Are there any OWSM authentication policies for REST services which do not include SSL or tokens
Last updated on MARCH 29, 2016
Applies to:
Oracle Web Services Manager - Version 11.1.1.7.0 and laterInformation in this document applies to any platform.
Goal
In following OWSM link:
https://blogs.oracle.com/owsm/entry/fmw_ps6_11_1_1
under the section "Securing REST services (a.k.a Servlet Application Security)" , there are references to two more URLs:
1) http://docs.oracle.com/cd/E28280_01/web.1111/e13734/rest.htm#BHABFDGJ
This lists the following authentication policies:
Authentication Policies
oracle/wss_http_token_service_policy
oracle/http_basic_auth_over_ssl_service_policy
oracle/http_oam_token_service_policy
oracle/http_saml20_token_bearer_service_policy
oracle/http_saml20_token_bearer_over_ssl_service_policy
oracle/multi_token_rest_service_policy (exactly-one policy)
oracle/multi_token_over_ssl_rest_service_policy (exactly-one policy)
2) http://docs.oracle.com/cd/E28280_01/web.1111/b32511/policies.htm#CHDEJIIF
These links show that OWSM doesn't provide any authentication policy for REST services which doesn't include SSL or tokens.
Solution
Sign In with your My Oracle Support account |
|
Don't have a My Oracle Support account? Click to get started |
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms