A System Policy To Control Access To a csf-key At The OSB Project Level Does Not Work
(Doc ID 2318348.1)
Last updated on OCTOBER 07, 2022
Applies to:Oracle Web Services Manager - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
Using a Business service where the policy "oracle/wss_username_token_client_policy" has been attached. An override value has been set to point to the csf-key that has been created in particular for the OSB project.
Configured a System Policy with the resource being the project name. This does not work correctly.
If the map is added under the System Policies and set with resource "osb" for Permission class "oracle.wsm.security.WSIdentityPermission", it works without any issues.
For the override setup, the following documentation is being followed:
49.2 Security and Security Policies for Business and Proxy Services
49.2.2 Policy Overrides
52.2.1 Attaching Oracle Web Services Manager Policies to Oracle Service Bus Services
18.104.22.168 Policy Overrides
According to the documentation Service Bus does not provide well-known keys for override, such as sign key alias or CSF key, which points to user credentials in a CSF store. (Service Bus provides user credentials in the service account.)
This approach works for SOA at the project level but only at a higher level for OSB, and not at the project level.
Is there a way to set this up in OSB similar to how it works in SOA?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document