have the HTTP listener concept.
But in new OWSM 10.1.3.3 architecture (advance installation), Oracle proposed to have OHS in between the Load balancer and the Gateway (deployed in OC4J instance). So our doubt is:
1. Should we have a separate host to install OHS in production environment?
2. Do OC4J instance will have inbuilt HTTPListener (built-in webserver in the application sever)? If yes, do we need to disable the built-in HTTPListener and have to install OHS in a new host (machine)? (we assume, The new OHS host will be between the load balancer and the OC4J gateway instance). I guess this question looks messy!!
Please give your thoughts on this.
Thanks…
Reply 1. Should we have a separate host to install OHS in production environment?
This OHS is optional, if you wish to integrate with SSO or need OHS for any other functioanlity then you can use it else select basic install of SOA suite which is just OC4J and soa application (owsm,esb,bpel) deployed on this OC4J
OC4J instance will have inbuilt http listener (default port 8888)
There is no need to disable OHS, its required only in case you wish to deploy OHS on seperate machine.
OHS forward request to OC4J using mod_oc4j module of OHS
Reply
Hi All,
Please help me with the following issue:-
“Many of us in the Finance department are having an issue with logging back in to Oracle when our session is not valid due to lack of activity. It keeps telling us to log in. It is a circle we cannot get out of unless we log off of Oracle completely and start over. Is there anything you can do for us”
Regards,
Mahender.
Hi Atul,
I am trying to inject OWSM Server Agent in one of our our Existing WebServices hosted on BEA WEBLOGIC and another .NET service hosted on IIS. I am using OWSM 10.1.3.3 version of setup …I need help in following steps:-
1)
While doing “Add New Component” in Policy Management for OWSM…how to get other “Container types” options in combo box i.e BEA 8.1\IIS …currenty it shows only OC4J|AXIS|OTHER (other is showing but i do not know how to use this option for BEA).
Do i need to install something ?
2)
Another issue i see is in step :- “Adding the Server Agent with the Web Service” i.e on opening Cluster Topology page using http://localhost:8888/em i can see only “home” for OC4j container (other contaners BEA \IIS not showing)….
i am not sure how to get BEA Weblogic container option in Cluster Topology …so that i can see all the web services hosted on it and thus select a service of my choice (on BEA) and add enable OWSM agent (i.e inject server agent) using “Enable\Disable Features” option .
Kindly let me know if i am missing some step or need some additional configuration needs to be done …
I am following steps from the Oracle by Example tutorial :- http://www.oracle.com/technology/obe/fusion_middleware/owsm/secure%20soa/securing%20soa%20with%20owsm.htm
Thanks …
Reply I believe i am missing the OWSM installation on BEA \ IIS …do we have any documentaion for intstallation of OWSM on BEA or IIS …is this the case for problem in above Post ?
Reply Ashish,
I don’t see any owsm agent for BEA or IIS , what you can do instead is
— register gateway in ccore/owsm that came with web service isntallation (URL is like /gateway)
— Register web service or URL which you wish to protect (BEA or IIS URL/WSDL) with owsm
— This will give new URL pointing to your gateway
— This way users trying to access URL/webservice on BEA/IIS will get gateway URL protected by OWSM and that gateway in turn will speak to BEA/IIS
Check with Oracle OWSM support team on this
Reply
I’d like to know how to configure the user name and password (web service manager control) that once i’ve lost…
thank you
send the to mail please….
hi,
I have installed SOA suite using Advanced installation type.
After installation I am unable to login into web service manager control(http://localhost:8888/ccore) with oc4jadmin user…
it showing “Invalid Login”
In ccore logs i m getting below error
INFO [AJPRequestHandler-HTTPThreadGroup-54] userregistry.UsersTable – isValidUserPassword() failed for oc4jadmin
INFO [AJPRequestHandler-HTTPThreadGroup-54] sampledb.LocalDBAuthProvider – The error in authenticate for user : oc4jadmin
SEVERE [AJPRequestHandler-HTTPThreadGroup-54] uibeans.LoginBean – Error when authenticating user. Invalid user id or password
SEVERE [AJPRequestHandler-HTTPThreadGroup-54] userregistry.UsersTable – isActiveUser() failed for oc4jadmin
com.cfluent.utils.db.DBException: ORA-01017: invalid username/password; logon denied at com.cfluent.utils.db.DBContext.getConnection(DBContext.java:95)….
Hi Atul,
I am new to OWSM and web services in general. I have worked with OAM and OIM though. I wanted to know do we have to use OAM for protecting web services or OWSM by itself is sufficient for protecting web services. Also our web service is developed on .NET platform, I understand from above messages gateway/agent is not available for .net, can you please confirm this.
Thanks
Ghanny
Hi
I studied on using weblogic with OWSM is there way to use thmen togerther. If so, how can I achieve it. I have some java services deployed into weblogicAppServer a nd wanna secure thme via owsm. Please show me a way
Use Policy Enforcement Points (PEP gateway’s and agents) to protect java services deployed into weblogicAppServer .
Check two whitepapers
http://www.oracle.com/technology/products/
webservices_manager/pdf/webservices_manager_ds_10gr3.pdf
http://www.oracle.com/technology/products/
webservices_manager/pdf/owsm1013-wpaper.pdf
Thank you first of all. When I used to try oracle soa suit everything was good. I used owsm to secure my esb services but I have to use web logic anymore but still want to use owsm. but Bea does not have owsm. so I now thinking on how to use owsm on web logic like
Ashish Kumar(I have same problem).
I need owsm, did it run standalone? or I have to install soa suit? that is what I excatly want
Thank you for your quick reply
Mesut,
OWSM is available as standalone product as well and it is another j2ee application server which is now supported on WebLogic Server as well.
Download standalone OWSM from edelivery.oracle.com (I think you need minimum 10.1.3 weblogic server to deploy standalone OWSM)
Reply thank you a lot I tried lots of way but miss 10.1.3 web logic server, I think that will solve my problem.. thank you again
Reply
[…] know more about OWSM in 10g click here or for OWSM in 11g click […]
Reply
Atul,
I am very new to OWSM.
I have basic doubt. what is difference between 2 PEP(policy enforcement points)
Agents and gateway.
what web service security is achieved in agent and not possible in gateway.
when do we go for agent rather than gateway.
@ Kumar
Gateways : Runs in the webserver and acts as an proxy for all incoming requests. The Gateway inspects the request and allows or disallows it to pass-through to the Web Service.
Agents
An Agent can either run server side with the Web Service or client side with the Web Service client. Can be configured to communicate with OWSM Policy Manager.
More information on Agent & Gateway http://wiki.oracle.com/page/Agents+and+Gateways
or OWSM 11g R1 http://wiki.oracle.com/page/OWSM+11gR1+FAQ
Reply
Hi All,
I have done some changes in components logging.xml files now i want to deploy the components ( gateway , coreman , ccore , policymanager )
Can any one help me out in saying the commands
to deploy the components ..
Hi ATUL,
Is webservices SSO possible by OWSM? Can you please share any link on Single sign-on of webservices using OWSM.
Regards,
Lavanya G
@ Lavnya
Which SSO solution you are using ?
If this is OAM (Access Manager) SSO then use
http://download.oracle.com/docs/cd/E14571_01/core.1111/e10043/osso.htm#CHDJFGAB
Oracle Web Services Manager uses the Identity Asserter for single sign-on.
Reply Hi Atul,
Thks for the link. It was really helpful.
Does this identity asserter for SSO work only services deployed in WEblogic server?
Thanks,
Lav
All our services been virtualize in OWSM, Is there any option to display or monitor the response messages in OWSM.
For instance ServiceA push data to another application via OWSM. The response received back to ServiceA has to display on OWSM Execution details.
Any idea Please.
Hi,
Firstly,I want clarification on a point for OWSM 10g(10.1.3.5) that whether multiple gateways in OWSM can work at a time. As per my knowledge, we can register multiple gateways at a time, but can they work at a same time as well?
Thanks in advance.
Hi,
Any update on the above query.
Please let me know if anyone has an idea regarding this??
Thanks in advance.
Hi Atul,
Policy set console does not open in em console with some error. I looked into deployments of wsm-pm app. It is in prepared state. When I try to start I get the below error:
weblogic.application.ModuleException: [HTTP:101216]Servlet: “PolicyManagerValidator” failed to preload on startup in Web application: “/wsm-pm”. oracle.adf.share.ADFShareException: MDSConfigurationException encountered in parseADFConfiguration at oracle.adf.share.config.ADFMDSConfig.parseADFConfiguration(ADFMDSConfig.java:178) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at oracle.adf.share.config.ADFConfigImpl.getResultFromComponent(ADFConfigImpl.java:472) at oracle.adf.share.config.ADFConfigImpl.getConfigObject(ADFConfigImpl.java:543) at oracle.adf.share.config.ADFConfigImpl.getConfigObject(ADFConfigImpl.java:521) at oracle.adf.share.config.ADFConfigImpl.getMDSInstance(ADFConfigImpl.java:586) at oracle.adf.share.config.ADFConfigImpl.getMDSInstance(ADFConfigImpl.java:581) at
Please help
Reply Yes I got it.
MDS data source was not having my managed server in targets.
Thanks.
Hi,
I get the below error when i try to run the view i created:
Search results could not be retrieved due to the following exception:
Coud not get RMI IQueryStub
thanks in advance for your answer
Reply […] SAML assertion) is called as Virtual User. This post covers covers how to set this virtual user in Oracle Web Services Manager (OWSM) that is used to protect WebServices deployed on SOA/ […]
Reply […] Oracle Web Services Manager (OWSM) provides policy based ws-security to Web Services and is part of Oracle SOA Suite […]
Reply